当前位置: 代码迷 >> 综合 >> mgre,eigrp,tunnel综合实验
  详细解决方案

mgre,eigrp,tunnel综合实验

热度:88   发布时间:2023-12-29 01:41:24.0

*一:实验拓扑(IP地址自己规划,)及实验要求:

在这里插入图片描述

二:实验思路

配置IP–广域网通(缺省)–tunnel通—eigrp–MGRE–发布–NAT—telnet(R1telnetR2实际登陆到R6 会发现登陆不上,思考一下原因 )

三:实验配置

R1:
hostname r1
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface Tunnel0 建立tunnel口
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic ip nhrp map multicast(支持组播及广播) dynamic (客户端地址采用动态解析)
ip nhrp network-id 100(指定网络ID相同ID在同一广播域,要求所有站点ID相同,指定网络域multicast 让本设备在目标地址为组播或广播时,将流量基于表中所有的目标单独发送一次;)
no ip split-horizon eigrp 100 注:若在MGRE中运行EIGRP协议,若邻居关系不是全部建立,那么可能由于水平分割导致无法正常共享路由条目;
距离矢量类路由协议必须关闭水平分割(因为是点到多点接口)
若没有此命令,此时R1只是有R2/R3的邻居,但是R2和R3不能成为邻居(水平分割)
tunnel source Serial4/1 指定公网的外出接口作为隧道源地址
tunnel mode gre multipoint 指定隧道的类型为多点GRE
!
interface Serial4/0
ip address 192.168.2.2 255.255.255.0
ip nat inside (nat入口)
ip virtual-reassembly
serial restart-delay 0
!
interface Serial4/1
ip address 17.1.1.1 255.255.255.0
ip nat outside (nat出口)
ip virtual-reassembly
router eigrp 100 (启动时需要定义AS号,理解为全网一致的进程号)
redistribute static (重发布静态缺省到EIGRP)
network 10.0.0.0
network 192.168.2.0
network 192.168.3.0
no auto-summary! (DV协议建议关闭自动汇总)
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 17.1.1.2 (缺省指向ISP/公网)
no ip http server
no ip http secure-server
!
!
ip nat inside source list 2 interface Serial4/1 overload (nat多对一 pat端口复用 直接与连接ISP的出接口进行关联)
ip nat inside source static tcp 192.168.11.1 23 192.168.4.1 23 extendable (映射)
!
access-list 2 permit 192.168.0.0 0.0.3.255 (标准编号ACL 仅匹配源IP地址)
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login

R2
!
interface Loopback0
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface Tunnel0
ip address 10.1.1.2 255.255.255.0
no ip redirects
ip nhrp map 10.1.1.1 17.1.1.1(映射tunnel的公网地址 创建一个逻辑IP地址和NBMA地址的静态绑定)
ip nhrp map multicast 17.1.1.1 关于动态路由协议在多点GRE NBMA模式下配置,使得多点GRE接口能够向中心站点发送组播和广播包
若希望分支节点可以以组播或广播地址为目标ip,那么需要定义流量的具体目标
若没有此命令R1没有R2和R3的邻居 ,而R2和R3都有R1的邻居

ip nhrp network-id 100
ip nhrp nhs 10.1.1.1 (指定NHRP服务器地址,通常为中心站点tunnel接口地址)
tunnel source Serial4/2
tunnel mode gre multipoint
interface Serial4/2
ip address 27.1.1.1 255.255.255.0
ip nat outsid
router eigrp 100
network 10.0.0.0
network 192.168.4.0
no auto-summary

ip route 0.0.0.0 0.0.0.0 27.1.1.2
!
ip nat inside source list 3 interface Serial4/2 overload
ip nat inside source static tcp 192.168.11.1 23 192.168.4.1 23 extendable
!
access-list 3 permit 192.168.4.0 0.0.0.255
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login

R3:
interface Loopback0
ip address 192.168.5.1 255.255.255.0
!
interface Tunnel0
ip address 10.1.1.3 255.255.255.0
no ip redirects
ip nhrp map 10.1.1.1 17.1.1.1
ip nhrp map multicast 17.1.1.1
ip nhrp network-id 100
ip nhrp nhs 10.1.1.1
tunnel source Serial4/3
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 192.168.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.12.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

interface Serial4/3
ip address 37.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
router eigrp 100
redistribute static
network 10.0.0.0
network 192.168.5.0
network 192.168.6.0
network 192.168.12.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 37.1.1.2
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Serial4/3 overload
!
access-list 1 permit 192.168.0.0 0.0.15.255

R4:
interface Loopback0
ip address 192.168.7.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.6.2 255.255.255.0
duplex auto
speed auto

interface Serial4/1
ip address 192.168.8.1 255.255.255.0
serial restart-delay 0
!
!
router eigrp 100
network 192.168.6.0
network 192.168.7.0
network 192.168.8.0
auto-summary
R5:
interface Loopback0
ip address 192.168.9.1 255.255.255.0

interface Serial4/0
ip address 192.168.10.1 255.255.255.0
delay 2000
serial restart-delay 0
!
interface Serial4/1
bandwidth 800
ip address 192.168.8.2 255.255.255.0
delay 2000
serial restart-delay 0
!
router eigrp 100
variance 2
network 192.168.8.0
network 192.168.9.0
network 192.168.10.0
no auto-summary

ege level 15
logging synchronous
stopbits 1
line vty 0 4
login local
!
end

R6:

username ccnp privilege 15 secret 5 111qJaP$ilY2MWyHHpSl6MSj3M50R0 (设置用户名密码, 此时privilege 15为最高特权级别)

interface Loopback0
ip address 192.168.11.1 255.255.255.0

interface FastEthernet0/1
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto

router eigrp 100
redistribute static
network 192.168.10.0
network 192.168.11.0
network 192.168.12.0
no auto-summary

ip nat inside source static tcp 192.168.11.1 23 192.168.4.1 23 extendable
!

line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login local (本地登陆 login local使用本地数据库使用配上用户名和密码)
!
end
R7:

interface Loopback0
ip address 7.7.7.7 255.255.255.0
!
interface Serial4/1
ip address 17.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial4/2
ip address 27.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial4/3
ip address 37.1.1.2 255.255.255.0
serial restart-delay 0
!

R8:
interface Loopback0
ip address 192.168.1.1 255.255.255.0

interface Serial4/0
ip address 192.168.2.1 255.255.255.0
serial restart-delay 0
!

router eigrp 100
network 192.168.1.0
network 192.168.2.0
no auto-summary

四:测试

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述