1.拓撲圖

?

2.基本接口配置

R1:

R1#config t
Enter configuration commands, one per line.? End with CNTL/Z.
R1(config)#int f0/0
R1(config-if)#ip add 202.14.1.1 255.255.255.252
R1(config-if)#no sh


R1(config-if)#int l0
R1(config-if)#ip add 192.168.1.1 255.255.255.0

R2:

R2#config t
R2(config)#int f0/0
R2(config-if)#ip add 202.24.1.1 255.255.255.252
R2(config-if)#no sh

R2(config)#int l0
R2(config-if)#ip add 192.168.2.1 255.255.255.0

R3：

R3(config)#int f0/0
R3(config-if)#ip add 202.34.1.1 255.255.255.0

R3(config)#int l0
R3(config-if)#ip add 192.168.3.1 255.255.255.0

R4:

R4(config)#int e0/0
R4(config-if)#ip add 202.14.1.2 255.255.255.252
R4(config-if)#no sh

R4(config)#int e0/1
R4(config-if)#ip add 202.24.1.2 255.255.255.252

R4(config-if)#int e0/2
R4(config-if)#ip add 202.34.1.2 255.255.255.252

3.路由配置

R1(config)#ip route 0.0.0.0 0.0.0.0 202.14.1.2
R2(config)#ip route 0.0.0.0 0.0.0.0 202.24.1.2
R3(config)#ip route 0.0.0.0 0.0.0.0 202.34.1.2

5.mGRE、NHRP及動態(tài)路由配置

R1:

R1(config)#int tunnel 0
R1(config-if)#ip add 172.16.1.1 255.255.255.0
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#tunnel source f0/0
R1(config-if)#tunnel key 12345

R1(config-if)#ip nhrp network-id 10
R1(config-if)#ip nhrp authentication cisco
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#ip nhrp redirec

R1(config)#int tunnel 0
R1(config-if)#ip ospf cost 255
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.0 0.0.0.255 a 0
R1(config-router)#network 172.16.1.0 0.0.0.255 a 0

備注：為了確保hub節(jié)點為OSPF的DR,，也可以設置hub節(jié)點的高priority值，或在各個spoke節(jié)點tunnel接口設置低優(yōu)先級：ip ospf prio 0。

R2:

R2(config)#int tunn 0
R2(config-if)#ip add 172.16.1.2 255.255.255.0
R2(config-if)#tun mode gre multipoint
R2(config-if)#tunnel source f0/0
R2(config-if)#tunne key 12345

R2(config-if)#ip nhrp network-id 10
R2(config-if)#ip nhrp authentication cisco
R2(config-if)#ip nhrp map 172.16.1.1 202.14.1.1
R2(config-if)#ip nhrp map multicast 202.14.1.1
R2(config-if)#ip nhrp nhs 172.16.1.1
R2(config-if)#ip nhrp shortcut

R2(config)#router ospf 1
R2(config-router)#network 192.16.2.0 0.0.0.255 a 0
R2(config-router)#network 172.16.1.0 0.0.0.255 a 0

R3:

R3(config)#int tunnel 0
R3(config-if)#ip add 192.168.0.3 255.255.255.0
R3(config-if)#tunnel mode gre multipoint
R3(config-if)#tunnel source f 0/0
R3(config-if)#tunnel key 12345

R3(config-if)#ip nhrp network-id 10
R3(config-if)#ip nhrp authentication cisco
R3(config-if)#p nhrp map 172.16.1.1 202.14.1.1
R3(config-if)#ip nhrp map multicast 202.14.1.1
R3(config-if)#ip nhrp nhs 172.16.1.1
R3(config-if)#ip nhrp shortcut

R3(config)#router ospf 1
R3(config-router)#network 192.168.3.0 0.0.0.255 a 0
R3(config-router)#network 172.16.1.0 0.0.0.255 a 0

6.驗證mGRE、NHRP及動態(tài)路由：

A.mGRE
R1#ping 172.16.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/96/120 ms
R1#ping 172.16.1.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/101/164 ms

B.nhrp

R1#show ip nhrp
R1#show ip nhrp
172.16.1.2/32 via 172.16.1.2
?? Tunnel0 created 00:54:41, expire 01:05:18
?? Type: dynamic, Flags: unique registered used
?? NBMA address: 202.24.1.1
172.16.1.3/32 via 172.16.1.3
?? Tunnel0 created 00:39:39, expire 01:20:20
?? Type: dynamic, Flags: unique registered used
?? NBMA address: 202.34.1.1

C.ospf

R1#show ip ospf nei
R1#show ip ospf neighbor

Neighbor ID???? Pri?? State?????????? Dead Time?? Address???????? Interface
192.168.2.1?????? 1?? FULL/DROTHER??? 00:00:35??? 172.16.1.2????? Tunnel0
192.168.3.1?????? 1?? FULL/BDR??????? 00:00:35??? 172.16.1.3????? Tunnel0
R1#



7.配置IPSec ***

R1、R2、R3配置相同

A.配置第一階段策略：
(config)#crypto isakmp policy 10
(config-isakmp)#group 2
(config-isakmp)#ha md
(config-isakmp)#en de
(config-isakmp)#au pr
(config-isakmp)#exit
(config)#crypto isakmp key 0 cisco address 0.0.0.0

B.配置第二階段策略：
(config)#crypto ipsec transform-set transet esp-des esp-md5-hmac
(cfg-crypto-trans)#mode transport

C.配置Ipsec Profile,關(guān)聯(lián)轉(zhuǎn)換集
(config)#crypto ipsec profile myprofile
(ipsec-profile)#set transform-set transet

D.tunnel接口調(diào)用profile:

(config)#int tunnel 0
(config-if)#tunnel protection ipsec profile myprofile

8.測試***

R2#traceroute 192.168.3.1 source 192.168.2.1

Type escape sequence to abort.
Tracing the route to 192.168.3.1

? 1 172.16.1.3 180 msec *? 168 msec

第一跳直接到達R3，說明spoke之間IPSEC流量不需經(jīng)過hub，從nhrp信息可以看出為什么可以節(jié)點直接可以直接建立ipsec。

R1#show ip nhrp
172.16.1.2/32 via 172.16.1.2
?? Tunnel0 created 00:39:39, expire 01:42:19
?? Type: dynamic, Flags: unique registered
?? NBMA address: 202.24.1.1
172.16.1.3/32 via 172.16.1.3
?? Tunnel0 created 00:39:35, expire 01:42:21
?? Type: dynamic, Flags: unique registered
?? NBMA address: 202.34.1.1
R1#

R2#show ip nhrp
172.16.1.1/32 via 172.16.1.1
?? Tunnel0 created 00:39:15, never expire
?? Type: static, Flags: used
?? NBMA address: 202.14.1.1
172.16.1.3/32 via 172.16.1.3
?? Tunnel0 created 00:29:53, expire 01:54:03
?? Type: dynamic, Flags: router implicit
?? NBMA address: 202.34.1.1
192.168.2.0/24 via 172.16.1.2
?? Tunnel0 created 00:05:56, expire 01:54:03
?? Type: dynamic, Flags: router unique local
?? NBMA address: 202.24.1.1
??? (no-socket)
192.168.3.0/24 via 172.16.1.3
?? Tunnel0 created 00:29:50, expire 01:30:09
?? Type: dynamic, Flags: router
?? NBMA address: 202.34.1.1

R3#show ip nhrp
172.16.1.1/32 via 172.16.1.1
?? Tunnel0 created 00:39:45, never expire
?? Type: static, Flags: used
?? NBMA address: 202.14.1.1
172.16.1.2/32 via 172.16.1.2
?? Tunnel0 created 00:30:23, expire 01:29:36
?? Type: dynamic, Flags: router implicit
?? NBMA address: 202.24.1.1
192.168.2.0/24 via 172.16.1.2
?? Tunnel0 created 00:06:30, expire 01:53:29
?? Type: dynamic, Flags: router
?? NBMA address: 202.24.1.1
192.168.3.0/24 via 172.16.1.3
?? Tunnel0 created 00:30:23, expire 01:29:36
?? Type: dynamic, Flags: router unique local
?? NBMA address: 202.34.1.1
??? (no-socket)
?

總結(jié)

以上是生活随笔為你收集整理的DM***+OSPF测试的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。