阿里云-云小站(无限量代金券发放中)
【腾讯云】云服务器、云数据库、COS、CDN、短信等热卖云产品特惠抢购

Cisco之路由重分发和配置NAT

199次阅读
没有评论

共计 7137 个字符,预计需要花费 18 分钟才能阅读完成。

在一个大型网络中可能存在着多种路由协议,因此关系到路由重分发的问题。网络架构如下图所示:

Cisco 之路由重分发和配置 NAT

架构说明:
1 R1 为总公司路由器;
2 R2、R5 为上海分公司路由器;
3 R3、R4 为杭州分公司路由器;
4 总公司和分公司之间使用 OSPF 协议,上海分公司使用 RIP 协议,而杭州分公司使用静态路由协议;
5 所有分公司访问公网都通过总公司路由器 R1 实现;
6 本地所带主机由 Loopback1 接口模拟;
7 Loopback0 使用 192.168.255.0/24 网段并且作为 Router ID;

1)配置基本信息
R1 配置如下:
R1(config)#hostname R1
R1(config)#int f0/0
R1(config-if)#ip add 10.0.0.1 255.255.255.252
R1(config-if)#no sh
R1(config-if)#int f1/0
R1(config-if)#ip add 10.0.0.6 255.255.255.252
R1(config-if)#no sh
R1(config-if)#int f2/0
R1(config-if)#ip add 172.16.31.1 255.255.255.252
R1(config-if)#no sh
R1(config)#int loopback 0
R1(config-if)#ip add 192.168.255.1 255.255.255.0
R1(config-if)#no sh
R1(config)#int loopback 1
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no sh

R1(config)#router ospf 1
R1(config-router)#router-id 192.168.255.1
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#network 10.0.0.4 0.0.0.3 area 1
R1(config-router)#network 192.168.255.1 0.0.0.0 area 0
R1(config-router)#network 10.0.0.0 0.0.0.3 area 0

R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.31.2

R2 配置如下:
R2(config)#hostname R2
R2(config)#int f0/0
R2(config-if)#ip add 10.0.0.2 255.255.255.252
R2(config-if)#no sh
R2(config-if)#int f1/0
R2(config-if)#ip add 192.168.100.1 255.255.255.0
R2(config-if)#no sh
R2(config)#int loopback 0
R2(config-if)#ip add 192.168.255.2 255.255.255.255
R2(config-if)#no sh

R2(config)#router ospf 1
R2(config-router)#router-id 192.168.255.2
R2(config-router)#network 10.0.0.0 0.0.0.3 area 0
R2(config-router)#network 192.168.255.2 0.0.0.0 area 0

R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.100.0

R3 配置如下:
R3(config)#hostname R3
R3(config)#int f1/0
R3(config-if)#ip add 10.0.0.5 255.255.255.252
R3(config-if)#no sh
R3(config-if)#int f0/0
R3(config-if)#ip add 10.0.0.10 255.255.255.252
R3(config-if)#no sh
R3(config)#int loopback 0
R3(config-if)#ip add 192.168.255.3 255.255.255.255
R3(config-if)#no sh

R3(config)#router ospf 1
R3(config-router)#router-id 192.168.255.3
R3(config-router)#network 10.0.0.4 0.0.0.3 area 1
R3(config-router)#network 192.168.255.3 0.0.0.0 area 1

R3(config)#ip route 192.168.3.0 255.255.255.0 10.0.0.9

R4 配置如下:
R4(config)#hostname R4
R4(config)#int f0/0
R4(config-if)#ip add 10.0.0.9 255.255.255.252
R4(config-if)#no sh
R4(config)#int loopback 0
R4(config-if)#ip add 192.168.255.4 255.255.255.255
R4(config-if)#no sh
R4(config)#int loopback 1
R4(config-if)#ip add 192.168.3.1 255.255.255.0
R4(config-if)#no sh

R4(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.10

R5 配置如下:
R5(config)#hostname R5
R5(config)#int f0/0
R5(config-if)#ip add 192.168.100.2 255.255.255.0
R5(config-if)#no sh
R5(config)#int loopback 1
R5(config-if)#ip add 192.168.2.1 255.255.255.0
R5(config-if)#no sh

R5(config)#router rip
R5(config-router)#version 2
R5(config-router)#no auto-summary
R5(config-router)#network 192.168.100.0
R5(config-router)#network 192.168.2.0

Internet 配置如下:
Internet(config)#hostname Internet
Internet(config)#int f0/0
Internet(config-if)#ip add 172.16.31.2 255.255.255.252
Internet(config-if)#no sh
Internet(config)#int loopback 1
Internet(config-if)#ip add 59.56.61.1 255.255.255.0
Internet(config-if)#no sh

查看路由表:
R1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
      D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
      N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
      E1 – OSPF external type 1, E2 – OSPF external type 2
      i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
      ia – IS-IS inter area, * – candidate default, U – per-user static route
      o – ODR, P – periodic downloaded static route

Gateway of last resort is 172.16.31.2 to network 0.0.0.0

    172.16.0.0/30 is subnetted, 1 subnets
C      172.16.31.0 is directly connected, FastEthernet2/0
    10.0.0.0/30 is subnetted, 2 subnets
C      10.0.0.0 is directly connected, FastEthernet0/0
C      10.0.0.4 is directly connected, FastEthernet1/0
    192.168.255.0/24 is variably subnetted, 3 subnets, 2 masks
O      192.168.255.3/32 [110/2] via 10.0.0.5, 00:21:37, FastEthernet1/0
O      192.168.255.2/32 [110/2] via 10.0.0.2, 00:31:22, FastEthernet0/0
C      192.168.255.0/24 is directly connected, Loopback0
C    192.168.1.0/24 is directly connected, Loopback1
S*  0.0.0.0/0 [1/0] via 172.16.31.2

2)配置路由重分发:

路由器 R1 重发布默认路由:
R1(config)#router ospf 1
R1(config-router)#default-information originate always

路由器 R2 重分发:
R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets
R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 3

路由器 R3 重发布静态路由和直连路由:
R3(config)#router ospf 1
R3(config-router)#redistribute static subnets
R3(config-router)#redistribute connected subnets

3)验证网络通信是否正常
R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
      D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
      N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
      E1 – OSPF external type 1, E2 – OSPF external type 2
      i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
      ia – IS-IS inter area, * – candidate default, U – per-user static route
      o – ODR, P – periodic downloaded static route

Gateway of last resort is 10.0.0.6 to network 0.0.0.0

    10.0.0.0/30 is subnetted, 3 subnets
C      10.0.0.8 is directly connected, FastEthernet0/0
O IA    10.0.0.0 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0
C      10.0.0.4 is directly connected, FastEthernet1/0
    192.168.255.0/32 is subnetted, 3 subnets
C      192.168.255.3 is directly connected, Loopback0
O IA    192.168.255.2 [110/3] via 10.0.0.6, 00:02:31, FastEthernet1/0
O IA    192.168.255.1 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0
    192.168.1.0/32 is subnetted, 1 subnets
O IA    192.168.1.1 [110/2] via 10.0.0.6, 00:02:33, FastEthernet1/0
O E2 192.168.2.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0
O E2 192.168.100.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0
S    192.168.3.0/24 [1/0] via 10.0.0.9
O*E2 0.0.0.0/0 [110/1] via 10.0.0.6, 00:02:35, FastEthernet1/0

R4#ping 192.168.2.1 source 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!

R5#ping 10.0.0.5 source 192.168.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.5, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!

4) 在 R1 路由器上配置 NAT
R1(config)#int f1/0
R1(config-if)#ip nat inside
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config)#int f2/0
R1(config-if)#ip nat outside
R1(config)#access-list 1 permit any
R1(config)#ip nat inside source list 1 int f2/0 overload

测试内网访问外网的连通性
R5#ping 59.56.61.1 source 192.168.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!

R4#ping 59.56.61.1 source 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!

当然,我们可以禁止 192.168.2.0 的网段对外网的访问:

R1(config)#no access-list 1
R1(config)#access-list 1 deny 192.168.2.0 0.0.0.255
R1(config)#access-list 1 permit any
R1(config)#ip nat inside source list 1 interface f2/0 overload

R5#ping 59.56.61.1 source 192.168.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
…..

R4#ping 59.56.61.1 source 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!

完整 Word 文档可以到 Linux 公社资源站下载:

—————————————— 分割线 ——————————————

免费下载地址在 http://linux.linuxidc.com/

用户名与密码都是 www.linuxidc.com

具体下载目录在 /2017 年资料 / 5 月 /29 日 /Cisco 之路由重分发和配置 NAT/

下载方法见 http://www.linuxidc.com/Linux/2013-07/87684.htm

—————————————— 分割线 ——————————————

本文永久更新链接地址 :http://www.linuxidc.com/Linux/2017-05/144354.htm

正文完
星哥玩云-微信公众号
post-qrcode
 0
星锅
版权声明:本站原创文章,由 星锅 于2022-01-21发表,共计7137字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
【腾讯云】推广者专属福利,新客户无门槛领取总价值高达2860元代金券,每种代金券限量500张,先到先得。
阿里云-最新活动爆款每日限量供应
评论(没有评论)
验证码
【腾讯云】云服务器、云数据库、COS、CDN、短信等云产品特惠热卖中