实验拓扑:
实验步骤:
R1: R1#show run Building configuration... Current configuration : 1457 bytes ! ! Last configuration change at 20:10:26 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R1 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ! ip tcp synwait-time 5 ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 ! crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9 ! ! crypto map cisco 10 gdoi set group mygroup ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface FastEthernet2/0 ip address 100.1.1.1 255.255.255.0 speed auto duplex auto crypto map cisco ! interface FastEthernet2/1 no ip address shutdown speed auto duplex auto ! ! router eigrp 1 network 100.1.1.1 0.0.0.0 network 192.168.1.0 eigrp router-id 1.1.1.1 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! End R2: R2#show run Building configuration... Current configuration : 1549 bytes ! ! Last configuration change at 20:20:11 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R2 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! using address 23.1.1.2 ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ! ip tcp synwait-time 5 ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 ! crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9 ! ! crypto map cisco 10 gdoi set group mygroup ! interface Loopback0 no ip address ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface Serial1/0 ip address 23.1.1.2 255.255.255.0 serial restart-delay 0 crypto map cisco ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router rip version 2 network 23.0.0.0 network 192.168.2.0 no auto-summary ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! end R3: R3#show run Building configuration... Current configuration : 2282 bytes ! ! Last configuration change at 20:19:39 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R3 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! ip vrf a rd 10:10 route-target export 10:10 route-target import 10:10 ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ! ip tcp synwait-time 5 ! interface Loopback0 ip address 3.3.3.3 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface Serial1/0 no ip address shutdown mpls ip serial restart-delay 0 ! interface Serial1/1 ip vrf forwarding a ip address 23.1.1.3 255.255.255.0 ! interface Serial1/2 ip address 34.1.1.3 255.255.255.0 mpls ip serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface FastEthernet2/0 ip vrf forwarding a ip address 100.1.1.3 255.255.255.0 speed auto duplex auto ! interface FastEthernet2/1 no ip address shutdown speed auto duplex auto ! ! router eigrp 1 ! address-family ipv4 vrf a autonomous-system 1 redistribute bgp 1 metric 10000 100 255 1 1500 network 100.1.1.3 0.0.0.0 exit-address-family eigrp router-id 3.3.3.3 ! ! router eigrp 100 network 3.3.3.3 0.0.0.0 network 34.1.1.3 0.0.0.0 eigrp router-id 3.3.3.3 ! router rip version 2 no auto-summary ! address-family ipv4 vrf a redistribute bgp 1 metric 2 network 23.0.0.0 no auto-summary exit-address-family ! router bgp 1 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 **-source Loopback0 neighbor 5.5.5.5 next-hop-self ! address-family vpnv4 neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both exit-address-family ! address-family ipv4 vrf a redistribute eigrp 1 metric 2 exit-address-family ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! mpls ldp router-id Loopback0 force ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! End R4: R4#show run Building configuration... Current configuration : 1333 bytes ! ! Last configuration change at 20:33:42 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R4 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ip tcp synwait-time 5 ! interface Loopback0 ip address 4.4.4.4 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface Serial1/0 ip address 34.1.1.4 255.255.255.0 mpls ip serial restart-delay 0 ! interface Serial1/1 ip address 45.1.1.4 255.255.255.0 mpls ip serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ! router eigrp 100 network 4.4.4.4 0.0.0.0 network 34.1.1.4 0.0.0.0 network 45.1.1.4 0.0.0.0 eigrp router-id 4.4.4.4 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! mpls ldp router-id Loopback0 force ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! End R5; R5#show run Building configuration... Current configuration : 2192 bytes ! ! Last configuration change at 20:33:44 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R5 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! ip vrf a rd 10:10 route-target export 10:10 route-target import 10:10 ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ip tcp synwait-time 5 ! interface Loopback0 ip address 5.5.5.5 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface Serial1/0 ip address 45.1.1.5 255.255.255.0 mpls ip serial restart-delay 0 ! interface Serial1/1 ip vrf forwarding a ip address 56.1.1.5 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip vrf forwarding a ip address 57.1.1.5 255.255.255.0 serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ! router eigrp 100 network 5.5.5.5 0.0.0.0 network 45.1.1.5 0.0.0.0 eigrp router-id 5.5.5.5 ! ! router eigrp 2 ! address-family ipv4 vrf a autonomous-system 2 redistribute bgp 1 metric 10000 100 255 1 1500 network 56.1.1.5 0.0.0.0 exit-address-family eigrp router-id 5.5.5.5 ! router ospf 1 vrf a router-id 5.5.5.5 redistribute bgp 1 metric 2 subnets network 57.1.1.5 0.0.0.0 area 0 ! router bgp 1 bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 3.3.3.3 remote-as 1 neighbor 3.3.3.3 **-source Loopback0 neighbor 3.3.3.3 next-hop-self ! address-family vpnv4 neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community both exit-address-family ! address-family ipv4 vrf a redistribute eigrp 2 metric 2 redistribute ospf 1 metric 2 match internal external 1 external 2 redistribute eigrp 1 metric 2 exit-address-family ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! mpls ldp router-id Loopback0 force ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! End R6: R6#show run Building configuration... Current configuration : 1612 bytes ! ! Last configuration change at 20:33:47 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R6 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ip tcp synwait-time 5 ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 ! crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9 ! ! crypto map cisco 10 gdoi set group mygroup ! interface Loopback0 ip address 192.168.6.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface Serial1/0 ip address 56.1.1.6 255.255.255.0 serial restart-delay 0 crypto map cisco ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ! router eigrp 2 network 56.1.1.6 0.0.0.0 network 192.168.6.0 network 192.168.6.1 0.0.0.0 eigrp router-id 6.6.6.6 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! end R7: R7#show run Building configuration... Current configuration : 1596 bytes ! ! Last configuration change at 20:33:49 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R7 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ! ip tcp synwait-time 5 ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 ! crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9 ! ! crypto map cisco 10 gdoi set group mygroup ! interface Loopback0 ip address 192.168.7.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface Serial1/0 ip address 57.1.1.7 255.255.255.0 serial restart-delay 0 crypto map cisco ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 router-id 7.7.7.7 network 57.1.1.7 0.0.0.0 area 0 network 192.168.7.1 0.0.0.0 area 0 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! End R8: R8#show run Building configuration... Current configuration : 2044 bytes ! ! Last configuration change at 20:33:58 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R8 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! no ip domain lookup ip domain name cisco.com ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ip tcp synwait-time 5 ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key isakmp.p1.key address 100.1.1.9 crypto isakmp key isakmp.p1.key address 56.1.1.6 crypto isakmp key isakmp.p1.key address 57.1.1.7 crypto isakmp key isakmp.p1.key address 100.1.1.1 crypto isakmp key isakmp.p1.key address 23.1.1.2 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac mode tunnel ! ! crypto ipsec profile pro set transform-set cisco ! crypto gdoi group mygroup identity number 10 server local rekey algorithm aes 256 rekey retransmit 10 number 2 rekey authentication mypubkey rsa getvpnkey rekey transport unicast sa ipsec 1 profile pro match address ipv4 cisco replay time window-size 3 address ipv4 100.1.1.8 redundancy local priority 100 peer address ipv4 100.1.1.9 ! interface Loopback0 ip address 192.168.8.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface FastEthernet1/0 ip address 100.1.1.8 255.255.255.0 speed auto duplex auto ! interface FastEthernet1/1 no ip address shutdown speed auto duplex auto ! ! router eigrp 1 network 100.0.0.0 network 192.168.8.0 eigrp router-id 8.8.8.8 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ip access-list extended cisco permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! End R9: R9#show run Building configuration... Current configuration : 1995 bytes ! ! Last configuration change at 20:31:37 UTC Sat May 4 2013 ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec ! hostname R9 ! boot-start-marker boot-end-marker ! no aaa new-model no ip icmp rate-limit unreachable ! no ip domain lookup ip cef ipv6 multicast rpf use-bgp no ipv6 cef ! ! multilink bundle-name authenticated ! ip tcp synwait-time 5 ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key isakmp.p1.key address 56.1.1.6 crypto isakmp key isakmp.p1.key address 57.1.1.7 crypto isakmp key isakmp.p1.key address 100.1.1.1 crypto isakmp key isakmp.p1.key address 23.1.1.2 crypto isakmp key isakmp.p1.key address 100.1.1.8 ! ! crypto ipsec transform-set cisco esp-des esp-md5-hmac mode tunnel ! ! crypto ipsec profile pro set transform-set cisco ! crypto gdoi group mygroup identity number 10 server local rekey algorithm aes 256 rekey retransmit 10 number 2 rekey authentication mypubkey rsa getvpnkey rekey transport unicast sa ipsec 1 profile pro match address ipv4 cisco replay time window-size 3 address ipv4 100.1.1.9 redundancy local priority 90 peer address ipv4 100.1.1.8 ! interface Loopback0 ip address 192.168.9.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex full ! interface FastEthernet1/0 ip address 100.1.1.9 255.255.255.0 speed auto duplex auto ! interface FastEthernet1/1 no ip address shutdown speed auto duplex auto ! ! router eigrp 1 network 0.0.0.0 eigrp router-id 9.9.9.9 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ip access-list extended cisco permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ! end
 该贴已经同步到 songjiaqi的微博 | 
|熊猫同学技术论坛|小黑屋|
网络工程师论坛
( 沪ICP备09076391 )
发表于 2013-5-4 21:16:13
提升卡
置顶卡
变色卡
显身卡