Cisco路由器之×××配置
 
 
一、拓扑图如下:
 
 
 
拓扑讲解:R1R3分别为上海分公司和深圳分公司,两个地方需要进行文件传输和共享,因此在路由上需要做配置,R2充当ISP或广域网设备。
 
二、IP配置:
 
1、IP地址配置完整,并保证三台路由的连通性
R1
r1(config)#in e0/0
r1(config-if)#ip ad 201.0.0.2 255.255.255.0
r1(config-if)#no shutdown
r1(config-if)#in lo0
r1(config-if)#ip ad 192.168.1.1 255.255.255.0
r1(config-if)#no shu
r1(config-if)#in lo1
r1(config-if)#ip ad 192.168.2.1 255.255.255.0
r1(config-if)#no shutdown
R2
r2(config)#in e0/0
r2(config-if)#ip ad 201.0.0.1 255.255.255.0
r2(config-if)#no shutdown
r2(config-if)#in e0/1
r2(config-if)#ip ad 202.0.0.1 255.255.255.0
r2(config-if)#no shutdown
 
R3:
r3(config)#in e0/0
r3(config-if)#ip ad 202.0.0.2 255.255.255.0
r3(config-if)#no shutdown
r3(config-if)#in lo0
r3(config-if)#ip ad 192.168.3.1 255.255.255.0
r3(config-if)#in lo1
r3(config-if)#ip ad 192.168.4.1 255.255.255.0
r3(config-if)#no shutdown
r3(config-if)#end
 
2、设置缺省路由:
R1: r1(config)#ip route 0.0.0.0 0.0.0.0 e0/0
R3r3(config)#ip route 0.0.0.0 0.0.0.0 e0/0
3、测试连通性
r1#ping 202.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/95/164 ms
 
三、×××配置:
R1
1IKE
r1#conf t
r1(config)#crypto isakmp enable
r1(config)#crypto isakmp policy 10
r1(config-isakmp)#authentication pre-share
r1(config-isakmp)#encryption des
r1(config-isakmp)#hash md5
r1(config-isakmp)#end
r1#conf t
r1(config)#
r1(config)#crypto isakmp key 0 qqq```111 add 202.0.0.2
2IPSEC
r1(config)#crypto ipsec transform-set *** esp-des esp-md5-hmac
r1(cfg-crypto-trans)#end
r1#conf t
r1(config)#crypto ipsec profile site2site
r1(ipsec-profile)#set transform-set ***
3tunnel
r1#conf t
r1(config)#in tunnel 0
r1(config-if)#ip ad 1.1.1.1 255.255.255.0
r1(config-if)#tunnel source e0/0
r1(config-if)#tunnel destination 202.0.0.2
r1(config-if)#tunnel protection ipsec profile site2site
 
R3:
r3(config)#crypto isakmp enable
r3(config)#crypto isakmp policy 10
r3(config-isakmp)#authentication pre-share
r3(config-isakmp)#encryption des
r3(config-isakmp)#hash md5
r3(config-isakmp)#exit
r3(config)#crypto isakmp key 0 qqq```111 add 201.0.0.2
r3(config)#crypto ipsec transform-set *** esp-des esp-md5-hmac
r3(cfg-crypto-trans)#exit
r3(config)#cry
r3(config)#crypto ipsec profile site2site
r3(ipsec-profile)#set transform-set ***
r3(ipsec-profile)#exit
r3(config)#in tunnel 0
r3(config-if)#ip ad 1.1.1.2 255.255.255.0 
r3(config-if)#tunnel source e0/0
r3(config-if)#tunnel destination 201.0.0.2
r3(config-if)#tunnel protection ipsec profile site2site
 
设置OSPF
R3:
r1(config)#router ospf 100
r1(config-router)#net 192.168.1.0 0.0.0.255 a 0
r1(config-router)#net 192.168.2.0 0.0.0.255 a 0
r1(config-router)#net 1.1.1.0 0.0.0.255 a 0
R2
r3(config-router)#net 192.168.3.0 0.0.0.255 a 0
r3(config-router)#net 192.168.4.0 0.0.0.255 a 0
r3(config-router)#net 1.1.1.0 0.0.0.255 a 0
 
 
四、查看OSPF路由表:
r1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Tunnel0
C    201.0.0.0/24 is directly connected, Ethernet0/0
     192.168.4.0/32 is subnetted, 1 subnets
O       192.168.4.1 [110/11112] via 1.1.1.2, 00:01:07, Tunnel0
C    192.168.1.0/24 is directly connected, Loopback0
C    192.168.2.0/24 is directly connected, Loopback1
     192.168.3.0/32 is subnetted, 1 subnets
O       192.168.3.1 [110/11112] via 1.1.1.2, 00:01:07, Tunnel0
S*   0.0.0.0/0 is directly connected, Ethernet0/0
 
五、测试连通性:
 
r1#ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 172/206/276 ms
r1#ping 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 168/200/252 ms