實驗拓撲:
1.除了R7 以外的環回,其他環回都配置私有位址:192.168.1.1/24——192.168.6.1/24
2.配置mgre
[R1]int t0/0/0
[R1-Tunnel0/0/0]ip add 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
[R1-Tunnel0/0/0]source 17.1.1.1
[R1-Tunnel0/0/0]nhrp entry 10.1.1.2 27.1.1.1 register
[R1-Tunnel0/0/0]nhrp entry 10.1.1.3 37.1.1.1 register
R2和R3與R1的配置相似,此處省略
3.要想mgre能通,需給R1 R2 R3 各配置一條預設
[R1]ip route-static 0.0.0.0 0 17.1.1.2
[R2]ip route-static 0.0.0.0 0 27.1.1.2
[R3]ip route-static 0.0.0.0 0 37.1.1.2
測試:
4.配置ospf
在配置之前,将mgre的網絡的t0/0/0接口類型改為broadcast
[R1-Tunnel0/0/0]ospf network-type broadcast
[R2-Tunnel0/0/0]ospf network-type broadcast
[R3-Tunnel0/0/0]ospf network-type broadcast
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]ar 0
[R1-ospf-1-area-0.0.0.0]net 192.168.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]net 10.1.1.1 0.0.0.0
[R2]ospf 1 rou 2.2.2.2
[R2-ospf-1]ar 0
[R2-ospf-1-area-0.0.0.0]net 192.168.2.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 10.1.1.2 0.0.0.0
[R3]ospf 1 rou 3.3.3.3
[R3-ospf-1]ar 0
[R3-ospf-1-area-0.0.0.0]net 10.1.1.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]ar 1
[R3-ospf-1-area-0.0.0.1]net 192.168.3.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]net 192.168.0.0 0.0.255.255
[R4]ospf 1 rou 4.4.4.4
[R4-ospf-1]ar 1
[R4-ospf-1-area-0.0.0.1]net 192.168.4.1 0.0.0.0
[R4-ospf-1-area-0.0.0.1]net 192.168.0.0 0.0.255.255
[R5]ospf 1 rou 5.5.5.5
[R5-ospf-1]ar 1
[R5-ospf-1-area-0.0.0.1]net 192.168.5.1 0.0.0.0
[R5-ospf-1-area-0.0.0.1]net 192.168.0.0 0.0.255.255
[R5-ospf-1]ospf 2
[R5-ospf-2]ar 2
[R5-ospf-2-area-0.0.0.2]net 192.168.0.9 0.0.0.0
[R6]ospf 1 rou 6.6.6.6
[R6-ospf-1]ar 2
[R6-ospf-1-area-0.0.0.2]net 192.168.6.1 0.0.0.0
[R6-ospf-1-area-0.0.0.2]net 192.168.0.0 0.0.255.255
5.在R5上做重釋出:
[R5]ospf 1
[R5-ospf-1]im
[R5-ospf-1]import-route ospf 2
[R5-ospf-1]ospf 2
[R5-ospf-2]im
[R5-ospf-2]import-route ospf 1
測試:
6.R4-R6正常通路R7的環回
要想正常通路營運商的環回,首先得讓R4-R6 的流量能出去,需要在R3的ospf協定上做預設,出去的流量也還得回來,需要R3做nat,特别注意的是,在R5上做了重釋出後,需要在兩個不同的協定裡都做預設才行
[R3]ospf 1
[R3-ospf-1]default-route-advertise
[R5]ospf 2
[R5-ospf-2]default-route-advertise
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R3-acl-basic-2000]q
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]nat outbound 2000
測試:
7.R1 telent R3 公有IP實際登入到R6
首先在R6 上開啟 telent
[R6]aaa
[R6-aaa]local-user huawei privilege level 15 password cipher huawei
Info: Add a new user.
[R6-aaa]local-user huawei service-type telnet
[R6-aaa]q
[R6]user-interface vty 0 4
[R6-ui-vty0-4]authentication-mode aaa
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 23 inside 192.168.6.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
測試:
實驗完成!!!