hcip---ospf综合实验

一：实验要求

1、R4为ISP，其上只能配置IP地址，R4与其所有直连设备间均使用公有IP

2、R3-R5/6/7为MGRE环境，R3为中心站点

3、整个OSPF环境IP基于R4的环回

4、所有设备均可访问R4的环回

5、减少LSA的更新量，加快收敛，保障更新安全

6、全网可达

二：实验分析

1：子网划分

基于172.16.0.0/16划分网段

172.16.0.0/16

172.16.0.0/19 area 0
172.16.0.0/24 p2p骨干 172.16.1.0/24 MA骨干
172.16.1.0/29 T通道
172.16.2.0/24 R5环回
172.16.3.0/24 R6环回
172.16.4.0/24 R7环回
172.16.5.0/24 R4环回

172.16.32.0/19 area 1
172.16.32.0/24 p2p
172.16.33.0/24 MA
172.16.33.0/29
172.16.34.0/24 R1环回
172.16.35.0/24 R2环回
172.16.36.0/24 R3环回

172.16.64.0/19 area 2 172.16.65.0/24 p2p****172.16.64.0/24 MA
172.16.64.0/30
172.16.64.4/30
172.16.66.0/24 R11环回

172.16.96.0/19 area 3
172.16.96.0/24 MA
172.16.96.0/30
172.16.96.4/30
172.16.97.0/24 p2p
172.16.98.0/24 R8环回

172.16.128.0/19 area 4
172.16.128.0/24 MA
172.16.128.0/30
172.16.129.0/24 p2p
172.16.130.0/24 R9环回
172.16.131.0/24 R10环回

172.16.160.0/19 rip
172.16.160.0/24 MA
172.16.161.0/24 P2P
172.16.162.0/24 R12环回
172.16.163.0/24 R12环回

2、实验拓扑

三：实验配置

配置IP地址

$r1-GigabitEthernet0/0/0$ ip address 172.16.33.1 29

$r1-LoopBack0$ ip addres9999s 172.16.34.1 24

$r2-GigabitEthernet0/0/0$ ip address 172.16.33.2 29

$r2-LoopBack0$ ip address 172.16.35.1 24

$r3-GigabitEthernet0/0/0$ ip address 172.16.33.3 29

$r3-Serial4/0/0$ ip address 34.1.1.1 24

$r3-LoopBack0$ ip address 172.16.36.1 24

$r4-Serial4/0/0$ ip address 34.1.1.2 24

$r4-Serial4/0/1$ ip address 45.1.1.2 24

$r4-Serial3/0/0$ ip address 46.1.1.2 24

$r4-GigabitEthernet0/0/0$ ip address 47.1.1.2 24

$r4-LoopBack0$ ip address 172.16.5.1 24

$r5-Serial4/0/0$ ip address 45.1.1.1 24

$r5-LoopBack0$ ip address 172.16.2.1 24

$r6-Serial4/0/0$ ip address 46.1.1.1 24

$r6-GigabitEthernet0/0/0$ ip address 172.16.64.1 30

$r6-LoopBack0$ ip address 172.16.3.1 24

$r7-GigabitEthernet0/0/0$ ip address 47.1.1.1 24

$r7-GigabitEthernet0/0/1$ ip address 172.16.96.1 30

$r7-LoopBack0$ ip address 172.16.4.1 24

$r8-GigabitEthernet0/0/0$ ip address 172.16.96.2 30

$r8-GigabitEthernet0/0/1$ ip address 172.16.96.5 30

$r8-LoopBack0$ ip address 172.16.98.1 24

$r9-GigabitEthernet0/0/0$ ip address 172.16.96.6 30

$r9-GigabitEthernet0/0/1$ ip address 172.16.128.1 30

$r9-LoopBack0$ ip address 172.16.130.1 24

$r10-GigabitEthernet0/0/0$ ip address 172.16.128.2 30

$r10-LoopBack0$ ip address 172.16.131.1 24

$r11-GigabitEthernet0/0/0$ ip address 172.16.64.2 30

$r11-GigabitEthernet0/0/1$ ip address 172.16.64.5 30

$r11-LoopBack0$ ip address 172.16.66.1 24

$r12-GigabitEthernet0/0/0$ ip address 172.16.64.6 30

$r12-LoopBack0$ ip address 172.16.162.1 24

$r12-LoopBack1$ ip address 172.16.163.1 24

配置MGRE

写缺省让公网以及通道连接，修改通道ospf优先级以及MGRE修改为BMA网络，或者修改成p2mp

网络就不用选举来修改ospf优先级

$r3$ ip route-static 0.0.0.0 0 34.1.1.2

$r5$ ip route-static 0.0.0.0 0 45.1.1.2

$r6$ ip route-static 0.0.0.0 0 46.1.1.2

$r7$ ip route-static 0.0.0.0 0 47.1.1.2

$r3-Tunnel0/0/0$ ospf dr-priority 100

$r3-Tunnel0/0/0$ ospf network-type broadcast

$r5-Tunnel0/0/0$ ospf dr-priority 0

$r5-Tunnel0/0/0$ ospf network-type broadcast

$r6-Tunnel0/0/0$ ospf dr-priority 0

$r6-Tunnel0/0/0$ ospf network-type broadcast

$r7-Tunnel0/0/0$ ospf dr-priority 0

$r7-Tunnel0/0/0$ ospf network-type broadcast

宣告ospf和rip

r12路由器用单点单向重发布。r9路由器做一个单点单向重发布，r10路由器写一条缺省指向R9接

口，或者在R9进程2下放一个缺省

$r9-ospf-1$ import-route ospf 2

$r12-ospf-1$ import-route rip 1

$r10$ ip route-static 0.0.0.0 0 172.16.128.1

r3/5/6/7路由器上做一个easy ip 使得其他路由器能访问r4的环回

$r3$ acl 2000

$r3-acl-basic-2000$ rule permit source 172.16.0.0 0.0.0.255

$r3-Serial4/0/0$ nat outbound 2000

$r7$ acl 2000

$r7-acl-basic-2000$ rule permit source 172.16.0.0 0.0.255.255

$r7-GigabitEthernet0/0/0$ nat outbound 2000

$r6$ acl 2000

$r6-acl-basic-2000$ rule permit source 172.16.0.0 0.0.255.255

$r6-Serial4/0/0$ nat outbound 2000

$r5$ acl 2000

$r5-acl-basic-2000$ rule permit source 172.16.0.0 0.0.255.255

$r5-Serial4/0/0$ nat outbound 2000

路由汇总以及空接口

$r3-ospf-1-area-0.0.0.1$ abr-summary 172.16.32.0 255.255.224.0

$r6-ospf-1-area-0.0.0.2$ abr-summary 172.16.64.0 255.255.224.0

$r7-ospf-1-area-0.0.0.3$ abr-summary 172.16.96.0 255.255.224.0

$r9-ospf-1$ asbr-summary 172.16.128.0 255.255.224.0

$r12-ospf-1$ asbr-summary 172.16.160.0 255.255.224.0

$r3$ ip route-static 172.16.32.0 19 NULL 0

$r6$ ip route-static 172.16.64.0 19 NULL 0

$r7$ ip route-static 172.16.96.0 19 NULL 0

$r9$ ip route-static 172.16.128.0 19 NULL 0

$r12$ ip route-static 172.16.160.0 19 NULL 0

做特殊区域减少LSA

$r1-ospf-1-area-0.0.0.1$ stub

$r2-ospf-1-area-0.0.0.1$ stub

$r3-ospf-1-area-0.0.0.1$ stub no-summary

$r6-ospf-1-area-0.0.0.2$ nssa no-summary

$r11-ospf-1-area-0.0.0.2$ nssa

$r12-ospf-1-area-0.0.0.2$ nssa

$r7-ospf-1-area-0.0.0.3$ nssa no-summary

$r8-ospf-1-area-0.0.0.3$ nssa

$r9-ospf-1-area-0.0.0.3$ nssa

加快收敛

$r1-GigabitEthernet0/0/0$ ospf timer hello 5

$r2-GigabitEthernet0/0/0$ ospf timer hello 5

$r3-GigabitEthernet0/0/0$ ospf timer hello 5

区域认证

$r1-ospf-1-area-0.0.0.1$ authentication-mode simple plain 123456

$r2-ospf-1-area-0.0.0.1$ authentication-mode simple plain 123456

$r3-ospf-1-area-0.0.0.1$ authentication-mode simple plain 123456

四、测试

所以用户可以r4 环回

全网可达