OSPF+BGP综合实验

发布于:2022-11-16 ⋅ 阅读:(683) ⋅ 点赞:(0)

一、实验需求

1.完成下方的企业网络配置
2.完成上方的运营商网络配置
3.企业网络与ISP网络的互联IP地址,如图配置
4.企业网络OSPF多区域设置,如图配置
5.区域10中的PC1/2属于VLAN12,并且将R1作为主网关,R2作为备份网关
6.区域20是专门用于连接web server的区域,所以必须确保该区域的稳定性与安全性,避免受到外部网络以及其他区域的影响,但必须依然确保与外部网络的互通
7.OSPF骨干区域中的R4和R5是出口路由器
8.内部主机与服务器与外部网络互通时,优先选择R5作为主出口;如果通过R5无法访问外部网络  才会将R4作为网络出口
9.在R5上连接AS200的线路,是主链路;如果该链路不可用,才会使用连接AS900的链路
10.企业网络与ISP之间,使用的都是静态路由-默认路由
11.企业内网中的PC2可以访问server1,但是无法访问外部网络
12.PC1可以ping通位于AS200中的server2
13.AS200中的客户端clinet1可以访问企业中区域20的server1

二、拓扑图

 三、配置

OSPF---区域10

SW1:

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 12

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 12

interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 12

interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 12

R1:

interface GigabitEthernet0/0/0
 ip address 192.168.12.251 255.255.255.0 

//网关备份,虚拟网关IP为192.168.12.254,优先级大的为主网关
 vrrp vrid 1 virtual-ip 192.168.12.254
 vrrp vrid 1 priority 200

interface GigabitEthernet0/0/1
 ip address 192.168.13.1 255.255.255.0 


ospf 1 router-id 1.1.1.1 
 area 0.0.0.10 
  network 0.0.0.0 255.255.255.255 
 

R2:

interface GigabitEthernet0/0/0
 ip address 192.168.12.252 255.255.255.0 

//网关备份
 vrrp vrid 1 virtual-ip 192.168.12.254

interface GigabitEthernet0/0/1
 ip address 192.168.23.1 255.255.255.0 

ospf 1 router-id 2.2.2.2 
 area 0.0.0.10 
  network 0.0.0.0 255.255.255.255 
 

R3:

//高级ACL响应实验需求11

acl number 3000  
 rule 10 permit ip source 192.168.12.2 0 destination 192.168.20.8 0 
 rule 1000 deny ip source 192.168.12.2 0 

interface GigabitEthernet0/0/0
 ip address 192.168.13.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 192.168.23.2 255.255.255.0 
// traffic-filter绑定acl,隐含permit any(允许所有)的条目
interface GigabitEthernet0/0/2
 ip address 192.168.34.1 255.255.255.0 
 traffic-filter outbound acl 3000

ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 192.168.34.1 0.0.0.0 
 area 0.0.0.10 
  network 192.168.13.0 0.0.0.255 
  network 192.168.23.0 0.0.0.255 


 

OSPF---区域10

R6:

interface GigabitEthernet0/0/0
 ip address 192.168.56.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 192.168.67.1 255.255.255.0 
//设置totally stub区域,响应实验需求6
ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 192.168.56.0 0.0.0.255 
 area 0.0.0.20 
  network 192.168.67.0 0.0.0.255 
  stub no-summary

R7:

interface GigabitEthernet0/0/0
 ip address 192.168.67.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 192.168.20.254 255.255.255.0 

ospf 1 router-id 7.7.7.7 
 area 0.0.0.20 
  network 0.0.0.0 255.255.255.255 
  stub 
 

OSPF---区域0

R4:

acl number 2000  
 rule 10 permit source 192.168.12.0 0.0.0.255 
 rule 20 permit source 192.168.20.0 0.0.0.255

interface GigabitEthernet0/0/0
 ip address 192.168.34.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 192.168.45.1 255.255.255.0 

interface GigabitEthernet0/0/2
 ip address 200.1.40.1 255.255.255.224 

//配置nat server响应实验需求13
 nat server protocol tcp global 200.1.40.3 2256 inside 192.168.20.8 www
 nat outbound 2000

ospf 1 router-id 4.4.4.4 

//ospf中宣告默认路由为5类LSA。因为自己本身有默认路由,不计算ospf宣告的默认路由,所以加上参数permit-calculate-other
 default-route-advertise permit-calculate-other
 area 0.0.0.0 
  network 192.168.34.0 0.0.0.255 
  network 192.168.45.0 0.0.0.255 
//配置比ospf默认优先级150大的路由,响应实验需求8进行路由选路径
ip route-static 0.0.0.0 0.0.0.0 200.1.40.2 preference 151

R5:

acl number 2000  
 rule 10 permit source 192.168.12.0 0.0.0.255 
 rule 20 permit source 192.168.20.0 0.0.0.255

interface GigabitEthernet0/0/0
 ip address 192.168.45.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 192.168.56.1 255.255.255.0 

interface GigabitEthernet0/0/2
 ip address 110.1.68.2 255.255.255.248 

//配置nat server响应实验需求13
 nat server protocol tcp global 110.1.68.3 2256 inside 192.168.20.8 www
 nat outbound 2000

interface GigabitEthernet4/0/0
 ip address 100.1.59.1 255.255.255.224 

//配置nat server响应实验需求13
 nat server protocol tcp global 100.1.59.3 2256 inside 192.168.20.8 www
 nat outbound 2000

ospf 1 router-id 5.5.5.5 
 default-route-advertise permit-calculate-other
 area 0.0.0.0 
  network 192.168.45.0 0.0.0.255 
  network 192.168.56.0 0.0.0.255 
//配置浮动路由,响应实验需求9,优先走AS200的链路
ip route-static 0.0.0.0 0.0.0.0 110.1.68.1
ip route-static 0.0.0.0 0.0.0.0 100.1.59.2 preference 100
 

BGP---AS100

R10:

interface GigabitEthernet0/0/0
 ip address 200.1.40.2 255.255.255.224 

interface GigabitEthernet0/0/1
 ip address 130.1.110.1 255.255.255.252 

bgp 100
 router-id 10.10.10.10
 peer 130.1.110.2 as-number 200 
 network 200.1.40.0 255.255.255.224 
  
BGP---AS200

R11:

interface GigabitEthernet0/0/0
 ip address 130.1.110.2 255.255.255.252 

interface GigabitEthernet0/0/1
 ip address 10.10.13.1 255.255.255.0 

interface LoopBack0
 ip address 10.10.11.11 255.255.255.0 

bgp 200
 router-id 11.11.11.11
 peer 11.11.13.13 as-number 200 

//通过“逻辑接口”建立BGP邻居时,必须得修改BGP报文的源IP地址
 peer 11.11.13.13 connect-interface LoopBack0
 peer 130.1.110.1 as-number 100 

//IBGP路由传递需要更改下一跳地址为自己
 peer 11.11.13.13 next-hop-local 
#
ospf 1 router-id 11.11.11.11 
 area 0.0.0.0 
  network 10.10.11.11 0.0.0.0 
  network 10.10.13.0 0.0.0.255 
 

R13:

interface GigabitEthernet0/0/0
 ip address 10.10.13.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 10.10.23.1 255.255.255.0 

interface GigabitEthernet0/0/2
 ip address 88.1.1.254 255.255.255.0 

interface GigabitEthernet4/0/0
 ip address 66.1.1.254 255.255.255.0 

interface LoopBack0
 ip address 11.11.13.13 255.255.255.0 

bgp 200
 router-id 13.13.13.13
 peer 10.10.11.11 as-number 200 
 peer 10.10.12.12 as-number 200 
 peer 10.10.12.12 connect-interface LoopBack0
  network 66.1.1.0 255.255.255.0 
  network 88.1.1.0 255.255.255.0 
  peer 10.10.11.11 next-hop-local 

//为解决IBGP水平分割原则,配置路由反射器
  peer 10.10.12.12 reflect-client
  peer 10.10.12.12 next-hop-local 

ospf 1 router-id 13.13.13.13 
 area 0.0.0.0 
  network 10.10.13.0 0.0.0.255 
  network 10.10.23.0 0.0.0.255 
  network 11.11.13.13 0.0.0.0 
 

R12:

interface GigabitEthernet0/0/0
 ip address 10.10.58.1 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 120.1.129.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.10.23.2 255.255.255.0 

interface LoopBack0
 ip address 10.10.12.12 255.255.255.0 

bgp 200
 router-id 12.12.12.12
 peer 10.10.8.8 as-number 200 
 peer 10.10.8.8 connect-interface LoopBack0
 peer 11.11.13.13 as-number 200 
 peer 120.1.129.2 as-number 900 
  peer 10.10.8.8 reflect-client
  peer 10.10.8.8 next-hop-local 
  peer 11.11.13.13 reflect-client
  peer 11.11.13.13 next-hop-local 

ospf 1 router-id 12.12.12.12 
 area 0.0.0.0 
  network 10.10.12.12 0.0.0.0 
  network 10.10.23.0 0.0.0.255 
  network 10.10.58.0 0.0.0.255 
 

R8:

interface GigabitEthernet0/0/0
 ip address 110.1.68.1 255.255.255.248 

interface GigabitEthernet0/0/1
 ip address 120.1.89.1 255.255.255.0 

interface GigabitEthernet0/0/2
 ip address 10.10.58.2 255.255.255.0 

interface LoopBack0
 ip address 10.10.8.8 255.255.255.0 

bgp 200
 router-id 8.8.8.8
 peer 10.10.12.12 as-number 200 
 peer 120.1.89.2 as-number 900 
  network 110.1.68.0 255.255.255.248 

ospf 1 router-id 8.8.8.8 
 area 0.0.0.0 
  network 10.10.8.8 0.0.0.0 
  network 10.10.58.0 0.0.0.255 
 

BGP---AS900

R9:

interface GigabitEthernet0/0/0
 ip address 120.1.89.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 100.1.59.2 255.255.255.224 

interface GigabitEthernet0/0/2
 ip address 120.1.129.2 255.255.255.0 

bgp 900
 router-id 9.9.9.9
 peer 120.1.89.1 as-number 200 
 peer 120.1.129.1 as-number 200 
  network 100.1.59.0 255.255.255.224 
 

四、实验验证

本文含有隐藏内容,请 开通VIP 后查看

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布