一、实验需求
1.完成下方的企业网络配置
2.完成上方的运营商网络配置
3.企业网络与ISP网络的互联IP地址,如图配置
4.企业网络OSPF多区域设置,如图配置
5.区域10中的PC1/2属于VLAN12,并且将R1作为主网关,R2作为备份网关
6.区域20是专门用于连接web server的区域,所以必须确保该区域的稳定性与安全性,避免受到外部网络以及其他区域的影响,但必须依然确保与外部网络的互通
7.OSPF骨干区域中的R4和R5是出口路由器
8.内部主机与服务器与外部网络互通时,优先选择R5作为主出口;如果通过R5无法访问外部网络 才会将R4作为网络出口
9.在R5上连接AS200的线路,是主链路;如果该链路不可用,才会使用连接AS900的链路
10.企业网络与ISP之间,使用的都是静态路由-默认路由
11.企业内网中的PC2可以访问server1,但是无法访问外部网络
12.PC1可以ping通位于AS200中的server2
13.AS200中的客户端clinet1可以访问企业中区域20的server1
二、拓扑图
三、配置
OSPF---区域10
SW1:
interface GigabitEthernet0/0/1
port link-type access
port default vlan 12
interface GigabitEthernet0/0/2
port link-type access
port default vlan 12
interface GigabitEthernet0/0/3
port link-type access
port default vlan 12
interface GigabitEthernet0/0/4
port link-type access
port default vlan 12
R1:
interface GigabitEthernet0/0/0
ip address 192.168.12.251 255.255.255.0
//网关备份,虚拟网关IP为192.168.12.254,优先级大的为主网关
vrrp vrid 1 virtual-ip 192.168.12.254
vrrp vrid 1 priority 200
interface GigabitEthernet0/0/1
ip address 192.168.13.1 255.255.255.0
ospf 1 router-id 1.1.1.1
area 0.0.0.10
network 0.0.0.0 255.255.255.255
R2:
interface GigabitEthernet0/0/0
ip address 192.168.12.252 255.255.255.0
//网关备份
vrrp vrid 1 virtual-ip 192.168.12.254
interface GigabitEthernet0/0/1
ip address 192.168.23.1 255.255.255.0
ospf 1 router-id 2.2.2.2
area 0.0.0.10
network 0.0.0.0 255.255.255.255
R3:
//高级ACL响应实验需求11
acl number 3000
rule 10 permit ip source 192.168.12.2 0 destination 192.168.20.8 0
rule 1000 deny ip source 192.168.12.2 0
interface GigabitEthernet0/0/0
ip address 192.168.13.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.23.2 255.255.255.0
// traffic-filter绑定acl,隐含permit any(允许所有)的条目
interface GigabitEthernet0/0/2
ip address 192.168.34.1 255.255.255.0
traffic-filter outbound acl 3000
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 192.168.34.1 0.0.0.0
area 0.0.0.10
network 192.168.13.0 0.0.0.255
network 192.168.23.0 0.0.0.255
OSPF---区域10
R6:
interface GigabitEthernet0/0/0
ip address 192.168.56.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.67.1 255.255.255.0
//设置totally stub区域,响应实验需求6
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 192.168.56.0 0.0.0.255
area 0.0.0.20
network 192.168.67.0 0.0.0.255
stub no-summary
R7:
interface GigabitEthernet0/0/0
ip address 192.168.67.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.20.254 255.255.255.0
ospf 1 router-id 7.7.7.7
area 0.0.0.20
network 0.0.0.0 255.255.255.255
stub
OSPF---区域0
R4:
acl number 2000
rule 10 permit source 192.168.12.0 0.0.0.255
rule 20 permit source 192.168.20.0 0.0.0.255
interface GigabitEthernet0/0/0
ip address 192.168.34.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.45.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 200.1.40.1 255.255.255.224
//配置nat server响应实验需求13
nat server protocol tcp global 200.1.40.3 2256 inside 192.168.20.8 www
nat outbound 2000
ospf 1 router-id 4.4.4.4
//ospf中宣告默认路由为5类LSA。因为自己本身有默认路由,不计算ospf宣告的默认路由,所以加上参数permit-calculate-other
default-route-advertise permit-calculate-other
area 0.0.0.0
network 192.168.34.0 0.0.0.255
network 192.168.45.0 0.0.0.255
//配置比ospf默认优先级150大的路由,响应实验需求8进行路由选路径
ip route-static 0.0.0.0 0.0.0.0 200.1.40.2 preference 151
R5:
acl number 2000
rule 10 permit source 192.168.12.0 0.0.0.255
rule 20 permit source 192.168.20.0 0.0.0.255
interface GigabitEthernet0/0/0
ip address 192.168.45.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.56.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 110.1.68.2 255.255.255.248
//配置nat server响应实验需求13
nat server protocol tcp global 110.1.68.3 2256 inside 192.168.20.8 www
nat outbound 2000
interface GigabitEthernet4/0/0
ip address 100.1.59.1 255.255.255.224
//配置nat server响应实验需求13
nat server protocol tcp global 100.1.59.3 2256 inside 192.168.20.8 www
nat outbound 2000
ospf 1 router-id 5.5.5.5
default-route-advertise permit-calculate-other
area 0.0.0.0
network 192.168.45.0 0.0.0.255
network 192.168.56.0 0.0.0.255
//配置浮动路由,响应实验需求9,优先走AS200的链路
ip route-static 0.0.0.0 0.0.0.0 110.1.68.1
ip route-static 0.0.0.0 0.0.0.0 100.1.59.2 preference 100
BGP---AS100
R10:
interface GigabitEthernet0/0/0
ip address 200.1.40.2 255.255.255.224
interface GigabitEthernet0/0/1
ip address 130.1.110.1 255.255.255.252
bgp 100
router-id 10.10.10.10
peer 130.1.110.2 as-number 200
network 200.1.40.0 255.255.255.224
BGP---AS200
R11:
interface GigabitEthernet0/0/0
ip address 130.1.110.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 10.10.13.1 255.255.255.0
interface LoopBack0
ip address 10.10.11.11 255.255.255.0
bgp 200
router-id 11.11.11.11
peer 11.11.13.13 as-number 200
//通过“逻辑接口”建立BGP邻居时,必须得修改BGP报文的源IP地址
peer 11.11.13.13 connect-interface LoopBack0
peer 130.1.110.1 as-number 100
//IBGP路由传递需要更改下一跳地址为自己
peer 11.11.13.13 next-hop-local
#
ospf 1 router-id 11.11.11.11
area 0.0.0.0
network 10.10.11.11 0.0.0.0
network 10.10.13.0 0.0.0.255
R13:
interface GigabitEthernet0/0/0
ip address 10.10.13.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.10.23.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 88.1.1.254 255.255.255.0
interface GigabitEthernet4/0/0
ip address 66.1.1.254 255.255.255.0
interface LoopBack0
ip address 11.11.13.13 255.255.255.0
bgp 200
router-id 13.13.13.13
peer 10.10.11.11 as-number 200
peer 10.10.12.12 as-number 200
peer 10.10.12.12 connect-interface LoopBack0
network 66.1.1.0 255.255.255.0
network 88.1.1.0 255.255.255.0
peer 10.10.11.11 next-hop-local
//为解决IBGP水平分割原则,配置路由反射器
peer 10.10.12.12 reflect-client
peer 10.10.12.12 next-hop-local
ospf 1 router-id 13.13.13.13
area 0.0.0.0
network 10.10.13.0 0.0.0.255
network 10.10.23.0 0.0.0.255
network 11.11.13.13 0.0.0.0
R12:
interface GigabitEthernet0/0/0
ip address 10.10.58.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 120.1.129.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.10.23.2 255.255.255.0
interface LoopBack0
ip address 10.10.12.12 255.255.255.0
bgp 200
router-id 12.12.12.12
peer 10.10.8.8 as-number 200
peer 10.10.8.8 connect-interface LoopBack0
peer 11.11.13.13 as-number 200
peer 120.1.129.2 as-number 900
peer 10.10.8.8 reflect-client
peer 10.10.8.8 next-hop-local
peer 11.11.13.13 reflect-client
peer 11.11.13.13 next-hop-local
ospf 1 router-id 12.12.12.12
area 0.0.0.0
network 10.10.12.12 0.0.0.0
network 10.10.23.0 0.0.0.255
network 10.10.58.0 0.0.0.255
R8:
interface GigabitEthernet0/0/0
ip address 110.1.68.1 255.255.255.248
interface GigabitEthernet0/0/1
ip address 120.1.89.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.10.58.2 255.255.255.0
interface LoopBack0
ip address 10.10.8.8 255.255.255.0
bgp 200
router-id 8.8.8.8
peer 10.10.12.12 as-number 200
peer 120.1.89.2 as-number 900
network 110.1.68.0 255.255.255.248
ospf 1 router-id 8.8.8.8
area 0.0.0.0
network 10.10.8.8 0.0.0.0
network 10.10.58.0 0.0.0.255
BGP---AS900
R9:
interface GigabitEthernet0/0/0
ip address 120.1.89.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 100.1.59.2 255.255.255.224
interface GigabitEthernet0/0/2
ip address 120.1.129.2 255.255.255.0
bgp 900
router-id 9.9.9.9
peer 120.1.89.1 as-number 200
peer 120.1.129.1 as-number 200
network 100.1.59.0 255.255.255.224
四、实验验证