实验拓扑
实验需求:
1 R4为ISP,其上只能配置IP地址;
R4与其他所有直连设备间均使用公有IP
2 R3-R5/6/7为MGRE环境,R3为中心站点 ;
3 整个OSPF环境IP基于172.16.0.0/16划分;
4 所有设备均可访问R4的环回;
5 减少LSA的更新量,加快收敛,保障更新安全;
6 全网可达
IP配置
先配置公网IP再配置私网IP
ISP(R4)
interface Serial3/0/0
link-protocol ppp
ip address 46.1.1.2 255.255.255.0
#
interface Serial4/0/0
link-protocol ppp
ip address 34.1.1.2 255.255.255.0
#
interface Serial4/0/1
link-protocol ppp
ip address 45.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 47.1.1.2 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.0
#
R3
#
interface Serial4/0/0
link-protocol ppp
ip address 34.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 172.16.32.131 255.255.255.248
#
interface LoopBack0
ip address 172.16.34.1 255.255.255.128
#
R5
#
interface Serial4/0/0
link-protocol ppp
ip address 45.1.1.1 255.255.255.0
#
interface LoopBack0
ip address 172.16.1.1 255.255.255.128
#
R6
#
interface Serial4/0/0
link-protocol ppp
ip address 46.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 172.16.64.1 255.255.255.252
#
interface LoopBack0
ip address 172.16.1.129 255.255.255.128
#
R7
#
interface GigabitEthernet0/0/0
ip address 47.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.96.1 255.255.255.252
#
interface LoopBack0
ip address 172.16.2.1 255.255.255.128
#
配置私网IP
R1
#
interface GigabitEthernet0/0/0
ip address 172.16.32.129 255.255.255.248
#
interface LoopBack0
ip address 172.16.33.1 255.255.255.128
#
R2
#
interface GigabitEthernet0/0/0
ip address 172.16.32.130 255.255.255.248
#
interface LoopBack0
ip address 172.16.33.129 255.255.255.128
#
R8
#
interface GigabitEthernet0/0/0
ip address 172.16.96.2 255.255.255.252
ospf authentication-mode md5 1 cipher %$%$-6D,Eji%RNS3W;WS1eq/sYl1%$%$
ospf timer hello 5
#
interface GigabitEthernet0/0/1
ip address 172.16.96.5 255.255.255.252
#
interface LoopBack0
ip address 172.16.97.1 255.255.255.128
#
R9
#
interface GigabitEthernet0/0/1
ip address 172.16.128.1 255.255.255.252
#
interface LoopBack0
ip address 172.16.129.1 255.255.255.128
#
R10
#
interface GigabitEthernet0/0/0
ip address 172.16.128.2 255.255.255.252
#
interface LoopBack0
ip address 172.16.129.129 255.255.255.128
#
R11
#
interface GigabitEthernet0/0/0
ip address 172.16.64.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.64.5 255.255.255.252
#
interface LoopBack0
ip address 172.16.65.1 255.255.255.128
#
R12
#
interface GigabitEthernet0/0/0
ip address 172.16.64.6 255.255.255.252
#
interface LoopBack0
ip address 172.16.160.1 255.255.240.0
#
interface LoopBack1
ip address 172.16.176.1 255.255.240.0
#
配置公网路由
R3
#
ip route-static 0.0.0.0 0.0.0.0 34.1.1.2
ip route-static 172.16.32.0 255.255.224.0 NULL0
#
R5
#
ip route-static 0.0.0.0 0.0.0.0 45.1.1.2
#
R6
#
ip route-static 0.0.0.0 0.0.0.0 46.1.1.2
ip route-static 172.16.64.0 255.255.224.0 NULL0
#
R7
#
ip route-static 0.0.0.0 0.0.0.0 47.1.1.2
ip route-static 172.168.96.0 255.255.224.0 NULL0
#
配置MGRE
R3
#
interface Tunnel0/0/0
ip address 172.16.0.129 255.255.255.248
tunnel-protocol gre p2mp
source 34.1.1.1
ospf network-type broadcast
nhrp entry multicast dynamic
#
R5
#
interface Tunnel0/0/0
ip address 172.16.0.130 255.255.255.248
tunnel-protocol gre p2mp
source Serial4/0/0
ospf network-type broadcast
ospf dr-priority 0
nhrp entry 172.16.0.129 34.1.1.1 register
#
R6
#
interface Tunnel0/0/0
ip address 172.16.0.131 255.255.255.248
tunnel-protocol gre p2mp
source Serial4/0/0
ospf network-type broadcast
ospf dr-priority 0
nhrp entry 172.16.0.129 34.1.1.1 register
#
R7
#
interface Tunnel0/0/0
ip address 172.16.0.132 255.255.255.248
tunnel-protocol gre p2mp
source GigabitEthernet0/0/0
ospf network-type broadcast
ospf dr-priority 0
nhrp entry 172.16.0.129 34.1.1.1 register
#
OSPF
先配置公网 Area0
R3
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
authentication-mode md5 1 cipher %$%$V2p(Ot,4>J<u_$ZlGD>Rs^P!%$%$
network 172.16.0.129 0.0.0.0
#
R5
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
authentication-mode md5 1 cipher %$%$uJ"tD%u5=),T65/K3x91s^xE%$%$
network 172.16.0.0 0.0.255.255
#
R6
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
authentication-mode md5 1 cipher %$%$gtkUAXe1W$Ba0*QPwH5Gs_3c%$%$
network 172.16.0.0 0.0.1.255
#
R7
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
authentication-mode md5 1 cipher %$%$r]Q`2E"07%UJj1D-:dr;s_e1%$%$
network 172.16.0.0 0.0.3.255
#
配置私网
Area1
R1
#
ospf 1 router-id 1.1.1.1
area 0.0.0.1
network 172.16.0.0 0.0.255.255
stub
#
R2
#
ospf 1 router-id 2.2.2.2
area 0.0.0.1
network 172.16.0.0 0.0.255.255
stub
#
R3
#
area 0.0.0.1
abr-summary 172.16.32.0 255.255.224.0
network 172.16.32.0 0.0.31.255
stub no-summary
#
Area2
R6
#
area 0.0.0.2
abr-summary 172.16.64.0 255.255.224.0
network 172.16.64.0 0.0.0.255
nssa no-summary
#
R11
#
ospf 1 router-id 11.11.11.11
area 0.0.0.2
network 172.16.0.0 0.0.255.255
nssa
#
R12
#
ospf 1 router-id 12.12.12.12
asbr-summary 172.16.160.0 255.255.224.0
import-route rip 1
area 0.0.0.2
network 172.16.64.6 0.0.0.0
nssa
#
Area3
R7
#
area 0.0.0.3
abr-summary 172.16.96.0 255.255.224.0
network 172.16.96.0 0.0.0.255
nssa no-summary
#
R8
#
ospf 1 router-id 8.8.8.8
area 0.0.0.3
network 172.16.0.0 0.0.255.255
nssa
#
R9
#
ospf 1 router-id 9.9.9.9
asbr-summary 172.16.128.0 255.255.224.0
import-route ospf 2
area 0.0.0.3
network 172.16.96.0 0.0.0.255
nssa
#
Area4
R9
#
ospf 2
default-route-advertise
area 0.0.0.4
network 172.16.128.0 0.0.1.255
#
R10
#
ospf 1 router-id 10.10.10.10
area 0.0.0.4
network 172.16.0.0 0.0.255.255
#
ACL控制访问
R3
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
nat outbound 2000
#
R6
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
nat outbound 2000
#
R7
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface GigabitEthernet0/0/0
nat outbound 2000
#
接口认证及更改Hello timer
进入各路由器启用接口配置一下命令
#
ospf authentication-mode md5 1 cipher %$%$)&LKK$xK<!T`!]V87a#2sYKg%$%$
ospf timer hello 5
#
![[西湖论剑 2022]real_ez_node](https://img-blog.csdnimg.cn/f2f2440106c046e59fe55dfce7e937ac.png)
![【蓝桥每日一题]-快速幂,倍增,滑动窗口(保姆级教程 篇1) #麦森数 #青蛙跳](https://img-blog.csdnimg.cn/550e34936324463ea1c1b964065b7854.png)
