OSPF实验
一、实验要求
1、R4所在部分为公网,R1-3建立全网连网状拓扑,使用ospf所有私有网段互通
二、实验拓扑
三、实验步骤
1、分配ip地址
r1内网
192.168.1.0/24
r2内网
192.168.2.0/24
r3内网
192.168.3.0/24
r4环回
4.4.4.4/24
r1-r4
14.1.1.0 24
r2-r4
24.1.1.0/24
r3-r4
34.1.1.0/24
2、配置缺省
[r1]ip route-static 0.0.0.0 0 14.1.1.1
[r2]ip route-static 0.0.0.0 0 24.1.1.1
[r3]ip route-static 0.0.0.0 0 34.1.1.1
此时公网互通
3、构建R1-R3全连网状MGRE环境(R1、R3为中心站点)
R1
[r1-Tunnel0/0/0]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.1.1.1 255.255.255.0
tunnel-protocol gre p2mp
source 14.1.1.2
ospf network-type broadcast
nhrp entry multicast dynamic
nhrp network-id 100
#
R2
[r2-Tunnel0/0/0]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.1.1.2 255.255.255.0
tunnel-protocol gre p2mp
source 24.1.1.2
ospf network-type broadcast
nhrp entry multicast dynamic
nhrp network-id 100
nhrp entry 10.1.1.1 14.1.1.2 register
nhrp entry 10.1.1.3 34.1.1.2 register
#
return
R3
[r3-Tunnel0/0/0]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.1.1.3 255.255.255.0
tunnel-protocol gre p2mp
source 34.1.1.2
ospf network-type broadcast
nhrp entry multicast dynamic
nhrp network-id 100
nhrp entry 10.1.1.1 14.1.1.2 register
#
return
4、R1-R3启ospf,修改tunnel接口方式为broadcast(使得R1-R3成功建邻,实现内网互通)
R1:
[r1-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
return
R2:
[r2-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
R3:
[r3-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return
修改tunnel接口方式为broadcast
[r1]int t0/0/0
[r1-Tunnel0/0/0]ospf network-type broadcast
[r2]int t0/0/0
[r2-Tunnel0/0/0]ospf network-type broadcast
[r3]int t0/0/0
[r3-Tunnel0/0/0]ospf network-type broadcast
此时内网互通
5、R1-R3上进行acl访问控制列表(使得内网和公网之间互通)
R1:
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000
R2:
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]int s4/0/0
[r2-Serial4/0/0]nat outbound 2000
R3:
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r3-acl-basic-2000]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000