hcip---ospf综合实验

一：实验要求

1、R4为ISP，其上只能配置IP地址，R4与其所有直连设备间均使用公有IP

2、R3-R5/6/7为MGRE环境，R3为中心站点

3、整个OSPF环境IP基于R4的环回

4、所有设备均可访问R4的环回

5、减少LSA的更新量，加快收敛，保障更新安全

6、全网可达

二：实验分析

1：子网划分

基于172.16.0.0/16划分网段

172.16.0.0/16

172.16.0.0/19 area 0
172.16.0.0/24 p2p骨干 172.16.1.0/24 MA骨干
172.16.1.0/29 T通道
172.16.2.0/24 R5环回
172.16.3.0/24 R6环回
172.16.4.0/24 R7环回
172.16.5.0/24 R4环回

172.16.32.0/19 area 1
172.16.32.0/24 p2p
172.16.33.0/24 MA
172.16.33.0/29
172.16.34.0/24 R1环回
172.16.35.0/24 R2环回
172.16.36.0/24 R3环回

172.16.64.0/19 area 2 172.16.65.0/24 p2p****172.16.64.0/24 MA
172.16.64.0/30
172.16.64.4/30
172.16.66.0/24 R11环回

172.16.96.0/19 area 3
172.16.96.0/24 MA
172.16.96.0/30
172.16.96.4/30
172.16.97.0/24 p2p
172.16.98.0/24 R8环回

172.16.128.0/19 area 4
172.16.128.0/24 MA
172.16.128.0/30
172.16.129.0/24 p2p
172.16.130.0/24 R9环回
172.16.131.0/24 R10环回

172.16.160.0/19 rip
172.16.160.0/24 MA
172.16.161.0/24 P2P
172.16.162.0/24 R12环回
172.16.163.0/24 R12环回

2、实验拓扑

三：实验配置

配置IP地址

r1-GigabitEthernet0/0/0\]ip address 172.16.33.1 29 \[r1-LoopBack0\]ip addres9999s 172.16.34.1 24 \[r2-GigabitEthernet0/0/0\]ip address 172.16.33.2 29 \[r2-LoopBack0\]ip address 172.16.35.1 24 \[r3-GigabitEthernet0/0/0\]ip address 172.16.33.3 29 \[r3-Serial4/0/0\]ip address 34.1.1.1 24 \[r3-LoopBack0\]ip address 172.16.36.1 24 \[r4-Serial4/0/0\]ip address 34.1.1.2 24 \[r4-Serial4/0/1\]ip address 45.1.1.2 24 \[r4-Serial3/0/0\]ip address 46.1.1.2 24 \[r4-GigabitEthernet0/0/0\]ip address 47.1.1.2 24 \[r4-LoopBack0\]ip address 172.16.5.1 24 \[r5-Serial4/0/0\]ip address 45.1.1.1 24 \[r5-LoopBack0\]ip address 172.16.2.1 24 \[r6-Serial4/0/0\]ip address 46.1.1.1 24 \[r6-GigabitEthernet0/0/0\]ip address 172.16.64.1 30 \[r6-LoopBack0\]ip address 172.16.3.1 24 \[r7-GigabitEthernet0/0/0\]ip address 47.1.1.1 24 \[r7-GigabitEthernet0/0/1\]ip address 172.16.96.1 30 \[r7-LoopBack0\]ip address 172.16.4.1 24 \[r8-GigabitEthernet0/0/0\]ip address 172.16.96.2 30 \[r8-GigabitEthernet0/0/1\]ip address 172.16.96.5 30 \[r8-LoopBack0\]ip address 172.16.98.1 24 \[r9-GigabitEthernet0/0/0\]ip address 172.16.96.6 30 \[r9-GigabitEthernet0/0/1\]ip address 172.16.128.1 30 \[r9-LoopBack0\]ip address 172.16.130.1 24 \[r10-GigabitEthernet0/0/0\]ip address 172.16.128.2 30 \[r10-LoopBack0\]ip address 172.16.131.1 24 \[r11-GigabitEthernet0/0/0\]ip address 172.16.64.2 30 \[r11-GigabitEthernet0/0/1\]ip address 172.16.64.5 30 \[r11-LoopBack0\]ip address 172.16.66.1 24 \[r12-GigabitEthernet0/0/0\]ip address 172.16.64.6 30 \[r12-LoopBack0\]ip address 172.16.162.1 24 \[r12-LoopBack1\]ip address 172.16.163.1 24 **配置MGRE**     **写缺省让公网以及通道连接，修改通道ospf优先级以及MGRE修改为BMA网络，或者修改成p2mp** **网络就不用选举来修改ospf优先级** \[r3\]ip route-static 0.0.0.0 0 34.1.1.2 \[r5\]ip route-static 0.0.0.0 0 45.1.1.2 \[r6\]ip route-static 0.0.0.0 0 46.1.1.2 \[r7\]ip route-static 0.0.0.0 0 47.1.1.2 \[r3-Tunnel0/0/0\]ospf dr-priority 100 \[r3-Tunnel0/0/0\]ospf network-type broadcast \[r5-Tunnel0/0/0\]ospf dr-priority 0 \[r5-Tunnel0/0/0\]ospf network-type broadcast \[r6-Tunnel0/0/0\]ospf dr-priority 0 \[r6-Tunnel0/0/0\]ospf network-type broadcast \[r7-Tunnel0/0/0\]ospf dr-priority 0 \[r7-Tunnel0/0/0\]ospf network-type broadcast **宣告ospf和rip**               **r12路由器用单点单向重发布。r9路由器做一个单点单向重发布，r10路由器写一条缺省指向R9接** **口，或者在R9进程2下放一个缺省** \[r9-ospf-1\]import-route ospf 2 \[r12-ospf-1\]import-route rip 1 \[r10\]ip route-static 0.0.0.0 0 172.16.128.1 **r3/5/6/7路由器上做一个easy ip 使得其他路由器能访问r4的环回** \[r3\]acl 2000 \[r3-acl-basic-2000\]rule permit source 172.16.0.0 0.0.0.255 \[r3-Serial4/0/0\]nat outbound 2000 \[r7\]acl 2000 \[r7-acl-basic-2000\]rule permit source 172.16.0.0 0.0.255.255 \[r7-GigabitEthernet0/0/0\]nat outbound 2000 \[r6\]acl 2000 \[r6-acl-basic-2000\]rule permit source 172.16.0.0 0.0.255.255 \[r6-Serial4/0/0\]nat outbound 2000 \[r5\]acl 2000 \[r5-acl-basic-2000\]rule permit source 172.16.0.0 0.0.255.255 \[r5-Serial4/0/0\]nat outbound 2000 **路由汇总以及空接口** \[r3-ospf-1-area-0.0.0.1\]abr-summary 172.16.32.0 255.255.224.0 \[r6-ospf-1-area-0.0.0.2\]abr-summary 172.16.64.0 255.255.224.0 \[r7-ospf-1-area-0.0.0.3\]abr-summary 172.16.96.0 255.255.224.0 \[r9-ospf-1\]asbr-summary 172.16.128.0 255.255.224.0 \[r12-ospf-1\]asbr-summary 172.16.160.0 255.255.224.0 \[r3\]ip route-static 172.16.32.0 19 NULL 0 \[r6\]ip route-static 172.16.64.0 19 NULL 0 \[r7\]ip route-static 172.16.96.0 19 NULL 0 \[r9\]ip route-static 172.16.128.0 19 NULL 0 \[r12\]ip route-static 172.16.160.0 19 NULL 0 **做特殊区域减少LSA** \[r1-ospf-1-area-0.0.0.1\]stub \[r2-ospf-1-area-0.0.0.1\]stub \[r3-ospf-1-area-0.0.0.1\]stub no-summary \[r6-ospf-1-area-0.0.0.2\]nssa no-summary \[r11-ospf-1-area-0.0.0.2\]nssa \[r12-ospf-1-area-0.0.0.2\]nssa \[r7-ospf-1-area-0.0.0.3\]nssa no-summary \[r8-ospf-1-area-0.0.0.3\]nssa \[r9-ospf-1-area-0.0.0.3\]nssa **加快收敛** \[r1-GigabitEthernet0/0/0\]ospf timer hello 5 \[r2-GigabitEthernet0/0/0\]ospf timer hello 5 \[r3-GigabitEthernet0/0/0\]ospf timer hello 5 **区域认证** \[r1-ospf-1-area-0.0.0.1\]authentication-mode simple plain 123456 \[r2-ospf-1-area-0.0.0.1\]authentication-mode simple plain 123456 \[r3-ospf-1-area-0.0.0.1\]authentication-mode simple plain 123456   **四、测试** **所以用户可以r4 环回**   全网可达