HCIP中级实验

一，实验要求

R4为ISP，其上只能配置IP地址，R4与其它所有直连设备使用共有IP
解决OSPF不规则区域的3种方式必须使用
整个OSPF环境IP地址为172.16.0.0/16进程100使用192.168.1.0/24
所有设备均可访问R4的环回，R14上有二个环回
减少LSA的更新量，加快收敛，保障更新安全
全网可达

二，172.16.0.0/16地址的划分

根据区域可以进行划分：
172.16.0.0/16----------
172.16.0.0/19  area 0
172.16.32.0/19 area 1
172.16.64.0/19 area 2
172.16.96.0/19 area3
172.16.128.0/19 area4
172.16.160.0.19 area5
根据区域划分下辖的主机再次进行IP地址规划

三，搭建拓扑图

四，配置IP地址和环回地址

[r2]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.1.2/24       up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         2.2.2.2/32           up         up(s)     
NULL0                             unassigned           up         up(s)  

五，宣告并配置缺省路由下放，使用NAT技术

[r3]ip route-static 0.0.0.0 0 34.1.1.2 
[r3]ospf 100
[r3-ospf-100]de	
[r3-ospf-100]default-	
[r3-ospf-100]default-route-advertise 
[r3-ospf-100]qu
[r3]acl 2000
[r3-acl-basic-2000]ru	
[r3-acl-basic-2000]rule p	
[r3-acl-basic-2000]rule permit s	
[r3-acl-basic-2000]rule permit source a	
[r3-acl-basic-2000]rule permit source any 
[r3-acl-basic-2000]q
[r3]int g 0/0/1
[r3-GigabitEthernet0/0/1]nat o	
[r3-GigabitEthernet0/0/1]nat outbound 2000

六，R5中心站点配置隧道和静态IP

[r5-Tunnel0/0/0]tunnel-protocol g	
[r5-Tunnel0/0/0]tunnel-protocol gre p	
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r5-Tunnel0/0/0]source 172.16.0.1 
[r5-Tunnel0/0/0]nh	
[r5-Tunnel0/0/0]nhrp n	
[r5-Tunnel0/0/0]nhrp en	
[r5-Tunnel0/0/0]nhrp entry m	
[r5-Tunnel0/0/0]nhrp entry multicast d	
[r5-Tunnel0/0/0]nhrp entry multicast dynamic 
[r5-Tunnel0/0/0]nh	
[r5-Tunnel0/0/0]nhrp n	
[r5-Tunnel0/0/0]nhrp network-id 100
[r5-Tunnel0/0/0]ip add	
[r5-Tunnel0/0/0]ip address 10.1.1.1 24
Dec 31 2022 21:07:34-08:00 r5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[r5-Tunnel0/0/0]q
[r5]ip rou	
[r5]ip route-	
[r5]ip route-static 172.16.8.0 21 172.16.0.2
[r5]ip route-static 172.16.16.0 21 172.16.0.2
[r5]ip route-static 172.16.24.0 21 172.16.0.2

七，R6分支站点的配置和静态IP

[r6]interface Tunnel 0/0/0
[r6-Tunnel0/0/0]t	
[r6-Tunnel0/0/0]tu	
[r6-Tunnel0/0/0]tunnel-protocol g	
[r6-Tunnel0/0/0]tunnel-protocol gre 
[r6-Tunnel0/0/0]tunnel-protocol gre p	
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r6-Tunnel0/0/0]source 172.16.8.1
[r6-Tunnel0/0/0]nh	
[r6-Tunnel0/0/0]nhrp e	
[r6-Tunnel0/0/0]nhrp entry 10.1.1.1 172.16.0.1 re	
[r6-Tunnel0/0/0]nhrp entry 10.1.1.1 172.16.0.1 register 
[r6-Tunnel0/0/0]nh	
[r6-Tunnel0/0/0]nhrp n	
[r6-Tunnel0/0/0]nhrp network-id 100
[r6-Tunnel0/0/0]ip ad	
[r6-Tunnel0/0/0]ip address 10.1.1.2 24
Dec 31 2022 21:11:51-08:00 r6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[r6-Tunnel0/0/0]q
[r6]ip rou	
[r6]ip route-	
[r6]ip route-static 172.16.0.0 21 172.16.8.2
[r6]ip route-static 172.16.16.0 21 172.16.8.2
[r6]ip route-static 172.16.24.0 21 172.16.8.2
[r6]

八，隧道已通

九，所有进行OSPF的宣告

[r5]ospf 110 router-id 5.5.5.5
[r5-ospf-110]area 0
[r5-ospf-110-area-0.0.0.0]net	
[r5-ospf-110-area-0.0.0.0]network 10.1.1.1 0.0.0.0
[r5-ospf-110-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[r5-ospf-110-area-0.0.0.0]q
[r5-ospf-110]q
[r5]int tun	
[r5]int Tunnel 0/0/0
[r5-Tunnel0/0/0]os	
[r5-Tunnel0/0/0]ospf n	
[r5-Tunnel0/0/0]ospf network-type	
[r5-Tunnel0/0/0]ospf network-type b	
[r5-Tunnel0/0/0]ospf network-type broadcast

十，重发布

[r14-ospf-110]import-route ospf 120
[r14-ospf-110]q
[r14]ospf 120
[r14-ospf-120]import-route ospf 110
[r14-ospf-120]

十一，使用VLINK

[r9]ospf 110
[r9-ospf-110]area 2
[r9-ospf-110-area-0.0.0.2]v	
[r9-ospf-110-area-0.0.0.2]vlink-peer 7.7.7.7

十二， R5使用NAT技术并且使用隧道

r5]ip route-static 0.0.0.0 0 45.1.1.1 
[r5]ospf 110
[r5-ospf-110]de	
[r5-ospf-110]default-	
[r5-ospf-110]default-route-advertise 
[r5-ospf-110]q
[r5]acl 2000
[r5-acl-basic-2000]ru	
[r5-acl-basic-2000]rule p	
[r5-acl-basic-2000]rule permit s	
[r5-acl-basic-2000]rule permit source a	
[r5-acl-basic-2000]rule permit source any 
[r5-acl-basic-2000]q
[r5]int g 0/0/0
[r5-GigabitEthernet0/0/0]na	
[r5-GigabitEthernet0/0/0]nat ou	
[r5-GigabitEthernet0/0/0]nat outbound 2000
[r5-GigabitEthernet0/0/0]q
[r5]int 	
[r5]interface tun	
[r5]interface Tunnel 0/0/1
[r5-Tunnel0/0/1]t	
[r5-Tunnel0/0/1]tun	
[r5-Tunnel0/0/1]tunnel-protocol g	
[r5-Tunnel0/0/1]tunnel-protocol gre 
[r5-Tunnel0/0/1]source 45.1.1.2
[r5-Tunnel0/0/1]de	
[r5-Tunnel0/0/1]description 34.1.1.1
[r5-Tunnel0/0/1]1
                ^
Error: Unrecognized command found at '^' position.
[r5-Tunnel0/0/1]q
[r5]ip rou	
[r5]ip route-static 34.1.1.0 24 45.1.1.1
[r5]ping 5.5.5.5
  PING 5.5.5.5: 56  data bytes, press CTRL_C to break
    Reply from 5.5.5.5: bytes=56 Sequence=1 ttl=255 time=1 ms
    Reply from 5.5.5.5: bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from 5.5.5.5: bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from 5.5.5.5: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 5.5.5.5: bytes=56 Sequence=5 ttl=255 time=1 ms

十三，测试

[r5]ping 172.16.104.1
  PING 172.16.104.1: 56  data bytes, press CTRL_C to break
    Reply from 172.16.104.1: bytes=56 Sequence=1 ttl=254 time=60 ms
    Reply from 172.16.104.1: bytes=56 Sequence=2 ttl=254 time=50 ms
    Reply from 172.16.104.1: bytes=56 Sequence=3 ttl=254 time=40 ms
    Reply from 172.16.104.1: bytes=56 Sequence=4 ttl=254 time=40 ms
    Reply from 172.16.104.1: bytes=56 Sequence=5 ttl=254 time=40 ms

  --- 172.16.104.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/46/60 ms