DM***+OSPF测试
1.拓撲圖
?
2.基本接口配置
R1:
R1#config t
Enter configuration commands, one per line.? End with CNTL/Z.
R1(config)#int f0/0
R1(config-if)#ip add 202.14.1.1 255.255.255.252
R1(config-if)#no sh
R1(config-if)#int l0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R2:
R2#config t
R2(config)#int f0/0
R2(config-if)#ip add 202.24.1.1 255.255.255.252
R2(config-if)#no sh
R2(config)#int l0
R2(config-if)#ip add 192.168.2.1 255.255.255.0
R3:
R3(config)#int f0/0
R3(config-if)#ip add 202.34.1.1 255.255.255.0
R3(config)#int l0
R3(config-if)#ip add 192.168.3.1 255.255.255.0
R4:
R4(config)#int e0/0
R4(config-if)#ip add 202.14.1.2 255.255.255.252
R4(config-if)#no sh
R4(config)#int e0/1
R4(config-if)#ip add 202.24.1.2 255.255.255.252
R4(config-if)#int e0/2
R4(config-if)#ip add 202.34.1.2 255.255.255.252
3.路由配置
R1(config)#ip route 0.0.0.0 0.0.0.0 202.14.1.2
R2(config)#ip route 0.0.0.0 0.0.0.0 202.24.1.2
R3(config)#ip route 0.0.0.0 0.0.0.0 202.34.1.2
5.mGRE、NHRP及動態路由配置
R1:
R1(config)#int tunnel 0
R1(config-if)#ip add 172.16.1.1 255.255.255.0
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#tunnel source f0/0
R1(config-if)#tunnel key 12345
R1(config-if)#ip nhrp network-id 10
R1(config-if)#ip nhrp authentication cisco
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#ip nhrp redirec
R1(config)#int tunnel 0
R1(config-if)#ip ospf cost 255
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.0 0.0.0.255 a 0
R1(config-router)#network 172.16.1.0 0.0.0.255 a 0
備注:為了確保hub節點為OSPF的DR,,也可以設置hub節點的高priority值,或在各個spoke節點tunnel接口設置低優先級:ip ospf prio 0。
R2:
R2(config)#int tunn 0
R2(config-if)#ip add 172.16.1.2 255.255.255.0
R2(config-if)#tun mode gre multipoint
R2(config-if)#tunnel source f0/0
R2(config-if)#tunne key 12345
R2(config-if)#ip nhrp network-id 10
R2(config-if)#ip nhrp authentication cisco
R2(config-if)#ip nhrp map 172.16.1.1 202.14.1.1
R2(config-if)#ip nhrp map multicast 202.14.1.1
R2(config-if)#ip nhrp nhs 172.16.1.1
R2(config-if)#ip nhrp shortcut
R2(config)#router ospf 1
R2(config-router)#network 192.16.2.0 0.0.0.255 a 0
R2(config-router)#network 172.16.1.0 0.0.0.255 a 0
R3:
R3(config)#int tunnel 0
R3(config-if)#ip add 192.168.0.3 255.255.255.0
R3(config-if)#tunnel mode gre multipoint
R3(config-if)#tunnel source f 0/0
R3(config-if)#tunnel key 12345
R3(config-if)#ip nhrp network-id 10
R3(config-if)#ip nhrp authentication cisco
R3(config-if)#p nhrp map 172.16.1.1 202.14.1.1
R3(config-if)#ip nhrp map multicast 202.14.1.1
R3(config-if)#ip nhrp nhs 172.16.1.1
R3(config-if)#ip nhrp shortcut
R3(config)#router ospf 1
R3(config-router)#network 192.168.3.0 0.0.0.255 a 0
R3(config-router)#network 172.16.1.0 0.0.0.255 a 0
6.驗證mGRE、NHRP及動態路由:
A.mGRE
R1#ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/96/120 ms
R1#ping 172.16.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/101/164 ms
B.nhrp
R1#show ip nhrp
R1#show ip nhrp
172.16.1.2/32 via 172.16.1.2
?? Tunnel0 created 00:54:41, expire 01:05:18
?? Type: dynamic, Flags: unique registered used
?? NBMA address: 202.24.1.1
172.16.1.3/32 via 172.16.1.3
?? Tunnel0 created 00:39:39, expire 01:20:20
?? Type: dynamic, Flags: unique registered used
?? NBMA address: 202.34.1.1
C.ospf
R1#show ip ospf nei
R1#show ip ospf neighbor
Neighbor ID???? Pri?? State?????????? Dead Time?? Address???????? Interface
192.168.2.1?????? 1?? FULL/DROTHER??? 00:00:35??? 172.16.1.2????? Tunnel0
192.168.3.1?????? 1?? FULL/BDR??????? 00:00:35??? 172.16.1.3????? Tunnel0
R1#
7.配置IPSec ***
R1、R2、R3配置相同
A.配置第一階段策略:
(config)#crypto isakmp policy 10
(config-isakmp)#group 2
(config-isakmp)#ha md
(config-isakmp)#en de
(config-isakmp)#au pr
(config-isakmp)#exit
(config)#crypto isakmp key 0 cisco address 0.0.0.0
B.配置第二階段策略:
(config)#crypto ipsec transform-set transet esp-des esp-md5-hmac
(cfg-crypto-trans)#mode transport
C.配置Ipsec Profile,關聯轉換集
(config)#crypto ipsec profile myprofile
(ipsec-profile)#set transform-set transet
D.tunnel接口調用profile:
(config)#int tunnel 0
(config-if)#tunnel protection ipsec profile myprofile
8.測試***
R2#traceroute 192.168.3.1 source 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.3.1
? 1 172.16.1.3 180 msec *? 168 msec
第一跳直接到達R3,說明spoke之間IPSEC流量不需經過hub,從nhrp信息可以看出為什么可以節點直接可以直接建立ipsec。
R1#show ip nhrp
172.16.1.2/32 via 172.16.1.2
?? Tunnel0 created 00:39:39, expire 01:42:19
?? Type: dynamic, Flags: unique registered
?? NBMA address: 202.24.1.1
172.16.1.3/32 via 172.16.1.3
?? Tunnel0 created 00:39:35, expire 01:42:21
?? Type: dynamic, Flags: unique registered
?? NBMA address: 202.34.1.1
R1#
R2#show ip nhrp
172.16.1.1/32 via 172.16.1.1
?? Tunnel0 created 00:39:15, never expire
?? Type: static, Flags: used
?? NBMA address: 202.14.1.1
172.16.1.3/32 via 172.16.1.3
?? Tunnel0 created 00:29:53, expire 01:54:03
?? Type: dynamic, Flags: router implicit
?? NBMA address: 202.34.1.1
192.168.2.0/24 via 172.16.1.2
?? Tunnel0 created 00:05:56, expire 01:54:03
?? Type: dynamic, Flags: router unique local
?? NBMA address: 202.24.1.1
??? (no-socket)
192.168.3.0/24 via 172.16.1.3
?? Tunnel0 created 00:29:50, expire 01:30:09
?? Type: dynamic, Flags: router
?? NBMA address: 202.34.1.1
R3#show ip nhrp
172.16.1.1/32 via 172.16.1.1
?? Tunnel0 created 00:39:45, never expire
?? Type: static, Flags: used
?? NBMA address: 202.14.1.1
172.16.1.2/32 via 172.16.1.2
?? Tunnel0 created 00:30:23, expire 01:29:36
?? Type: dynamic, Flags: router implicit
?? NBMA address: 202.24.1.1
192.168.2.0/24 via 172.16.1.2
?? Tunnel0 created 00:06:30, expire 01:53:29
?? Type: dynamic, Flags: router
?? NBMA address: 202.24.1.1
192.168.3.0/24 via 172.16.1.3
?? Tunnel0 created 00:30:23, expire 01:29:36
?? Type: dynamic, Flags: router unique local
?? NBMA address: 202.34.1.1
??? (no-socket)
?
總結
以上是生活随笔為你收集整理的DM***+OSPF测试的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: NHibernate3.0剖析:Quer
- 下一篇: ADT安装好在Eclipse后运行模型A