HCIP大实验

一，建立拓扑图

1，目的：实现全网可达

二，在OSPF1区域

1，所有路由器配置IP地址（包含OSPF100区域）

其中一个所示

[isp1]dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              16.1.1.2/24          up         up        
GigabitEthernet0/0/1              18.1.1.2/24          up         up        
GigabitEthernet0/0/2              19.1.1.2/24          up         up        
GigabitEthernet4/0/0              17.1.1.2/24          up         up        
NULL0                             unassigned           up 

2，进行O1的宣告，不能宣告ISP网段

[r3]ospf 1
[r3-ospf-1]area 0	
[r3-ospf-1-area-0.0.0.0]network 12.1.1.3 0.0.0.0

3，在O1区域的R3写缺省去ISP，在O1区域让其它路由拿到缺省，下放缺省，允许所有流量通过，使用NAT技术

[r3]ip route-static 0.0.0.0 0 24.1.1.2
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]default-route-advertise 
[r3]acl 2000
[r3-acl-basic-2000]rule permit source any 
[r3-GigabitEthernet0/0/1]nat outbound 2000

三，OSPF100区域

ISP不能宣告

1，在O100区域进行宣告

[r5]ospf 100 router-id 5.5.5.5

[r5-ospf-100]area 0

[r5-ospf-100-area-0.0.0.0]network 13.1.1.2 0.0.0.0
[r5-ospf-100-area-0.0.0.0]network 14.1.1.1 0.0.0.0

2，创建TUN隧道

[r6]interface Tunnel 0/0/0

[r6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r6-Tunnel0/0/0]source 16.1.1.1

[r6-Tunnel0/0/0]nhrp entry multicast dynamic 

[r6-Tunnel0/0/0]nhrp network-id 100

[r6-Tunnel0/0/0]ip address 10.1.1.1 24

3，宣告隧道，引流

r6]ospf 100 router-id 6.6.6.6

[r6-ospf-100]area 0

[r6-ospf-100-area-0.0.0.0]network 10.1.1.1 0.0.0.0
[r6]ip route-static 17.1.1.0 24 16.1.1.2
[r6]ip route-static 18.1.1.0 24 16.1.1.2

[r6]ip route-static 19.1.1.0 24 16.1.1.2

4，使用OSPF需要开启

[r7-Tunnel0/0/0]ospf network-type broadcast 

四，在R5上

##  1，写缺省
[r5]ip route-static 0.0.0.0 0 13.1.1.1

2，其它路由拿到缺省

[r5]ospf 100 router-id 5.5.5.5

3，下放缺省

[r5-ospf-100]default-route-advertise

4，使用NAT技术转换进入ISP

[r5]acl 2000
[r5-acl-basic-2000]rule permit source any 
[r5-GigabitEthernet0/0/0]nat outbound 2000

5，写隧道,引流,宣告隧道

[r5]interface Tunnel 0/0/0


[r5-Tunnel0/0/0]tunnel-protocol gre 
[r5-Tunnel0/0/0]source 13.1.1.2

[r5-Tunnel0/0/0]description 24.1.1.1

[r5-Tunnel0/0/0]ip address 11.1.1.1 24

[r5]ip route-static 24.1.1.0 24 13.1.1.1

[r5]ospf 100 router-id 5.5.5.5
[r5-ospf-100]area 0

[r5-ospf-100-area-0.0.0.0]network 11.11.11.11 0.0.0.0

五，在R3上和R5是同理的，就不做演示，可以参考R5

六，测试