目录
(2)然后,因为每个区域需要分为三种类型,点到点网络,MA网络,用户
1.进行IP地址规划
(1)首先,进行IP地址分配
包含RIP区域在内的,一共6个区域,而网段是172.16.0.0.16,所以将其分为8个网段
172.16.000 00000.0
172.16.001 00000.0
172.16.010 00000.0
172.16.011 00000.0
172.16.100 00000.0
172.16.101 00000.0
(后面这两个网段用不到,可以不用管)
172.16.110 00000.0
172.16.111 00000.0
(2)然后,因为每个区域需要分为三种类型,点到点网络,MA网络,用户
172.16.0.0/19(a0)
172.16.0.0/24(点到点网络)
172.16.0.0 0000001---172.16.0.0 1111110? (可用网段)
172.16.1.0/24(MA网络)
172.16.1.00000001---172.16.1.11111110? (可用网段)
172.16.2.0/24---172.16.31.0/24? (用户)?(可用网段)
172.16.32.0/19(a1)
172.16.32.0/24(点到点网络)
172.16.32.00000001---172.16.32.11111110? (可用网段)
172.16.33.0/24(MA网络)
172.16.33.00000001---172.16.33.11111110? (可用网段)
172.16.34.0/24---172.16.63.0/24? (用户)?(可用网段)
172.16.64.0/19(a2)
172.16.64.0/24(点到点网络)
172.16.64.00000001---172.16.64.11111110? (可用网段)
172.16.65.0/24(MA网络)
172.16.65.00000001---172.16.65.11111110? (可用网段)
172.16.66.0/24---172.16.95.0/24? (用户)?(可用网段)
172.16.96.0/19(a3)
172.16.96.0/24(点到点网络)
172.16.96.00000001---172.16.96.11111110? (可用网段)
172.16.97.0/24(MA网络)
172.16.97.00000001---172.16.97.11111110? (可用网段)
172.16.98.0/24---172.16.127.0/24? (用户)?(可用网段)
172.16.128.0/19(a4)
172.16.128.0/24(点到点网络)
172.16.128.00000001---172.16.128.11111110? (可用网段)
172.16.129.0/24(MA网络)
172.16.129.00000001---172.16.129.11111110? (可用网段)
172.16.130.0/24---172.16.159.0/24? (用户)?(可用网段)
172.16.160.0/19(rip)
172.16.160.0/20
172.16.176.0/20
2.配置公网网段的环回地址和路由器接口的IP地址
(1)配置IP地址
[r3]int s4/0/0
[r3-Serial4/0/0]ip add 37.1.1.1 24
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 47.1.1.1 24
[r5]int s4/0/0
[r5-Serial4/0/0]ip add 57.1.1.1 24
[r6]int s4/0/0
[r6-Serial4/0/0]ip add 67.1.1.1 24
[isp]int s3/0/0
[isp-Serial3/0/0]ip add 37.1.1.2 24
[isp]int g0/0/0
[isp-GigabitEthernet0/0/0]ip add 47.1.1.2 24
[isp]int s4/0/0
[isp-Serial4/0/0]ip add 57.1.1.2 24
[isp]int s3/0/1
[isp-Serial3/0/1]ip add 67.1.1.2 24
[r4]int lo0
[r4-LoopBack0]ip add 172.16.2.1 24
[r5]int lo0
[r5-LoopBack0]ip add 172.16.3.1 24
[r6]int lo0
[r6-LoopBack0]ip add 172.16.4.1 24
(2)配置缺省路由
[r3]ip route-static 0.0.0.0 0 37.1.1.2
[r4]ip route-static 0.0.0.0 0 47.1.1.2
[r5]ip route-static 0.0.0.0 0 57.1.1.2
[r6]ip route-static 0.0.0.0 0 67.1.1.2
(3)测试
3.构建MGRE环境
(1)配置
[r3]int t0/0/0
[r3-Tunnel0/0/0]ip add 172.16.1.1 29
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp?? ??
[r3-Tunnel0/0/0]source 37.1.1.1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry multicast dynamic?
[r4]int t0/0/0
[r4-Tunnel0/0/0]ip add 172.16.1.2 29
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp?
[r4-Tunnel0/0/0]source g0/0/0
[r4-Tunnel0/0/0]nhrp network-id 100
[r4-Tunnel0/0/0]nhrp entry 172.16.1.1 37.1.1.1 register?
[r5]int t0/0/0
[r5-Tunnel0/0/0]ip add 172.16.1.3 29
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp?
[r5-Tunnel0/0/0]source s4/0/0
[r5-Tunnel0/0/0]nhrp network-id 100
[r5-Tunnel0/0/0]nhrp entry 172.16.1.1 37.1.1.1 register?
[r6]int t0/0/0
[r6-Tunnel0/0/0]ip add 172.16.1.4 29
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp?
[r6-Tunnel0/0/0]source s4/0/0
[r6-Tunnel0/0/0]nhrp network-id 100
[r6-Tunnel0/0/0]nhrp entry 172.16.1.1 37.1.1.1 register?
(2)测试
4.配置私网网段的IP地址和环回
(1)a 1?
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 172.16.33.1 29
[r1]int lo0
[r1-LoopBack0]ip add 172.16.34.1 24
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 172.16.33.2 29
[r2]int lo0
[r2-LoopBack0]ip add 172.16.35.1 24
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 172.16.33.3 29
[r3]int lo0
[r3-LoopBack0]ip add 172.16.36.1 24
(2)a 2
[r5]int g0/0/0
[r5-GigabitEthernet0/0/0]ip add 172.16.65.1 29
[r11]int g0/0/0
[r11-GigabitEthernet0/0/0]ip add 172.16.65.2 29
[r11]int g0/0/1
[r11-GigabitEthernet0/0/1]ip add 172.16.65.9 29
[r11]int lo0
[r11-LoopBack0]ip add 172.16.66.1 24
[r12]int g0/0/0
[r12-GigabitEthernet0/0/0]ip add 172.16.65.10 29
(3)a 3
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 172.16.97.1 29
[r8]int g0/0/0
[r8-GigabitEthernet0/0/0]ip add 172.16.97.2 29
[r8]int g0/0/1
[r8-GigabitEthernet0/0/1]ip add 172.16.97.9 29
[r8]int lo0
[r8-LoopBack0]ip add 172.16.98.1 24
[r9]int g0/0/0
[r9-GigabitEthernet0/0/0]ip add 172.16.97.10 29
(4)a 4
[r9]int g0/0/1
[r9-GigabitEthernet0/0/1]ip add 172.16.129.1 29
[r9]int lo0
[r9-LoopBack0]ip add 172.16.130.1 24
[r10]int g0/0/0
[r10-GigabitEthernet0/0/0]ip add 172.16.129.2 29
[r10]int lo0
[r10-LoopBack0]ip add 172.16.131.1 24
(5)RIP
[r12]int lo0
[r12-LoopBack0]ip add 172.16.160.1 20
[r12]int lo1
[r12-LoopBack1]ip add 172.16.176.1 20
5.进行OSPF和RIP宣告
(1)OSPF
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.7.255
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]area 0
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]area 0
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]a 2
[r5-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[r12]ospf 1 router-id 12.12.12.12
[r12-ospf-1]area 2
[r12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0
[r11]ospf 1 router-id 11.11.11.11
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]network 172.16.0.0 0.0.255.255
[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 3
[r4-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0
[r8]ospf 1 router-id 8.8.8.8
[r8-ospf-1]area 3
[r8-ospf-1-area-0.0.0.3]network 172.16.0.0 0.0.255.255
[r9]ospf 1?router-id 9.9.9.9
[r9-ospf-1]area 3
[r9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[r9]ospf 2 router-id 9.9.9.9
[r9-ospf-2]area 4
[r9-ospf-2-area-0.0.0.4]network 172.16.128.0 0.0.3.255
[r10]ospf 1 router-id 10.10.10.10
[r10-ospf-1]area 4
[r10-ospf-1-area-0.0.0.4]network 172.16.0.0 0.0.255.255
(2)RIP
[r12]rip 1
[r12-rip-1]v 2
[r12-rip-1]network 172.16.0.0
(3)测试
(4)修改隧道接口类型,保证其学习到路由
[r3]int t0/0/0
[r3-Tunnel0/0/0]ospf network-type p2mp
[r4]int t0/0/0
[r4-Tunnel0/0/0]ospf network-type p2mp
[r5]int t0/0/0
[r5-Tunnel0/0/0]ospf network-type p2mp
[r6]int t0/0/0
[r6-Tunnel0/0/0]ospf network-type p2mp
(测试)
6.对RIP进行重发布,在R9上进行多进程重发布
(1)配置
[r12]ospf 1
[r12-ospf-1]import-route rip
[r9]ospf 1
[r9-ospf-1]import-route ospf 2
[r9]ospf 2
[r9-ospf-2]import-route ospf 1
(2)测试
7.进行路由汇总和特殊区域的划分
(1)路由汇总
(域间路由汇总)
[r3]ospf
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[r4]ospf
[r4-ospf-1]a 3
[r4-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[r5]ospf
[r5-ospf-1]a 2
[r5-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
(测试)
(域外路由汇总)
[r12]ospf? ?
[r12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
[r9]ospf
[r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
(配置空接口,防环)
[r3]ip route-static 172.16.32.0 19 NULL 0
[r5]ip route-static 172.16.64.0 19 NULL 0
[r4]ip route-static 172.16.96.0 19 NULL 0
[r9]ip route-static 172.16.128.0 19 NULL 0
[r12]ip route-static 172.16.160.0 19 NULL 0
(2)进行特殊区域划分
(将区域1划分为完全末梢区域)
[r1]ospf
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]stub
[r2]ospf
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]stub
[r3]ospf
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]stub no-summary
(测试)
(将区域2划分为完全的NSSA区域)
[r5]ospf
[r5-ospf-1] a 2
[r5-ospf-1-area-0.0.0.2]nssa no-summary
[r11]ospf
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]nssa
[r12]ospf
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]nssa?
(测试)
(将区域3划分成完全的NSSA区域)
[r4]ospf
[r4-ospf-1]a 3
[r4-ospf-1-area-0.0.0.3]nssa no-summary
[r8]ospf
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]nssa
[r9]ospf
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]nssa
(测试)
(3)AR9为AR10下发缺省路由,相当于重发布
[r9]ospf 2
[r9-ospf-2]default-route-advertise
(测试)
?(4)测试
8.ACL抓取路由,可访问AR7环回
(1)配置
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]nat outbound 2000
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r5]int s4/0/0
[r5-Serial4/0/0]nat outbound 2000
(2)测试
9.加快收敛
(1)修改区域0MGRE环境的hello时间和死亡时间
[r3]int t0/0/0
[r3-Tunnel0/0/0]ospf timer hello 10
[r4]int t0/0/0
[r4-Tunnel0/0/0]ospf timer hello 10
[r5]int t0/0/0??
[r5-Tunnel0/0/0]ospf timer hello 10
[r6]int t0/0/0
[r6-Tunnel0/0/0]ospf timer hello 10
(2)测试
10.增加区域认证,保障更新安全
(1)a 1
[r1]ospf
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r2]ospf
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r3]ospf
[r3-ospf-1]a 1??
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
(2)a 2
[r5]ospf
[r5-ospf-1]a 2
[r5-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r11]ospf
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r12]ospf
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
(3)a 3
[r4]ospf
[r4-ospf-1]a 3
[r4-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r8]ospf
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r9]ospf
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
(4)a 4
[r9]ospf 2
[r9-ospf-2]a 4
[r9-ospf-2-area-0.0.0.4]authentication-mode md5 1 cipher 123456
[r10]ospf
[r10-ospf-1]a 4
[r10-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
11.全网可达测试
