一:实验拓扑
二:实验需求
(一)主网络:
1、R1、R2运行eigrp,不可以network 10.1.1.0,10.2.2.0
2、R
3、R
4、R5运行多区域OSPF,不可以network 20.2.2.2
3、R1~R5运行BGP,使20.1.1.1可以访问10.1.1.1,10.2.2.2
4、R4上配置nat,使20.2.2.2可以访问10.1.1.1,10.2.2.2
(二)优化:
1、ospf的area 1为完全stub,并过滤不必要的路由,如3.3.3.0,34.34.34.0等
2、对BGP路由10.1.1.1,10.2.2.2做汇总,只发布主类路由
(三)安全:
1、R1、R2之间用MD5验证,密钥cisco
2、R
3、R4之间用MD5验证,密钥cisco
3、在AS100中用rip协议做eigrp备份
(四)路径需求:
1、20.1.1.1访问10.0.0.0时,数据包走向为:R5-R4-R3-R2-R1,当R3与R4之间链路出现问题时,数据包走向改为:R5-R4-R2-R1,来回路径必须一致
2、20.2.2.2访问10.0.0.0时,数据包走向为:R5-R4-R2-R1,当R2与R4之间链路出现问题时,数据包走向改为R5-R4-R3-R2-R1,来回路径必须一致
(五)特殊需求:
1、R3、R5之间不可以建立任何BGP邻居
2、所有BGP邻居必须用loopback 0建立
三:基本配置
R1#show run
Building configuration...
Current configuration : 1555 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
key chain cisco
key 1
key-string cisco
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
!
interface Loopback2
ip address 10.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 21.21.21.1 255.255.255.0 secondary ip address 12.12.12.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 cisco duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
router eigrp 1
network 1.0.0.0
network 12.12.12.0 0.0.0.255
no auto-summary
!
router rip
version 2
network 1.0.0.0
network 21.0.0.0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 10.1.1.0 mask 255.255.255.0
network 10.2.2.0 mask 255.255.255.0
aggregate-address 10.0.0.0 255.0.0.0 summary-only neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
webvpn cef
!
end
R2#show run
Building configuration...
Current configuration : 2377 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
key chain cisco
key-string cisco
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 21.21.21.2 255.255.255.0 secondary ip address 12.12.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 23.23.23.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 24.24.24.2 255.255.255.0 serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router eigrp 1
passive-interface Serial1/0 passive-interface Serial1/1 network 2.0.0.0
network 12.12.12.0 0.0.0.255 network 23.23.23.0 0.0.0.255 network 24.24.24.0 0.0.0.255
no auto-summary
!
version 2
passive-interface Serial1/0
passive-interface Serial1/1
network 2.0.0.0
network 21.0.0.0
network 23.0.0.0
network 24.0.0.0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 next-hop-self
neighbor 3.3.3.3 remote-as 200 neighbor 3.3.3.3 ebgp-multihop 255 neighbor 3.3.3.3 update-source Loopback0 neighbor 4.4.4.4 remote-as 200 neighbor 4.4.4.4 ebgp-multihop 255 neighbor 4.4.4.4 update-source Loopback0 no auto-summary
!
ip route 3.3.3.0 255.255.255.0 23.23.23.3 ip route 4.4.4.0 255.255.255.0 24.24.24.4 no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
webvpn cef
!
end
R3#show run
Building configuration...
Current configuration : 1997 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 34.34.34.3 255.255.255.0
ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 23.23.23.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 3.3.3.0 0.0.0.255 area 0 network 34.34.34.0 0.0.0.255 area 0 !
router bgp 200
no synchronization
bgp log-neighbor-changes
network 34.34.34.0 mask 255.255.255.0 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 ebgp-multihop 255 neighbor 2.2.2.2 update-source Loopback0 neighbor 4.4.4.4 remote-as 200 neighbor 4.4.4.4 update-source Loopback0 neighbor 4.4.4.4 next-hop-self
no auto-summary
!
ip route 2.2.2.0 255.255.255.0 23.23.23.2 no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
webvpn cef
!
end
R4#show run
Building configuration...
Current configuration : 3835 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
track 101 rtr 1 reachability
!
track 102 rtr 2 reachability
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Tunnel0
ip address 54.54.54.4 255.255.255.0 tunnel source 45.45.45.4
tunnel destination 45.45.45.5
!
interface FastEthernet0/0
ip address 34.34.34.4 255.255.255.0
ip nat outside
ip virtual-reassembly
ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco duplex auto
speed auto
!
interface FastEthernet0/1
ip address 45.45.45.4 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map pbr
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 24.24.24.4 255.255.255.0 ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
area 1 stub no-summary
network 4.4.4.0 0.0.0.255 area 0 network 34.34.34.0 0.0.0.255 area 0 network 45.45.45.0 0.0.0.255 area 1
network 54.54.54.0 0.0.0.255 area 2
!
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 3.3.3.3 remote-as 200
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-reflector-client
neighbor 5.5.5.5 next-hop-self
no auto-summary
!
ip route 2.2.2.0 255.255.255.0 24.24.24.2
no ip http server
no ip http secure-server
!
!
ip nat pool pool1 24.24.24.10 24.24.24.20 netmask 255.255.255.0 ip nat pool pool2 34.34.34.10 34.34.34.20 netmask 255.255.255.0 ip nat inside source route-map nat1 pool pool1
ip nat inside source route-map nat2 pool pool2
!
ip access-list extended nat
permit ip 20.2.2.0 0.0.0.255 any
ip access-list extended pbr1
permit ip 20.2.2.0 0.0.0.255 any
ip access-list extended pbr2
permit ip 20.1.1.0 0.0.0.255 any
ip access-list extended weight
permit ip 10.0.0.0 0.255.255.255 any
!
ip sla 1
icmp-echo 24.24.24.2 source-ip 24.24.24.4
timeout 10000
threshold 2
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 34.34.34.3 source-ip 34.34.34.4
timeout 10000
threshold 2
frequency 10
ip sla schedule 2 life forever start-time now
logging alarm informational
!
!
!
route-map nat2 permit 10
match ip address nat
match interface FastEthernet0/0
!
route-map nat1 permit 10
match ip address nat
match interface Serial1/1
!
route-map pbr permit 10
match ip address pbr1
set ip next-hop verify-availability 24.24.24.2 10 track 101 set ip next-hop 34.34.34.3
!
route-map pbr permit 20
match ip address pbr2
set ip next-hop verify-availability 34.34.34.3 20 track 102 set ip next-hop 24.24.24.2
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
webvpn cef
!
end
R5#show run
Building configuration...
Current configuration : 1690 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Loopback1
ip address 20.1.1.1 255.255.255.0 !
interface Loopback2
ip address 20.2.2.2 255.255.255.0 !
interface Tunnel0
ip address 54.54.54.5 255.255.255.0 tunnel source 45.45.45.5
tunnel destination 45.45.45.4
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 45.45.45.5 255.255.255.0 duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
area 1 stub
network 5.5.5.0 0.0.0.255 area 1
network 20.2.2.0 0.0.0.255 area 2
network 45.45.45.0 0.0.0.255 area 1 network 54.54.54.0 0.0.0.255 area 2 distribute-list 10 in Tunnel0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 20.1.1.0 mask 255.255.255.0 neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 update-source Loopback0 no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
access-list 10 deny 3.3.3.0 0.0.0.255 access-list 10 deny 34.34.34.0 0.0.0.255 access-list 10 deny 10.0.0.0 0.255.255.255 access-list 10 deny 4.4.4.0 0.0.0.255 access-list 10 permit any
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!