|
|
在一个大型网络中可能存在着多种路由协议,因此关系到路由重分发的问题。网络架构如下图所示:
架构说明:
1 R1为总公司路由器;
2 R2、R5为上海分公司路由器;
3 R3、R4为杭州分公司路由器;
4 总公司和分公司之间使用OSPF协议,上海分公司使用RIP协议,而杭州分公司使用静态路由协议;
5 所有分公司访问公网都通过总公司路由器R1实现;
6 本地所带主机由Loopback1接口模拟;
7 Loopback0使用192.168.255.0/24网段并且作为Router> 1)配置基本信息
R1配置如下:
R1(config)#hostname R1
R1(config)#int f0/0
R1(config-if)#ip add 10.0.0.1 255.255.255.252
R1(config-if)#no sh
R1(config-if)#int f1/0
R1(config-if)#ip add 10.0.0.6 255.255.255.252
R1(config-if)#no sh
R1(config-if)#int f2/0
R1(config-if)#ip add 172.16.31.1 255.255.255.252
R1(config-if)#no sh
R1(config)#int loopback 0
R1(config-if)#ip add 192.168.255.1 255.255.255.0
R1(config-if)#no sh
R1(config)#int loopback 1
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no sh
R1(config)#router ospf 1
R1(config-router)#router-id 192.168.255.1
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#network 10.0.0.4 0.0.0.3 area 1
R1(config-router)#network 192.168.255.1 0.0.0.0 area 0
R1(config-router)#network 10.0.0.0 0.0.0.3 area 0
R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.31.2
R2配置如下:
R2(config)#hostname R2
R2(config)#int f0/0
R2(config-if)#ip add 10.0.0.2 255.255.255.252
R2(config-if)#no sh
R2(config-if)#int f1/0
R2(config-if)#ip add 192.168.100.1 255.255.255.0
R2(config-if)#no sh
R2(config)#int loopback 0
R2(config-if)#ip add 192.168.255.2 255.255.255.255
R2(config-if)#no sh
R2(config)#router ospf 1
R2(config-router)#router-id 192.168.255.2
R2(config-router)#network 10.0.0.0 0.0.0.3 area 0
R2(config-router)#network 192.168.255.2 0.0.0.0 area 0
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.100.0
R3配置如下:
R3(config)#hostname R3
R3(config)#int f1/0
R3(config-if)#ip add 10.0.0.5 255.255.255.252
R3(config-if)#no sh
R3(config-if)#int f0/0
R3(config-if)#ip add 10.0.0.10 255.255.255.252
R3(config-if)#no sh
R3(config)#int loopback 0
R3(config-if)#ip add 192.168.255.3 255.255.255.255
R3(config-if)#no sh
R3(config)#router ospf 1
R3(config-router)#router-id 192.168.255.3
R3(config-router)#network 10.0.0.4 0.0.0.3 area 1
R3(config-router)#network 192.168.255.3 0.0.0.0 area 1
R3(config)#ip route 192.168.3.0 255.255.255.0 10.0.0.9
R4配置如下:
R4(config)#hostname R4
R4(config)#int f0/0
R4(config-if)#ip add 10.0.0.9 255.255.255.252
R4(config-if)#no sh
R4(config)#int loopback 0
R4(config-if)#ip add 192.168.255.4 255.255.255.255
R4(config-if)#no sh
R4(config)#int loopback 1
R4(config-if)#ip add 192.168.3.1 255.255.255.0
R4(config-if)#no sh
R4(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.10
R5配置如下:
R5(config)#hostname R5
R5(config)#int f0/0
R5(config-if)#ip add 192.168.100.2 255.255.255.0
R5(config-if)#no sh
R5(config)#int loopback 1
R5(config-if)#ip add 192.168.2.1 255.255.255.0
R5(config-if)#no sh
R5(config)#router rip
R5(config-router)#version 2
R5(config-router)#no auto-summary
R5(config-router)#network 192.168.100.0
R5(config-router)#network 192.168.2.0
Internet配置如下:
Internet(config)#hostname Internet
Internet(config)#int f0/0
Internet(config-if)#ip add 172.16.31.2 255.255.255.252
Internet(config-if)#no sh
Internet(config)#int loopback 1
Internet(config-if)#ip add 59.56.61.1 255.255.255.0
Internet(config-if)#no sh
查看路由表:
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.31.2 to network 0.0.0.0
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.31.0 is directly connected, FastEthernet2/0
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
C 10.0.0.4 is directly connected, FastEthernet1/0
192.168.255.0/24 is variably subnetted, 3 subnets, 2 masks
O 192.168.255.3/32 [110/2] via 10.0.0.5, 00:21:37, FastEthernet1/0
O 192.168.255.2/32 [110/2] via 10.0.0.2, 00:31:22, FastEthernet0/0
C 192.168.255.0/24 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, Loopback1
S* 0.0.0.0/0 [1/0] via 172.16.31.2
2)配置路由重分发:
路由器R1重发布默认路由:
R1(config)#router ospf 1
R1(config-router)#default-information originate always
路由器R2重分发:
R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets
R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 3
路由器R3重发布静态路由和直连路由:
R3(config)#router ospf 1
R3(config-router)#redistribute static subnets
R3(config-router)#redistribute connected subnets
3)验证网络通信是否正常
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.0.0.6 to network 0.0.0.0
10.0.0.0/30 is subnetted, 3 subnets
C 10.0.0.8 is directly connected, FastEthernet0/0
O IA 10.0.0.0 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0
C 10.0.0.4 is directly connected, FastEthernet1/0
192.168.255.0/32 is subnetted, 3 subnets
C 192.168.255.3 is directly connected, Loopback0
O IA 192.168.255.2 [110/3] via 10.0.0.6, 00:02:31, FastEthernet1/0
O IA 192.168.255.1 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0
192.168.1.0/32 is subnetted, 1 subnets
O IA 192.168.1.1 [110/2] via 10.0.0.6, 00:02:33, FastEthernet1/0
O E2 192.168.2.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0
O E2 192.168.100.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0
S 192.168.3.0/24 [1/0] via 10.0.0.9
O*E2 0.0.0.0/0 [110/1] via 10.0.0.6, 00:02:35, FastEthernet1/0
R4#ping 192.168.2.1 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!
R5#ping 10.0.0.5 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
4) 在R1路由器上配置NAT
R1(config)#int f1/0
R1(config-if)#ip nat inside
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config)#int f2/0
R1(config-if)#ip nat outside
R1(config)#access-list 1 permit any
R1(config)#ip nat inside source list 1 int f2/0 overload
测试内网访问外网的连通性
R5#ping 59.56.61.1 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
R4#ping 59.56.61.1 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!
当然,我们可以禁止192.168.2.0的网段对外网的访问:
R1(config)#no access-list 1
R1(config)#access-list 1 deny 192.168.2.0 0.0.0.255
R1(config)#access-list 1 permit any
R1(config)#ip nat inside source list 1 interface f2/0 overload
R5#ping 59.56.61.1 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.....
R4#ping 59.56.61.1 source 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!! |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-7-17 12:22:25
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡