当前位置:文档之家 › H3C网络学院路由交换第四卷实验指导书

H3C网络学院路由交换第四卷实验指导书

  • 格式:doc
  • 大小:1.09 MB
  • 文档页数:86

下载文档原格式

  / 86

合集下载

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

实验1 配置GRE VPN

实验任务一:GRE VPN基本配置

步骤一:搭建实验环境

在SWA上配置VLAN2,将接口E1/0/2加入VLAN2:

[SWA]vlan 2

[SWA-vlan2]port Ethernet 1/0/2

步骤二:检测公网连通性

查看SWA的路由表和端口状态,确认其工作正常。

[SWA]display ip interface brief

*down: administratively down

(s): spoofing

Interface Physical Protocol IP Address Description Vlan-interface1 up up 1.1.1.2 Vlan-inte...

Vlan-interface2 up up 2.2.2.2 Vlan-inte...

[SWA]display ip routing-table

Routing Tables: Public

Destinations : 6 Routes : 6

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.0/24 Direct 0 0 1.1.1.2 Vlan1

1.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0

2.2.2.0/24 Direct 0 0 2.2.2.2 Vlan2

2.2.2.2/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 也可以使用display interface命令。

在RTA和RTB上配置公网接口互通所需的静态路由。

[RTA]interface GigabitEthernet0/0

[RTA-GigabitEthernet0/0]ip address 192.168.1.1 255.255.255.0

[RTA-GigabitEthernet0/0]interface GigabitEthernet0/1

[RTA-GigabitEthernet0/1]ip address 1.1.1.1 255.255.255.0

[RTA-GigabitEthernet0/1]ip route-static 2.2.2.0 255.255.255.0 1.1.1.2

[RTB]interface GigabitEthernet0/0

[RTB-GigabitEthernet0/0]ip address 192.168.2.1 255.255.255.0

[RTB-GigabitEthernet0/0]interface GigabitEthernet0/1

[RTB-GigabitEthernet0/1]ip address 2.2.2.1 255.255.255.0

[RTB-GigabitEthernet0/1]ip route-static 1.1.1.0 255.255.255.0 2.2.2.2 步骤三:配置GRE隧道接口

[RTA] interface Tunnel0

[RTA-Tunnel0] ip address 192.168.3.1 255.255.255.252

[RTA-Tunnel0] source 1.1.1.1

[RTA-Tunnel0] destination 2.2.2.1

[RTB] interface Tunnel0

[RTB-Tunnel0] ip address 192.168.3.2 255.255.255.252

[RTB-Tunnel0] source 2.2.2.1

[RTB-Tunnel0] destination 1.1.1.1

步骤四:为私网配置静态路由

[RTA] ip route-static 192.168.2.0 255.255.255.0 Tunnel0

[RTB] ip route-static 192.168.1.0 255.255.255.0 Tunnel0

配置时也可以用下一跳地址。

步骤五:检验隧道工作状况

查看RTA与RTB的路由表,可见公网、私网路由均存在于路由表中:

[RTB]display ip routing-table

Routing Tables: Public

Destinations : 10 Routes : 10

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.0/24 Static 60 0

2.2.2.2 GE0/1

2.2.2.0/24 Direct 0 0 2.2.2.1 GE0/1

2.2.2.1/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

192.168.1.0/24 Static 60 0 192.168.3.2 Tun0

192.168.2.0/24 Direct 0 0 192.168.2.1 GE0/0

192.168.2.1/32 Direct 0 0 127.0.0.1 InLoop0

192.168.3.0/30 Direct 0 0 192.168.3.2 Tun0

192.168.3.2/32 Direct 0 0 127.0.0.1 InLoop0 查看RTA和RTB的隧道接口状态,可见其使用GRE封装,状态为UP:[RTB]display interface Tunnel 0

Tunnel0 current state: UP

Line protocol current state: UP

Description: Tunnel0 Interface

The Maximum Transmit Unit is 1476

Internet Address is 192.168.3.2/30 Primary

Encapsulation is TUNNEL, service-loopback-group ID not set.

Tunnel source 2.2.2.1, destination 1.1.1.1

Tunnel keepalive disable

Tunnel protocol/transport GRE/IP

GRE key disabled

Checksumming of GRE packets disabled

Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0

Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0

Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0

Last 300 seconds input: 15 bytes/sec, 0 packets/sec

Last 300 seconds output: 21 bytes/sec, 0 packets/sec

133 packets input, 5701 bytes

0 input error

124 packets output, 7469 bytes

0 output error

在RTA上打开GRE协议调试开关用debugging命令检验路由器实际收发的报文,说明其地址已经改变。

terminal monitor

terminal debugging

debugging gre packet

在PCA上对RTB运行ping命令,但只发送一个ICMP包: