OSPF综合实验(telent+nat+mgre+路由引入)
程序员文章站
2024-03-20 14:58:40
...
OSPF实验拓扑
拓扑图
拓扑要求:
(1)R4为ISP,其上4个接口只能配置公有IP地址,之后不能再进行其任何配置。
(2)整个OSPF协议内部私有网段可达,同时所有路由器均可访问R4环回。
(3)R2 Telnet R1的公有IP地址时,可以登录到R5上。
(4)R1-R3构建一个MGRE环境,R1为中心站点,R2和R3位分支站点。
(5)R1/R5/R6中R1为DR,该网段没有BDR。
1. 首先进行合理的IP地址规划。
思路:例如私网地址使用172.16.0.0/16来进行合理的IP地址规划。首先有4个区域,故可将地址大体分为四个网段,但是考虑到日后可能会加进入新的网络,故可借三位划分8个网段。每个区域一个网段,剩余4个以备后用。
考虑到IP地址配置的简单,我们将地址简单化
(1)链路之间的地址为:10.1.X.0/24
(2)路由器环回口为:1.1.1.1/24(每个路由器编号为例)
(3)MGRE环境:20.1.1.1(中心)、20.1.1.2(分支)、20.1.1.3(分支)
2. IP地址规划完成之后,开始在area 0内配置MGRE环境:
[r1]ip route-static 0.0.0.0 0.0.0.0 10.1.14.2
[r2]ip route-static 0.0.0.0 0.0.0.0 10.1.24.2
[r3]ip route-static 0.0.0.0 0.0.0.0 10.1.34.2
R1/R2/R3上配置tunnel :
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 20.1.1.1 255.255.255.0
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 10.1.14.1
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
[R2]int Tunnel 0/0/0
[R2-Tunnel0/0/0]ip address 20.1.1.2 255.255.255.0
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source GigabitEthernet0/0/0
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 20.1.1.1 10.1.14.1 register
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 20.1.1.3 255.255.255.0
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source GigabitEthernet0/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 20.1.1.1 10.1.14.1 register
配置完成后,进行验证:
[R1]ping 20.1.1.2
PING 20.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 20.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/30/40 ms
[R1]ping 20.1.1.3
PING 20.1.1.3: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.3: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 20.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms
3.配置OSPF环境:
[R1]ospf 1
[R1-ospf-1]di th
[V200R003C00]
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 20.1.1.1 0.0.0.0
area 0.0.0.1
network 1.1.1.1 0.0.0.0
network 10.1.156.3 0.0.0.0
[R2]ospf 1
[R2-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 20.1.1.2 0.0.0.0
[R3]ospf 1
[R3-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 20.1.1.3 0.0.0.0
area 0.0.0.2
network 3.3.3.3 0.0.0.0
network 10.1.37.1 0.0.0.0
[R5]ospf 1
[R5-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 5.5.5.5
area 0.0.0.1
network 5.5.5.5 0.0.0.0
network 10.1.156.1 0.0.0.0
[R6]ospf 1
[R6-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 6.6.6.6
area 0.0.0.1
network 6.6.6.6 0.0.0.0
network 10.1.156.2 0.0.0.0
[R7]ospf 1
[R7-ospf-1]dis th
#
ospf 1 router-id 7.7.7.7
import-route ospf 2
area 0.0.0.2
network 7.7.7.7 0.0.0.0
network 10.1.37.2 0.0.0.0
[R7]ospf 2
[R7-ospf-2]dis th
#
ospf 2 router-id 7.7.7.7
import-route ospf 1
area 0.0.0.0
network 10.1.78.1 0.0.0.0
[R8]ospf 2
[R8-ospf-2]dis th
[V200R003C00]
#
ospf 2 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 10.1.78.2 0.0.0.0
当R1/R2/R3配置完成后,因为默认OSPF在tunnel 接口的工作方式为p2p,故在MGRE环境只能建立一个邻居关系,而MGRE又构建的是一个MA网络,存在多个邻居,故cisco中为邻居表翻滚,华为是和最先收到Hello的邻居建立,和该网段其他邻居卡在init状态
解决方法:R1/R2/R3修改OSPF接口网络类型,并将R1设置为DR,没有BDR。
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ospf network-type broadcast
[R2]int Tunnel 0/0/0
[R2-Tunnel0/0/0]ospf network-type broadcast
[R2-Tunnel0/0/0]ospf dr-priority 0
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ospf network-type broadcast
[R3-Tunnel0/0/0]ospf dr-priority 0
4.当OSPF环境配置完成后,可以在R7查看路由表,此时R7上的路由表存在area 0,1,2,3的所有路由(由于area 3未连接骨干区域所以其路由并不能被其他OSPF区域所学习)
解决方法:
(1)虚链路
(2)双向重发布
(3)tunnel
此处我们采取双向重发布来解决:
[R7]ospf 1
[R7-ospf-1]import-route ospf 2
[R7]ospf 2
[R7-ospf-1]import-route ospf 1
此时所有路由器学到了整个ospf的路由。
5.优化
(1)特殊区域(totally stub,totally nssa、过滤掉3,4,5类LSA,下发一条3类默认)
(2)路由汇总(由于没有使用合理的IP地址段,故省略)
6.此时,还应该满足全网可达,并且访问R4的环回4.4.4.4/24
[R1]acl 2000
[R1-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000
rule 5 permit source 10.1.0.0 0.0.255.255
rule 10 permit source 5.5.5.0 0.0.0.255
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000
[R2]acl 2000
[R2-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000
rule 5 permit source 2.2.2.0 0.0.0.255
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]nat outbound 2000
[R3]acl 2000
[R3-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000
rule 5 permit source 10.1.0.0 0.0.255.255
rule 10 permit source 3.3.3.0 0.0.0.255
rule 15 permit source 7.7.7.0 0.0.0.255
rule 20 permit source 8.8.8.0 0.0.0.255
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]nat outbound 2000
在R1上的OSPF中下发缺省,他会将三类缺省也传给R7,但不会传给R8,重发布不会将3类缺省传过去。故可以在R8上写一条静态路由。
[R1]ospf 1
[R1-ospf-1]default-route-advertise
[R8]ip route-static 0.0.0.0 0.0.0.0 10.1.78.1
测试:
<R5>ping 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=254 time=50 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=254 time=50 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/42/50 ms
[R2]ping 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=255 time=10 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/18/30 ms
<R8>ping 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=50 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/50 ms
7.端口映射。R2TelnetR1实际TelnetR5
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 10.1.156.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
[R5]aaa
[R5-aaa]local-user ccnp password cipher cisco123
[R5-aaa]local-user ccnp service-type telnet
[R5-aaa]q
[R5]user-interface vty 0 4
[R5-ui-vty0-4]user privilege level 15
[R5-ui-vty0-4]authentication-mode aaa
测试:
<R2>telnet 10.1.14.1
Press CTRL_] to quit telnet mode
Trying 10.1.14.1 ...
Connected to 10.1.14.1 ...
Login authentication
Username:ccnp
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 10.1.14.2
Time : 2020-02-17 19:10:51-08:00
-----------------------------------------------------------------------------
<R5>
8.R1/R5/R6中,R1为DR,没有BDR
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ospf dr-priority 0
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ospf dr-priority 0
完成所有配置之后,此实验所有要求全部完成。
上一篇: button 的点击事件不响应