预备知识:
通用路由封装(GenericRoutingEncapsulation,简称GRE)隧道 按照通过IPv4网络传输数据的定义,GRE通过将需要传输的数据包封装在GRE数据包内,从而使一个网络协议能够通过另一个网络协议进行传输。GRE是通过隧道传输IPv6业务负载的一个理想机制。 实验说明:
路由器ISP模拟运营商,分部R1要和总部R2通信,但是不想让Internet上的路由器学到其内网网络,所以在R1和R2之间做条隧道,总部和分部之间启用EIGRP路由协议。 实验过程:
第一步:配置R1,ISP,R2的接口地址 R1>en R1#conf t
Enter configuration commands, one per line. End with CNTL/Z. R1(config)#no ip domai loo R1(config)#line con 0 R1(config-line)#no exec-t R1(config-line)#lo
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to downgg syn
R1(config-line)#exi R1(config)#int s 1/1
R1(config-if)#ip add 131.1.1.1 255.255.255.252 R1(config-if)#no sh R1(config-if)#int loo 0
R1(config-if)#ip add 192.168.0.1 255.255.255.0 R1(config-if)#end R1#sh ip i
00:01:57: %SYS-5-CONFIG_I: Configured from console by console R1#sh ip int b
Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down
Serial1/0 unassigned YES unset administratively down down
Serial1/1 131.1.1.1 YES manual up down Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Serial2/0 unassigned YES unset administratively down down
Serial2/1 unassigned YES unset administratively down down
Serial2/2 unassigned YES unset administratively down down
Serial2/3 unassigned YES unset administratively down down
Loopback0 192.168.0.1 YES manual up up R1# ISP>en ISP#conf t
Enter configuration commands, one per line. End with CNTL/Z. ISP(config)#no ip domain loo ISP(config)#line con 0 ISP(config-line)#no exec-t ISP(config-line)#logg syn ISP(config-line)#exi ISP(config)#int s 1/0
ISP(config-if)#ip add 131.1.1.2 255.255.255.252 ISP(config-if)#no sh ISP(config-if)#int s 1/1 ISP(config-if)#i
00:02:55: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up 00:02:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
ISP(config-if)#ip add 131.1.1.5 255.255.255.252 ISP(config-if)#no sh ISP(config-if)#end ISP#sh ip in
00:03:09: %SYS-5-CONFIG_I: Configured from console by console ISP#sh ip int b
Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down
Serial1/0 131.1.1.2 YES manual up up Serial1/1 131.1.1.5 YES manual up up Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Serial2/0 unassigned YES unset administratively down down
Serial2/1 unassigned YES unset administratively down down
Serial2/2 unassigned YES unset administratively down down
Serial2/3 unassigned YES unset administratively down down ISP# R2>en R2#conf t
Enter configuration commands, one per line. End with CNTL/Z. R2(config)#no ip doma loo R2(config)#line con 0 R2(config-line)#no exec-t R2(config-line)#logg syn R2(config-line)#exi R2(config)#int s 1/0
R2(config-if)#ip add 131.1.1.6 255.255.255.252 R2(config-if)#no sh R2(config-if)#int loo 0 R2(config-if)#ip add
00:04:14: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up R2(config-if)#ip add
00:04:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R2(config-if)#ip add 192.168.1.1 255.255.255.0 R2(config-if)#end R2#sh ip int
00:04:24: %SYS-5-CONFIG_I: Configured from console by consoleb R2#sh ip int b
Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down
Serial1/0 131.1.1.6 YES manual up up Serial1/1 unassigned YES unset administratively down
down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Serial2/0 unassigned YES unset administratively down down
Serial2/1 unassigned YES unset administratively down down
Serial2/2 unassigned YES unset administratively down down
Serial2/3 unassigned YES unset administratively down down
Loopback0 192.168.1.1 YES manual up up R2#
第二步:测试直连连通性 ISP#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID R2 Ser 1/1 155 R 7206VXR Ser 1/0 R1 Ser 1/0 153 R 7206VXR Ser 1/1 ISP#
//邻居建立直连连通性正常 第三步:配置GRE隧道 R1#conf t
Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip route 0.0.0.0 0.0.0.0 s 1/1 //默认路由出接口应该指向物理接口 R1(config)#int tu
R1(config)#int tunnel 0 R1(config-if)#ip add
00:07:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R1(config-if)#ip add 172.16.0.1 255.255.255.0 R1(config-if)#tu
R1(config-if)#tunnel sour s 1/1 R1(config-if)#tun R1(config-if)#tunnel des
R1(config-if)#tunnel destination 131.1.1.6 R1(config-if)#no sh R1(config-if)#
00:08:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R1(config-if)#end R1#sh run int tunnel 0 Building configuration...
Current configuration : 117 bytes !
interface Tunnel0
ip address 172.16.0.1 255.255.255.0 tunnel source Serial1/1 tunnel destination 131.1.1.6 end
//分部R1上的tunnel配置完成 R2#conf t
Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip route 0.0.0.0 0.0.0.0 s 1/0 R2(config)#int tu R2(config)#int tunnel 0 R2(config-if)#ip add 172.16.
00:12:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R2(config-if)#ip add 172.16.0.2 255.255.255.0 R2(config-if)#tun
R2(config-if)#tunnel sou s1/0 R2(config-if)#tun
R2(config-if)#tunnel des 131.1.1.1 R2(config-if)#no sh R2(config-if)#
00:12:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R2(config-if)#end R2#sh run int tunnel 0 Building configuration...
Current configuration : 117 bytes !
interface Tunnel0
ip address 172.16.0.2 255.255.255.0 tunnel source Serial1/0 tunnel destination 131.1.1.1 end
R1#sh ip rou
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets C 172.16.0.0 is directly connected, Tunnel0 131.1.0.0/30 is subnetted, 1 subnets C 131.1.1.0 is directly connected, Serial1/1 C 192.168.0.0/24 is directly connected, Loopback0 S* 0.0.0.0/0 is directly connected, Serial1/1 R1#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/31/40 ms R1#
//隧道直连连通性正常
第四步:在R1和R2上启用路由协议 R1#conf t
Enter configuration commands, one per line. End with CNTL/Z. R1(config)#router eig 90 R1(config-router)#no au
R1(config-router)#net 192.168.0.0 R1(config-router)#net 172.16.0.0 R1(config-router)#end R1# R2#conf t
Enter configuration commands, one per line. End with CNTL/Z. R2(config)#router eig 90 R2(config-router)#no au R2(config-router)#net 172.16.0.0 R2(config-router)#net 192.168.1.
00:19:58: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 172.16.0.1 (Tunnel0) is up: new adjacency R2(config-router)#net 192.168.1.1
R2(config-router)#end R2#
R1#sh ip rou
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0 172.16.0.0/24 is subnetted, 1 subnets C 172.16.0.0 is directly connected, Tunnel0 131.1.0.0/30 is subnetted, 1 subnets C 131.1.1.0 is directly connected, Serial1/1 C 192.168.0.0/24 is directly connected, Loopback0
D 192.168.1.0/24 [90/297372416] via 172.16.0.2, 00:00:21, Tunnel0//eigrp通过Tunnle口学到到总部的路由
S* 0.0.0.0/0 is directly connected, Serial1/1 R1#sh ip eig nei
IP-EIGRP neighbors for process 90
H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 172.16.0.2 Tu0 12 00:01:39 44 5000 0 3 //EIGRP邻居建立 ISP#sh ip rou
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set
131.1.0.0/30 is subnetted, 2 subnets
C 131.1.1.0 is directly connected, Serial1/0 C 131.1.1.4 is directly connected, Serial1/1 ISP#
//Internet ISP路由器上只有公网路由,这样保证了安全。 第五步:测试分部到总部通过隧道的连通性
R1#ping 192.168.1.1 source 192.168.0.1 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Packet sent with a source address of 192.168.0.1 !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/77/112 ms R1# //连通性正常
因篇幅问题不能全部显示,请点此查看更多更全内容