目录
1.进行IP地址规划
(1)首先,进行IP地址分配
(2)然后,因为每个区域需要分为三种类型,点到点网络,MA网络,用户
2.配置公网网段的环回地址和路由器接口的IP地址
(1)配置IP地址
(2)配置缺省路由
(3)测试
3.构建MGRE环境
(1)配置
(2)测试
4.配置私网网段的IP地址和环回
(1)a 1?
(2)a 2
(3)a 3
(4)a 4
(5)RIP
5.进行OSPF和RIP宣告
(1)OSPF
(2)RIP
(3)测试
(4)修改隧道接口类型,保证其学习到路由
6.对RIP进行重发布,在R9上进行多进程重发布
(1)配置
(2)测试
7.进行路由汇总和特殊区域的划分
(1)路由汇总
(2)进行特殊区域划分
(测试)?编辑
(3)AR9为AR10下发缺省路由,相当于重发布
?(4)测试
8.ACL抓取路由,可访问AR7环回
(1)配置
(2)测试
9.加快收敛
(1)修改区域0MGRE环境的hello时间和死亡时间
(2)测试
10.增加区域认证,保障更新安全
(1)a 1
(2)a 2
(3)a 3
(4)a 4
11.全网可达测试
1.进行IP地址规划
(1)首先,进行IP地址分配
包含RIP区域在内的,一共6个区域,而网段是172.16.0.0.16,所以将其分为8个网段
172.16.000 00000.0 172.16.001 00000.0 172.16.010 00000.0 172.16.011 00000.0 172.16.100 00000.0 172.16.101 00000.0
(后面这两个网段用不到,可以不用管) 172.16.110 00000.0 172.16.111 00000.0
(2)然后,因为每个区域需要分为三种类型,点到点网络,MA网络,用户
172.16.0.0/19(a0)
172.16.0.0/24(点到点网络) 172.16.0.0 0000001---172.16.0.0 1111110? (可用网段)
172.16.1.0/24(MA网络) 172.16.1.00000001---172.16.1.11111110? (可用网段)
172.16.2.0/24---172.16.31.0/24? (用户)?(可用网段)
172.16.32.0/19(a1)
172.16.32.0/24(点到点网络) 172.16.32.00000001---172.16.32.11111110? (可用网段)
172.16.33.0/24(MA网络) 172.16.33.00000001---172.16.33.11111110? (可用网段)
172.16.34.0/24---172.16.63.0/24? (用户)?(可用网段)
172.16.64.0/19(a2)
172.16.64.0/24(点到点网络) 172.16.64.00000001---172.16.64.11111110? (可用网段)
172.16.65.0/24(MA网络) 172.16.65.00000001---172.16.65.11111110? (可用网段)
172.16.66.0/24---172.16.95.0/24? (用户)?(可用网段)
172.16.96.0/19(a3)
172.16.96.0/24(点到点网络) 172.16.96.00000001---172.16.96.11111110? (可用网段)
172.16.97.0/24(MA网络) 172.16.97.00000001---172.16.97.11111110? (可用网段)
172.16.98.0/24---172.16.127.0/24? (用户)?(可用网段)
172.16.128.0/19(a4)
172.16.128.0/24(点到点网络) 172.16.128.00000001---172.16.128.11111110? (可用网段)
172.16.129.0/24(MA网络) 172.16.129.00000001---172.16.129.11111110? (可用网段)
172.16.130.0/24---172.16.159.0/24? (用户)?(可用网段)
172.16.160.0/19(rip)
172.16.160.0/20
172.16.176.0/20
2.配置公网网段的环回地址和路由器接口的IP地址
(1)配置IP地址
[r3]int s4/0/0 [r3-Serial4/0/0]ip add 37.1.1.1 24 [r4]int g0/0/0 [r4-GigabitEthernet0/0/0]ip add 47.1.1.1 24 [r5]int s4/0/0 [r5-Serial4/0/0]ip add 57.1.1.1 24 [r6]int s4/0/0 [r6-Serial4/0/0]ip add 67.1.1.1 24 [isp]int s3/0/0 [isp-Serial3/0/0]ip add 37.1.1.2 24 [isp]int g0/0/0 [isp-GigabitEthernet0/0/0]ip add 47.1.1.2 24 [isp]int s4/0/0 [isp-Serial4/0/0]ip add 57.1.1.2 24 [isp]int s3/0/1 [isp-Serial3/0/1]ip add 67.1.1.2 24
[r4]int lo0 [r4-LoopBack0]ip add 172.16.2.1 24 [r5]int lo0 [r5-LoopBack0]ip add 172.16.3.1 24 [r6]int lo0 [r6-LoopBack0]ip add 172.16.4.1 24
(2)配置缺省路由
[r3]ip route-static 0.0.0.0 0 37.1.1.2 [r4]ip route-static 0.0.0.0 0 47.1.1.2 [r5]ip route-static 0.0.0.0 0 57.1.1.2 [r6]ip route-static 0.0.0.0 0 67.1.1.2
(3)测试
3.构建MGRE环境
(1)配置
[r3]int t0/0/0 [r3-Tunnel0/0/0]ip add 172.16.1.1 29 [r3-Tunnel0/0/0]tunnel-protocol gre p2mp?? ?? [r3-Tunnel0/0/0]source 37.1.1.1 [r3-Tunnel0/0/0]nhrp network-id 100 [r3-Tunnel0/0/0]nhrp entry multicast dynamic? [r4]int t0/0/0 [r4-Tunnel0/0/0]ip add 172.16.1.2 29 [r4-Tunnel0/0/0]tunnel-protocol gre p2mp? [r4-Tunnel0/0/0]source g0/0/0 [r4-Tunnel0/0/0]nhrp network-id 100 [r4-Tunnel0/0/0]nhrp entry 172.16.1.1 37.1.1.1 register? [r5]int t0/0/0 [r5-Tunnel0/0/0]ip add 172.16.1.3 29 [r5-Tunnel0/0/0]tunnel-protocol gre p2mp? [r5-Tunnel0/0/0]source s4/0/0 [r5-Tunnel0/0/0]nhrp network-id 100 [r5-Tunnel0/0/0]nhrp entry 172.16.1.1 37.1.1.1 register? [r6]int t0/0/0 [r6-Tunnel0/0/0]ip add 172.16.1.4 29 [r6-Tunnel0/0/0]tunnel-protocol gre p2mp? [r6-Tunnel0/0/0]source s4/0/0 [r6-Tunnel0/0/0]nhrp network-id 100 [r6-Tunnel0/0/0]nhrp entry 172.16.1.1 37.1.1.1 register?
(2)测试
4.配置私网网段的IP地址和环回
(1)a 1?
[r1]int g0/0/0 [r1-GigabitEthernet0/0/0]ip add 172.16.33.1 29 [r1]int lo0 [r1-LoopBack0]ip add 172.16.34.1 24 [r2]int g0/0/0 [r2-GigabitEthernet0/0/0]ip add 172.16.33.2 29 [r2]int lo0 [r2-LoopBack0]ip add 172.16.35.1 24 [r3]int g0/0/0 [r3-GigabitEthernet0/0/0]ip add 172.16.33.3 29 [r3]int lo0 [r3-LoopBack0]ip add 172.16.36.1 24
(2)a 2
[r5]int g0/0/0 [r5-GigabitEthernet0/0/0]ip add 172.16.65.1 29 [r11]int g0/0/0 [r11-GigabitEthernet0/0/0]ip add 172.16.65.2 29 [r11]int g0/0/1 [r11-GigabitEthernet0/0/1]ip add 172.16.65.9 29 [r11]int lo0 [r11-LoopBack0]ip add 172.16.66.1 24 [r12]int g0/0/0 [r12-GigabitEthernet0/0/0]ip add 172.16.65.10 29
(3)a 3
[r4]int g0/0/1 [r4-GigabitEthernet0/0/1]ip add 172.16.97.1 29 [r8]int g0/0/0 [r8-GigabitEthernet0/0/0]ip add 172.16.97.2 29 [r8]int g0/0/1 [r8-GigabitEthernet0/0/1]ip add 172.16.97.9 29 [r8]int lo0 [r8-LoopBack0]ip add 172.16.98.1 24 [r9]int g0/0/0 [r9-GigabitEthernet0/0/0]ip add 172.16.97.10 29
(4)a 4
[r9]int g0/0/1 [r9-GigabitEthernet0/0/1]ip add 172.16.129.1 29 [r9]int lo0 [r9-LoopBack0]ip add 172.16.130.1 24 [r10]int g0/0/0 [r10-GigabitEthernet0/0/0]ip add 172.16.129.2 29 [r10]int lo0 [r10-LoopBack0]ip add 172.16.131.1 24
(5)RIP
[r12]int lo0 [r12-LoopBack0]ip add 172.16.160.1 20 [r12]int lo1 [r12-LoopBack1]ip add 172.16.176.1 20
5.进行OSPF和RIP宣告
(1)OSPF
[r1]ospf 1 router-id 1.1.1.1 [r1-ospf-1]area 1 [r1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255 [r2]ospf 1 router-id 2.2.2.2 [r2-ospf-1]a 1 [r2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255 [r3]ospf 1 router-id 3.3.3.3 [r3-ospf-1]area 1 [r3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.7.255
[r3]ospf 1 router-id 3.3.3.3 [r3-ospf-1]area 0 [r3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0 [r4]ospf 1 router-id 4.4.4.4 [r4-ospf-1]area 0 [r4-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255 [r5]ospf 1 router-id 5.5.5.5 [r5-ospf-1]area 0 [r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255 [r6]ospf 1 router-id 6.6.6.6 [r6-ospf-1]area 0 [r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r5]ospf 1 router-id 5.5.5.5 [r5-ospf-1]a 2 [r5-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0 [r12]ospf 1 router-id 12.12.12.12 [r12-ospf-1]area 2 [r12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0 [r11]ospf 1 router-id 11.11.11.11 [r11-ospf-1]a 2 [r11-ospf-1-area-0.0.0.2]network 172.16.0.0 0.0.255.255
[r4]ospf 1 router-id 4.4.4.4 [r4-ospf-1]area 3 [r4-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0 [r8]ospf 1 router-id 8.8.8.8 [r8-ospf-1]area 3 [r8-ospf-1-area-0.0.0.3]network 172.16.0.0 0.0.255.255 [r9]ospf 1?router-id 9.9.9.9 [r9-ospf-1]area 3 [r9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[r9]ospf 2 router-id 9.9.9.9 [r9-ospf-2]area 4 [r9-ospf-2-area-0.0.0.4]network 172.16.128.0 0.0.3.255 [r10]ospf 1 router-id 10.10.10.10 [r10-ospf-1]area 4 [r10-ospf-1-area-0.0.0.4]network 172.16.0.0 0.0.255.255
(2)RIP
[r12]rip 1 [r12-rip-1]v 2 [r12-rip-1]network 172.16.0.0
(3)测试
(4)修改隧道接口类型,保证其学习到路由
[r3]int t0/0/0 [r3-Tunnel0/0/0]ospf network-type p2mp [r4]int t0/0/0 [r4-Tunnel0/0/0]ospf network-type p2mp [r5]int t0/0/0 [r5-Tunnel0/0/0]ospf network-type p2mp [r6]int t0/0/0 [r6-Tunnel0/0/0]ospf network-type p2mp
(测试)
6.对RIP进行重发布,在R9上进行多进程重发布
(1)配置
[r12]ospf 1 [r12-ospf-1]import-route rip [r9]ospf 1 [r9-ospf-1]import-route ospf 2 [r9]ospf 2 [r9-ospf-2]import-route ospf 1
(2)测试
7.进行路由汇总和特殊区域的划分
(1)路由汇总
(域间路由汇总)
[r3]ospf [r3-ospf-1]a 1 [r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0 [r4]ospf [r4-ospf-1]a 3 [r4-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0 [r5]ospf [r5-ospf-1]a 2 [r5-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
(测试)
(域外路由汇总)
[r12]ospf? ? [r12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0 [r9]ospf [r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
(配置空接口,防环)
[r3]ip route-static 172.16.32.0 19 NULL 0 [r5]ip route-static 172.16.64.0 19 NULL 0 [r4]ip route-static 172.16.96.0 19 NULL 0 [r9]ip route-static 172.16.128.0 19 NULL 0 [r12]ip route-static 172.16.160.0 19 NULL 0
(2)进行特殊区域划分
(将区域1划分为完全末梢区域) [r1]ospf [r1-ospf-1]a 1 [r1-ospf-1-area-0.0.0.1]stub [r2]ospf [r2-ospf-1]a 1 [r2-ospf-1-area-0.0.0.1]stub [r3]ospf [r3-ospf-1]a 1 [r3-ospf-1-area-0.0.0.1]stub no-summary
(测试)
(将区域2划分为完全的NSSA区域) [r5]ospf [r5-ospf-1] a 2 [r5-ospf-1-area-0.0.0.2]nssa no-summary [r11]ospf [r11-ospf-1]a 2 [r11-ospf-1-area-0.0.0.2]nssa [r12]ospf [r12-ospf-1]a 2 [r12-ospf-1-area-0.0.0.2]nssa?
(测试)
(将区域3划分成完全的NSSA区域) [r4]ospf [r4-ospf-1]a 3 [r4-ospf-1-area-0.0.0.3]nssa no-summary [r8]ospf [r8-ospf-1]a 3 [r8-ospf-1-area-0.0.0.3]nssa [r9]ospf [r9-ospf-1]a 3 [r9-ospf-1-area-0.0.0.3]nssa
(测试)
(3)AR9为AR10下发缺省路由,相当于重发布
[r9]ospf 2 [r9-ospf-2]default-route-advertise
(测试)
?(4)测试
8.ACL抓取路由,可访问AR7环回
(1)配置
[r3]acl 2000 [r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [r3]int s4/0/0 [r3-Serial4/0/0]nat outbound 2000 [r4]acl 2000 [r4-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [r4]int g0/0/0 [r4-GigabitEthernet0/0/0]nat outbound 2000 [r5]acl 2000 [r5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [r5]int s4/0/0 [r5-Serial4/0/0]nat outbound 2000
(2)测试
9.加快收敛
(1)修改区域0MGRE环境的hello时间和死亡时间
[r3]int t0/0/0 [r3-Tunnel0/0/0]ospf timer hello 10 [r4]int t0/0/0 [r4-Tunnel0/0/0]ospf timer hello 10 [r5]int t0/0/0?? [r5-Tunnel0/0/0]ospf timer hello 10 [r6]int t0/0/0 [r6-Tunnel0/0/0]ospf timer hello 10
(2)测试
10.增加区域认证,保障更新安全
(1)a 1
[r1]ospf [r1-ospf-1]a 1 [r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456 [r2]ospf [r2-ospf-1]a 1 [r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456 [r3]ospf [r3-ospf-1]a 1?? [r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
(2)a 2
[r5]ospf [r5-ospf-1]a 2 [r5-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456 [r11]ospf [r11-ospf-1]a 2 [r11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456 [r12]ospf [r12-ospf-1]a 2 [r12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
(3)a 3
[r4]ospf [r4-ospf-1]a 3 [r4-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456 [r8]ospf [r8-ospf-1]a 3 [r8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456 [r9]ospf [r9-ospf-1]a 3 [r9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
(4)a 4
[r9]ospf 2 [r9-ospf-2]a 4 [r9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456 [r10]ospf [r10-ospf-1]a 4 [r10-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
11.全网可达测试
|