综合实验DMVPN+EZVPN+Eigrp&OSPF+路由重发布

互联基本配置

!Internet:

conf t

int f0/0

ip add 100.1.1.1 255.255.255.0

no shut

exit

int f1/0

ip add 210.1.1.1 255.255.255.0

no shut

exit

int f1/1

ip add 200.1.1.1 255.255.255.0

no shut

exit

!Beijing-Center:

Route#

conf t

int f0/0

ip add 100.1.1.2 255.255.255.0

ip nat outside

no shut

exit

int f1/0

ip add 10.0.2.5 255.255.255.0

ip nat inside

no shut

exit

int f1/1

ip add 10.1.1.49 255.255.255.252

no shut

exit

ip route 0.0.0.0 0.0.0.0 100.1.1.1

ip route 172.16.0.0 255.255.0.0 10.0.2.6

ip access-list extended internet

10 per ip 172.16.0.0 0.0.255.255 any

exit

Naton-Core#

conf t

int f0/0

ip add 10.0.2.6 255.255.255.0

no shut

exit

ip routing

ip route 0.0.0.0 0.0.0.0 10.0.2.5

exit

vlan data

vlan 10

vlan 20

exit

PC2:

ip 172.16.2.230/24 172.18.2.1

!Shanghai分部:

conf t

int f0/0

ip add 210.1.1.2 255.255.255.0

ip nat outside

no shut

exit

int f1/0

ip add 10.1.2.5 255.255.255.0

ip nat inside

no shut

exit

int f1/1

ip add 10.1.1.50 255.255.255.252

no shut

exit

ip route 0.0.0.0 0.0.0.0 210.1.1.1

ip route 172.18.0.0 255.255.0.0 10.1.2.6

ip nat inside source list internet int f0/0 overload

ip access-list extended internet

10 per ip 172.18.0.0 0.0.255.255 any

exit

Core#

conf t

int f0/0

ip add 10.1.2.6 255.255.255.0

no shut

exit

ip routing

ip route 0.0.0.0 0.0.0.0 10.1.2.5

exit

vlan data

vlan 10

vlan 20

exit

conf t

int vlan 20

ip add 172.18.2.1 255.255.255.0

no shut

exit

int vlan 1

ip add 10.1.2.193 255.255.255.0

exit

int f1/15

switchport mode access

switchport access vlan 20

exit

PC2:

ip 172.18.2.230/24 172.18.2.1

!======BeiJing-center=============EZVPN部分===================================

username cisco password 0 cisco

aaa new-model

!

!

!--- Xauth is configured for local authentication.

aaa authentication login userauthen local

aaa authorization network naton local

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for Easy VPN Clients.

crypto isakmp policy 20

hash md5

authentication pre-share

group 2

exit

!

!--- VPN Client configuration for group "naton"

!--- (this name is configured in the VPN Client).

crypto isakmp client configuration group naton

key naton

dns 1.1.11.10 1.1.11.11

wins 1.1.11.12 1.1.11.13

domain cisco.com

pool natonpool

exit

!--- Profile for VPN Client connections, matches the

!--- "hw-client-group" group and defines the XAuth properties.

crypto isakmp profile VPNclient

match identity group naton

client authentication list userauthen

isakmp authorization list naton

client configuration address respond

exit

!--- Create the Phase 2 policy for actual data encryption.

crypto ipsec transform-set strong esp-3des esp-md5-hmac

mode transport

exit

!

!--- This dynamic crypto map references the ISAKMP

!--- Profile VPN Client above.

!--- Reverse route injection is used to provide the

!--- DMVPN networks access to any Easy VPN Client networks.

crypto dynamic-map dynmap 10

set transform-set strong

set isakmp-profile VPNclient

reverse-route

exit

!

!

!--- Crypto map only references the dynamic crypto map above.

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!

interface FastEthernet0/0

crypto map dynmap

exit

!

ip local pool natonpool 1.1.11.60 1.1.11.80

!=====BeiJing-center============DMVPN部分=============================

!--- Keyring that defines the wildcard pre-shared key.

crypto keyring dmvpnspokes

pre-shared-key address 0.0.0.0 0.0.0.0 key naton123

exit

!

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DMVPN spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

!

!--- Profile for LAN-to-LAN connection, references

!--- the wildcard pre-shared key and a wildcard

!--- identity (this is what is broken in

!--- Cisco bug ID CSCea77140)

!--- and no XAuth.

crypto isakmp profile DMVPN

keyring dmvpnspokes

match identity address 0.0.0.0

exit

!

!

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

set isakmp-profile DMVPN

exit

!

!

!--- Create a GRE tunnel template which is applied to

!--- all the dynamically created GRE tunnels.

router eigrp 10

network 10.0.0.0 0.0.0.255

network 10.0.2.0 0.0.0.7

network 10.0.2.192 0.0.0.63

no auto-summary

redistribute ospf 1 metric 1000 100 255 1 1500

interface Tunnel0

ip address 10.0.0.1 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 300

no ip split-horizon eigrp 10

no ip next-hop-self eigrp 10

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

exit

!

=====ShangHai============DMVPN部分=============================

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DMVPN spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

!

!

crypto isakmp key naton123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

exit

router eigrp 10

network 10.0.0.0 0.0.0.255

network 10.1.2.0 0.0.0.7

network 10.1.2.192 0.0.0.63

no auto-summary

interface Tunnel0

ip address 10.0.0.2 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map 10.0.0.1 100.1.1.2

ip nhrp map multicast 100.1.1.2

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

=====ShenZhen============DMVPN部分=============================

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DMVPN spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

!

!

crypto isakmp key naton123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

exit

router eigrp 10

network 3.3.3.0 0.0.0.255

network 10.0.0.0 0.0.0.255

no auto-summary

interface Tunnel0

ip address 10.0.0.3 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map 10.0.0.1 100.1.1.2

ip nhrp map multicast 100.1.1.2

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

综合实验DMVPN+EZVPN+Eigrp&OSPF+路由重发布

时间: 2024-11-05 04:49:41

综合实验DMVPN+EZVPN+Eigrp&OSPF+路由重发布的相关文章

华为 eNSP 配置 rip OSPF 路由重发布

1:给R1 g0/0/1 Loopback 0  R2 g0/0/1 g0/0/0 Loopback  R3 g0/0/0 配置 area1 2:给R3 g0/0/1 Loopback 0  R4 g0/0/1 配置area0 3: 给R4 g0/0/0 Loopback 0  R5 g0/0/0 Loopback 配置area2 4: 给R6 R1配rip 5: 给R1 R2 R3 R4 R5 配 OSPF R1: sy int g0/0/1 ip add 11.0.0.1 255.255.2

思科 GNS3 配置 rip OSPF 路由重发布

1::给R1 0/1 R2 0/1 0/0 look 0 R3 0/0 配置OSPF 放入aren1 2:给R3 0/0 look 0  R4 0/1 配置OSPF 放入aren0 3: 给R4 0/0 look 0 R5 0/0 look 0 放入 aren 2 4:给R1 0/0 look 0 R6 0/0 look 0 放入version 3 5:给R6 R1 配rip 6:给R1 R2 R3 R4 R5 配OSPF 7:实现互通 R1 conf t int f0/1 ip add 11.

CCNP路由实验之八 路由重发布

CCNP路由实验之八 路由重发布 在前面几个实验,已经学习了静态路由和动态路由.现在,我们要掌握如何使它们在一个网络中融合,即路由重发布.路由重分布可以实现多种路由协议之间共享路由信息并进行路由信息交换,使得同一个互联网络中高效地支持多种路由协议提供了可能.执行路由重分布的路由器被称为边界路由器.因为他们位于两个或多个自治系统的边界上. 路由重分布时,计量单位和管理距离是必须要考虑的因素.每一种路由协议都有自己的度量标准,所以在进行重分布时必须转换度量标准,使得它们兼容.种子度量值(Seed M

路由重发布

1. 配置地址2. 配置ospf路由3. 配置RIP 4. R3上配置静态路由目标网络192.168.6.0 下一跳192.168.4.25. 配置OSPF重发布到RIP 中6. 配置RIP重分布到OSPF中7. 重发布直连路由到RIP 和ospf 中去8. 重发布静态路由到RIP和OSPF中去9. 重发布默认路由到RIP 和OSPF中去 基本配置R1interface FastEthernet0/0ip address 192.168.1.1 255.255.255.0no shutdown!

路由重发布使用和实验

路由重分布可以实现多种路由协议之间共享路由信息并进行路由信息交换,使得同一个互联网络中高效地支持多种路由协议提供了可能.重分发总是向外的,执行重分发的路由器不会修改其路由表.路由必须位于路由表中才能被重分发.优先顺序依次为子网掩码最长匹配. 管理距离distance. 路由度量值metric.1)管理距离是指一种路由协议的路由可信度,在正常情况下,管理距离越小,它的优先级就越高,也就是可信度越高!路由器根据管理距离决定哪一个协议的路由进入路由表2)使用出站接口配置的静态路由AD实际处于0-1之间

OSPF路由重分发

在现实环境中,一个单一的IP路由协议是管理网络中IP路由的首选方案,但是,在企业环境中,网络中是存在多种路由协议的,如果想要这些网络都互连互通,就要至少有一台路由器运行多种路由协议来实现不同网络之间的通信.就需要使用今天介绍的路由重分发,那我们下面简单介绍一下路由重分发及相关的配置.路由重分发通常在那些负责从一个AS学习路由,然后向另一个AS广播的路由器进行配置,简单来说就是将一种路由协议产生的路由条目转换成另一个路由协议.比如:一台路由器既运行OSPF又运行RIP,如果OSPF进程被配置为通告

OSPF路由重分发配置

R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.20.2.R1(config)#ip route 192.168.10.0 255.255.255.0 192.168.20.1R1(config)#router ospf 1R1(config-router)#router-id 1.1.1.1R1(config-router)#net 1.1.1.1 0.0.0.0 area 1R1(config-router)#net 192.168.30.0 0.0.

CCNP路由实验之八 路由重公布

?? 在前面几个实验,已经学习了静态路由和动态路由.如今,我们要掌握怎样使它们在一个网络中融合,即路由重公布.路由重分布能够实现多种路由协议之间共享路由信息并进行路由信息交换.使得同一个互联网络中高效地支持多种路由协议提供了可能.执行路由重分布的路由器被称为边界路由器.由于他们位于两个或多个自治系统的边界上. 路由重分布时.计量单位和管理距离是必须要考虑的因素. 每一种路由协议都有自己的度量标准,所以在进行重分布时必须转换度量标准,使得它们兼容.种子度量值(Seed Metric)是定义在路由重

实验7 路由重分布

一.实验目标 1.理解并掌握路由重分布的基本概念和配置命令:? 2.掌握TCP/IP协议中的静态路由.RIP.OSPF和EIGRP的路由重分布方法. 二.实验介绍 在大型的企业(如跨国公司)的网络中,往往都是同时运行多个路由协议的.为了实现多种路由协议的协同工作,路由器可以使用路由重分发(Route Redistribution)技术(又称路由重分发.路由引入),将一个路由协议的路由信息发布到另外一个路由协议中.路由重分布的前提是两个路由协议必须是在一个网络协议体系结构内,如TCP/IP. 在路