一:实验拓扑(地址自己规划)
二.实验要求:
1.r4为ISP,其上只能配置IP地址;
每台设备均有环回,R12两个环回
R4与其他所有直连设备间使用公有IP
2.R3-5/6/7为MGRE环境,R3为中
心站点
3.整个OSPF环境IP地址为172.16.0.0/16
4.所有设备均可访问R4的环回;
5.减少LSA的更新量,加快收敛,保障更
新安全
6.全网可达
三:实验思路
先规划IP配置地址–公网通—(MGRE)—ospf–eigrp—优化{汇总(域间3,6,7 域外9,12) 特殊区域}–区域认证(推荐)或接口认证–内网全通–最后做NAT
请忽略下面部分(),这些是方便后期我自己查看的内容:
(注意:区域划分
注意:network 中的通配符所匹配的东西
建议 进程2的AREA4的的重分布到进程1中 不建议把其他区域的发布到area4
加快收敛,保障更新安全 更改计时器 认证
Hello 5 dead20 lsa传输延时5 重传间隔5
ip ospf hello-interval 5
ip ospf dead-interval 20
ip ospf transmit-delay 5
ip ospf retransmit-interval 5
area1 区域密文认证
area2 区域 明文认证
R7和R8之间做了接口密文认证
R9和R10之间做了接口明文认证)
四:配置
R1(area1):
hostname r1
no ip domain lookup
interface Loopback0
ip address 172.16.33.1 255.255.255.128
!
interface FastEthernet0/0
ip address 172.16.32.130 255.255.255.128
ip ospf message-digest-key 1 md5 cisco //接口配置区域认证密钥
ip ospf hello-interval 5 //设置hello时间为5s
ip ospf transmit-delay 5 //设置LSA传输延时时间为5s
duplex auto
speed auto
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 authentication message-digest //area1 区域密文认证 注意:区域认证需要在该区域所有路由器上都做
area 1 stub //设置area1为末节区域
network 172.16.0.0 0.0.255.255 area 1
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
R2:
hostname r2
!
interface Loopback0
ip address 172.16.33.129 255.255.255.128
!
interface FastEthernet0/0
ip address 172.16.32.131 255.255.255.128
ip ospf message-digest-key 1 md5 cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
duplex auto
speed auto
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 1 authentication message-digest
area 1 stub
network 172.16.0.0 0.0.255.255 area 1
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
R3:
!
interface Loopback0
ip address 172.16.34.1 255.255.255.128
!
interface Tunnel0
ip address 172.16.0.129 255.255.255.248
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip ospf network broadcast //修改网络模式
tunnel source 34.1.1.1
tunnel mode gre multipoint
tunnel key 123
!
interface FastEthernet0/0
ip address 172.16.32.129 255.255.255.128
ip nat inside
ip virtual-reassembly
ip ospf message-digest-key 1 md5 cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
duplex auto
speed auto
!
interface Serial3/0
ip address 34.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
area 1 authentication message-digest
area 1 stub no-summary //完全末节区域 ,在stub区域边界上,过滤3类LSA,仅保留3类缺省LSA,过滤4,5类LSA
area 1 range 172.16.32.0 255.255.224.0
network 172.16.0.129 0.0.0.0 area 0
network 172.16.32.0 0.0.3.255 area 1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 34.1.1.2
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Serial3/0 overload
!
access-list 1 permit 172.16.0.0 0.0.255.255
no cdp log mismatch duplex
R4:
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Serial3/0
ip address 34.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial3/1
ip address 45.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial3/2
ip address 46.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial3/3
ip address 47.1.1.2 255.255.255.0
serial restart-delay 0
!
R5:
interface Loopback0
ip address 172.16.1.1 255.255.255.128
ip nat inside
ip virtual-reassembly
!
interface Tunnel0
ip address 172.16.0.130 255.255.255.248
no ip redirects
ip nhrp map 172.16.0.129 34.1.1.1
ip nhrp map multicast 34.1.1.1
ip nhrp network-id 100
ip nhrp nhs 172.16.0.129
ip ospf network broadcast
ip ospf priority 0
tunnel source Serial3/1
tunnel mode gre multipoint
tunnel key 123
interface Serial3/1
ip address 45.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 45.1.1.2
!
ip nat inside source list 1 interface Serial3/1 overload
!
access-list 1 permit 172.16.0.0 0.0.255.255
R6:
interface Loopback0
ip address 172.16.1.129 255.255.255.128
!
interface Tunnel0
ip address 172.16.0.131 255.255.255.248
no ip redirects
ip nhrp map 172.16.0.129 34.1.1.1
ip nhrp map multicast 34.1.1.1
ip nhrp network-id 100
ip nhrp nhs 172.16.0.129
ip ospf network broadcast
ip ospf priority 0
tunnel source Serial3/2
tunnel mode gre multipoint
tunnel key 123
interface Serial3/0
ip address 172.16.64.1 255.255.255.128
ip nat inside
ip virtual-reassembly
ip ospf authentication-key cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
interface Serial3/2
ip address 46.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
router ospf 1
router-id 6.6.6.6
log-adjacency-changes
area 2 authentication
area 2 nssa no-summary
area 2 range 172.16.64.0 255.255.224.0
network 172.16.0.0 0.0.1.255 area 0
network 172.16.64.1 0.0.0.0 area 2
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 46.1.1.2
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Serial3/2 overload
!
access-list 1 permit 172.16.0.0 0.0.255.255
R7:
interface Loopback0
ip address 172.16.2.1 255.255.255.128
!
interface Tunnel0
ip address 172.16.0.132 255.255.255.248
no ip redirects
ip nhrp map 172.16.0.129 34.1.1.1
ip nhrp map multicast 34.1.1.1
ip nhrp network-id 100
ip nhrp nhs 172.16.0.129
ip ospf network broadcast
ip ospf priority 0
tunnel source Serial3/3
tunnel mode gre multipoint
tunnel key 123
interface Serial3/0
ip address 172.16.96.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip ospf authentication message-digest
ip ospf message-digest-key 2 md5 cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
!
interface Serial3/3
ip address 47.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
router ospf 1
router-id 7.7.7.7
log-adjacency-changes
area 3 nssa no-summary
area 3 range 172.16.96.0 255.255.224.0
network 172.16.0.0 0.0.3.255 area 0
network 172.16.96.1 0.0.0.0 area 3
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 47.1.1.2
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Serial3/3 overload
!
access-list 1 permit 172.16.0.0 0.0.255.255
no cdp log mismatch duplex
R8:
interface Loopback0
ip address 172.16.97.1 255.255.255.128
interface Serial3/0
ip address 172.16.96.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 2 md5 cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
!
interface Serial3/1
ip address 172.16.96.5 255.255.255.252
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
router ospf 1
router-id 8.8.8.8
log-adjacency-changes
area 3 nssa //非完全末节区域
network 172.16.0.0 0.0.255.255 area 3
R9:
interface Loopback0
ip address 172.16.129.1 255.255.255.128
interface Serial3/0
ip address 172.16.128.1 255.255.255.252
ip ospf authentication
ip ospf authentication-key cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
!
interface Serial3/1
ip address 172.16.96.6 255.255.255.252
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
router ospf 1
router-id 9.9.9.9
log-adjacency-changes
area 3 nssa
summary-address 172.16.128.0 255.255.224.0
redistribute ospf 2 subnets
network 172.16.96.6 0.0.0.0 area 3
!
router ospf 2
log-adjacency-changes
network 172.16.128.0 0.0.1.255 area 4
default-information originate
!
R10:
interface Loopback0
ip address 172.16.129.129 255.255.255.128
interface Serial3/0
ip address 172.16.128.2 255.255.255.252
ip ospf authentication
ip ospf authentication-key cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
router ospf 1
router-id 10.10.10.10
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 4
R11:
interface Loopback0
ip address 172.16.65.1 255.255.255.128
!
interface Serial3/0
ip address 172.16.64.2 255.255.255.252
ip ospf authentication-key cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
!
interface Serial3/1
ip address 172.16.64.5 255.255.255.252
ip ospf authentication-key cisco
ip ospf hello-interval 5
ip ospf transmit-delay 5
serial restart-delay 0
router ospf 1
router-id 11.11.11.11
log-adjacency-changes
area 2 authentication
area 2 nssa
network 172.16.0.0 0.0.255.255 area 2
R12:!
interface Loopback0
ip address 172.16.160.1 255.255.255.240
!
interface Loopback1
ip address 172.16.176.1 255.255.255.240
interface Serial3/1
ip address 172.16.64.6 255.255.255.252
ip ospf authentication-key cisco
ip ospf hello-interval 5
serial restart-delay 0
router eigrp 1
network 172.16.160.0 0.0.31.255
no auto-summary
!
router ospf 1
router-id 12.12.12.12
log-adjacency-changes
area 2 authentication
area 2 nssa
summary-address 172.16.160.0 255.255.224.0
redistribute eigrp 1 subnets
network 172.16.64.6 0.0.0.0 area 2
五:测试
