實驗目的是通過GRE技術在兩個site 點建立隧道(tunnel)並且在tunnel上運行動態路由器(OSPF)以彼此學習對方的內網。實現穿透internet 兩個分公司互訪,下圖分別模擬公司一(Site1),internet,公司二(Site2)。分別以loopback 0 模擬公司內網網段。
公司一(site 1)路由器的E0/0接口連接 internet 路由器的E0/0 接口,internet路由器的E0/1接口連接公司二(site2)路由器E0/0接口。Site 1 與site 2 內網互訪即:1.1.1.0/24與2.2.2.0/24互訪。1.1.1.1/24 模擬site 1 PC 的ip,2.2.2.2/24模擬site 2 PC的ip。
基本配置:
Site 1 基本配置:
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
description to internet_router
ip address 202.100.1.1 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/0 202.100.1.10
site 2 基本配置
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Ethernet0/0
description to internet_router
ip address 202.100.2.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 202.100.2.10
internet 基本配置
hostname Internet
!
interface Ethernet0/0
description to site1_router
ip address 202.100.1.10 255.255.255.0
!
interface Ethernet0/1
description to site2_router
ip address 202.100.2.10 255.255.255.0
GRE 基本配置與OSPF配置
基本配置已經配置完成,現在配置site 1 到site 2 的隧道(tunnel)把兩個點虛擬的互連起來。設定tunnel的網段爲123.1.1.0/24 ,site 1 爲123.1.1.1/24,site 2爲123.1.1.2.24。在這個GRE tunnel上配置OSPF ,把內部網絡宣佈在ospf上。
site 1 GRE 配置與OSPF配置
Site1#configure terminal
Site1(config)#int tunnel 0
Site1(config-if)#ip add 123.1.1.1 255.255.255.0
Site1(config-if)#tunnel source 202.100.1.1
Site1(config-if)#tunnel destination 202.100.2.1
Site1(config-if)#exit
Site1(config)#router ospf 1
Site1(config-router)#log-adjacency-changes
Site1(config-router)#network 1.1.1.0 0.0.0.255 area 0
Site1(config-router)#network 123.1.1.0 0.0.0.255 area 0
Site 2 GRE配置與ospf 配置
site2#configure terminal
site2(config)#int tunnel 0
site2(config-if)#ip add 123.1.1.2 255.255.255.0
site2(config-if)#tunnel source 202.100.2.1
site2(config-if)#tunnel destination 202.100.1.1
site2(config-if)#exi
site2(config)#router ospf 1
site2(config-router)#log-adjacency-changes
site2(config-router)#network 2.2.2.0 0.0.0.255 a
site2(config-router)#network 2.2.2.0 0.0.0.255 area 0
site2(config-router)#network 123.1.1.0 0.0.0.255 area 0
檢查狀態與測試
1.在site 1 路由器上查看能否通過ospf 學習到2.2.2.2/24 路由,並且下一條是123.1.1.2
Site1#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 202.100.1.10 to network 0.0.0.0
2.0.0.0/32 is subnetted, 1 subnets
O2.2.2.2 [110/1001] via 123.1.1.2, 00:02:25, Tunnel0
2.在site 1 路由器用loopback 0 地址1.1.1.1ping site 2 路由器上的loopback 0 地址2.2.2.2
Site1#ping 2.2.2.2 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms