题目要求
1、两个局域网基于6to4tunnel可达
2、R1可以访问R3的环回
根据题目要求:
思路
先做公网和左边V4的部分:
做完然后通过缺省和nat访问公网
最后做V6
左 IPV4部分[r2]int g0/0/1 [r2-GigabitEthernet0/0/1]ip ad [r2-GigabitEthernet0/0/1]ip address 23.1.1.1 24 [r2-GigabitEthernet0/0/1]q [r2]ip route-static 0.0.0.0 0 23.1.1.2 [r2] [r3]int g0/0/0 [r3-GigabitEthernet0/0/0]ip address 23.1.1.2 24 [r3-GigabitEthernet0/0/0]int l0 [r3-LoopBack0]ip address 3.3.3.3 24 [r3-LoopBack0]int g0/0/1 [r3-GigabitEthernet0/0/1]ip address 34.1.1.1 24 [r4]int g0/0/0 [r4-GigabitEthernet0/0/0]ip address 34.1.1.2 24 [r4]ip route-static 0.0.0.0 0 34.1.1.1 [r4] [r1]int l0 [r1-LoopBack0]ip address 192.168.1.1 25 [r1-LoopBack0]int l1 [r1-LoopBack1]ip address 192.168.1.129 25 [r1-LoopBack1]int g0/0/1 [r1-GigabitEthernet0/0/1]ip address 192.168.0.1 30 [r1-GigabitEthernet0/0/1]q [r1]rip 1 [r1-rip-1]ver 2 [r1-rip-1]network 192.168.1.0 [r1-rip-1]network 192.168.0.0 [r1-rip-1] [r2]int g0/0/0 [r2-GigabitEthernet0/0/0]ip address 192.168.0.2 30 [r2-GigabitEthernet0/0/0]int l0 [r2-LoopBack0]ip address 192.168.2.1 24 [r2-LoopBack0]q [r2] [r2]rip 1 [r2-rip-1]ver 2 [r2-rip-1]network 192.168.0.0 [r2-rip-1]network 192.168.2.0
R1汇总+空接口 R2发布缺省
[r1]int g0/0/1 [r1-GigabitEthernet0/0/1]rip summary-address 192.168.1.0 255.255.255.0 [r1-GigabitEthernet0/0/1]q [r1]ip route-static 192.168.1.0 24 NULL 0 [r1] [r2]rip 1 [r2-rip-1]default-route originate
上网的NAT
[r2]acl 2000 [r2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 [r2-acl-basic-2000]int g0/0/1 [r2-GigabitEthernet0/0/1]nat outbound 2000
R1可以上网了,现在V4部分全部弄好了,去弄V6部分
1、先确定IP
23.1.1.1 2002:1701:0101::/48 2002:1701:0101:0000::/64 ~2002:1701:0101:FFFF::/64 2002:1701:0101:0000::/64 2002:1701:0101:0000:0000 0000 0000 0000::/65 2002:1701:0101:0000:1000 0000 0000 0000::/65 2002:1701:0101:0000:8000::/65 2002:1701:0101:0000::/64 给到1的两个环回第一个网段 1的1个环回2002:1701:101::/65 1的2个环回2002:1701:101:0:8000::/65 一连二第二个网段 2002:1701:0101:1::1 64 2002:1701:0101:1::2 64 给到2的环回用第三个网段 2002:1701:0101:2::1 64
左边IPV6
[r1]ipv6 [r1]int l0 [r1-LoopBack0]ipv6 enable [r1-LoopBack0]ipv6 address 2002:1701:101::1 65 [r1-LoopBack0]int l1 [r1-LoopBack1]ipv6 enable [r1-LoopBack1]ipv6 address 2002:1701:101:0:8000::1 65 [r1-LoopBack1]int g0/0/1 [r1-GigabitEthernet0/0/1]ipv6 enable [r1-GigabitEthernet0/0/1]ipv6 address 2002:1701:0101:1::1 64 [r2]ipv6 [r2]int g0/0/0 [r2-GigabitEthernet0/0/0]ipv6 enable [r2-GigabitEthernet0/0/0]ipv6 address 2002:1701:0101:1::2 64 [r2-GigabitEthernet0/0/0]int l0 [r2-LoopBack0]ipv6 enable [r2-LoopBack0]ipv6 address 2002:1701:0101:2::1 64
R1R2之间的RIPNG
[r1]ripng 1 [r1-ripng-1]int l0 [r1-LoopBack0]ripng 1 enable [r1-LoopBack0]int l1 [r1-LoopBack1]ripng 1 enable [r1-LoopBack1]int g0/0/1 [r1-GigabitEthernet0/0/1]ripng 1 enable [r2]ripng 1 [r2-ripng-1]int l0 [r2-LoopBack0]ripng 1 enable [r2-LoopBack0]int g0/0/0 [r2-GigabitEthernet0/0/0]ripng 1 enable
R1R2优化:
R1环回汇总和空接口 [r1-GigabitEthernet0/0/1]ripng summary-address 2002:1701:0101:0000:: 64 [r1]ipv6 route-static 2002:1701:0101:0000:: 64 NULL 0 R2发布缺省:在边界路由器连接内网的接口上 [r2-GigabitEthernet0/0/0]ripng default-route only
现在R2能出的来,要去R4就得搭桥,出去是V6报头,携带V4报头,源IP是23.1.1.1 目标IP是你的V6地址算出来的V4ip,所以就是6to4
做6to4tunnel口
[r2]int Tunnel 0/0/0 [r2-Tunnel0/0/0]ipv6 enable [r2-Tunnel0/0/0]ipv6 address 2002:1701:0101:3::1 64 [r2-Tunnel0/0/0]tunnel-protocol ipv6-ipv4 6to4 [r2-Tunnel0/0/0]source 23.1.1.1 [r2-Tunnel0/0/0]q [r2]ipv6 route-static 2002:: 16 Tunnel 0/0/0右
到目前为止,左边的环境已经全部搭建起来了,现在去做右边的:
34.1.1.2 2002:2201:0102::/48 右边是AS划分,有个2个AS 2002:2201:0102::/49 AS1 2002:2201:0102:8000::/49 AS2 然后向内划分 2002:2201:0102::/64 ~2002:2201:0102:7fff::/64 AS1 2002:2201:0102:8000::/64 ~2002:2201:0102:ffff::/64 AS2IPV6部分
[r4]ipv6 [r4]int g0/0/1 [r4-LoopBack0]ipv6 enable [r4-LoopBack0]ipv6 address 2002:2201:0102::1 64 [r4-LoopBack0]int g0/0/1 [r4-GigabitEthernet0/0/1]ipv6 enable [r4-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:1::1 64 [r5]int l0 [r5-LoopBack0]ipv6 enable [r5-LoopBack0]ipv6 address 2002:2201:0102:8000::1 64 [r5-LoopBack0]int g0/0/1 [r5-GigabitEthernet0/0/1]ipv6 enable [r5-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:8001::1 64 [r6-GigabitEthernet0/0/0]ipv6 address 2002:2201:0102:8001::2 64 [r6-GigabitEthernet0/0/0]int l0 [r6-LoopBack0]ipv6 enable [r6-LoopBack0]ipv6 address 2002:2201:0102:8002::1 64 [r6-LoopBack0]int g0/0/1 [r6-GigabitEthernet0/0/1]ipv6 enable [r6-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:8003::1 64 [r7]ipv6 [r7]int g0/0/0 [r7-GigabitEthernet0/0/0]ipv6 enable [r7-GigabitEthernet0/0/0]ipv6 address 2002:2201:0102:8003::2 64 [r7-GigabitEthernet0/0/0]int l0 [r7-LoopBack0]ipv6 enable [r7-LoopBack0]ipv6 address 2002:2201:0102:8004::1 64 [r7-LoopBack0]int g0/0/1 [r7-GigabitEthernet0/0/1]ipv6 enable [r7-GigabitEthernet0/0/1]ipv6 address 2002:2201:0102:8005::1 64 [r8]ipv6 [r8]int g0/0/0 [r8-GigabitEthernet0/0/0]ipv6 enable [r8-GigabitEthernet0/0/0]ipv6 address 2002:2201:0102:8005::2 64 [r8-GigabitEthernet0/0/0]int l0 [r8-LoopBack0]ipv6 enable [r8-LoopBack0]ipv6 address 2002:2201:0102:8006::1 64OSPFV3
[r5]ospfv3 1 [r5-ospfv3-1]router-id 5.5.5.5 [r5-ospfv3-1]int l0 [r5-LoopBack0]ospfv3 1 area 0 [r5-LoopBack0]int g0/0/1 [r5-GigabitEthernet0/0/1]ospfv3 1 area 0 [r5-GigabitEthernet0/0/1] [r6]ospfv3 1 [r6-ospfv3-1]router-id 6.6.6.6 [r6-ospfv3-1]int l0 [r6-LoopBack0]ospfv3 1 area 0 [r6-LoopBack0]int g0/0/0 [r6-GigabitEthernet0/0/0]ospfv3 1 area 0 [r6-GigabitEthernet0/0/0]int g0/0/1 [r6-GigabitEthernet0/0/1]ospfv3 1 area 0 [r6-GigabitEthernet0/0/1] [r7]ospfv3 1 [r7-ospfv3-1]router-id 7.7.7.7 [r7-ospfv3-1]int l0 [r7-LoopBack0]ospfv3 1 area 0 [r7-LoopBack0]int g0/0/0 [r7-GigabitEthernet0/0/0]ospfv3 1 area 0 [r7-GigabitEthernet0/0/0]int g0/0/1 [r7-GigabitEthernet0/0/1]ospfv3 1 area 0 [r7-GigabitEthernet0/0/1] [r8]ospfv3 1 [r8-ospfv3-1]router-id 8.8.8.8 [r8-ospfv3-1]int l0 [r8-LoopBack0]ospfv3 1 area 0 [r8-LoopBack0]int g0/0/0 [r8-GigabitEthernet0/0/0]ospfv3 1 area 0 [r8-GigabitEthernet0/0/0]
配完之后开始建邻,查看邻居表
查看R5路由表齐了之后开始起BGP
R4R5之间EBGP
BGP[r4]bgp 1 [r4-bgp]router-id 4.4.4.4 [r4-bgp]peer 2002:2201:102:1::2 as-number 2 [r4-bgp]ipv6-family [r4-bgp-af-ipv6]peer 2002:2201:102:1::2 enable [r5]bgp 64512 [r5-bgp]router-id 5.5.5.5 [r5-bgp]confederation id 2 [r5-bgp]peer 2002:2201:102:1::1 as-number 1 [r5-bgp]ipv6-family [r5-bgp-af-ipv6]peer 2002:2201:102:1::1 enable 但是这样配置太麻烦了,这就要引出本地站点,多数组的概念,一个环回可以有多个V6地址 [r5-LoopBack0]ipv6 address 5::5 64 [r6-LoopBack0]ipv6 address 6::6 64 [r7-LoopBack0]ipv6 address 7::7 64 [r8-LoopBack0]ipv6 address 8::8 64 再来 [r5]bgp 64512 [r5-bgp]peer 6::6 as-number 64512 [r5-bgp]peer 6::6 connect-interface LoopBack 0 5::5 [r5-bgp]ipv6-family [r5-bgp-af-ipv6]peer 6::6 enable [r6]bgp 64512 [r6-bgp]router-id 6.6.6.6 [r6-bgp]confederation id 2 [r6-bgp]peer 5::5 as-number 64512 [r6-bgp]peer 5::5 connect-interface LoopBack 0 6::6 [r6-bgp]peer 7::7 as-number 64512 [r6-bgp]peer 7::7 connect-interface LoopBack 0 6::6 [r6-bgp]ipv6-family [r6-bgp-af-ipv6]peer 5::5 enable [r6-bgp-af-ipv6]peer 7::7 enable [r6-bgp-af-ipv6] [r7]bgp 64512 [r7-bgp]router-id 7.7.7.7 [r7-bgp]confederation id 2 [r7-bgp]confederation peer-as 64513 [r7-bgp]peer 6::6 as-number 64512 [r7-bgp]peer 6::6 connect-interface LoopBack 0 7::7 [r7-bgp]peer 8::8 as-number 64513 [r7-bgp]peer 8::8 connect-interface LoopBack 0 7::7 [r7-bgp]peer 8::8 ebgp-max-hop 2 [r7-bgp]ipv6-family [r7-bgp-af-ipv6]peer 6::6 enable [r7-bgp-af-ipv6]peer 8::8 enable [r8]bgp 64513 [r8-bgp]router-id 8.8.8.8 [r8-bgp]confederation id 2 [r8-bgp]confederation peer-as 64512 [r8-bgp]peer 7::7 as-number 64512 [r8-bgp]peer 7::7 connect-interface LoopBack 0 8::8 [r8-bgp]peer 7::7 ebgp-max-hop 2 [r8-bgp]ipv6-family [r8-bgp-af-ipv6]peer 7::7 enable
现在我们来思考,还缺哪些路由,R4向左缺个6to4tunnel,和一条道2002:: /16的缺省
R4向右边,需要学到整个AS2,而他学AS2只能靠BGP,所以4需要右边有个BGP导过来
5678内部是齐的,只需要一条到2002:: /16的,指向4
我们先来做4
[r4]int Tunnel 0/0/0 [r4-Tunnel0/0/0]ipv6 enable [r4-Tunnel0/0/0]ipv6 address 2002:2201:0102:2::1 64 [r4-Tunnel0/0/0]tunnel-protocol ipv6-ipv4 6to4 [r4-Tunnel0/0/0]source 34.1.1.2 [r4]ipv6 route-static 2002:: 16 Tunnel 0/0/0
汇总5678 2002:2201:0102:8000:: 49 NULL 0
[r5]ipv6 route-static 2002:2201:0102:8000:: 49 NULL 0 [r5]bgp 64512 [r5-bgp]ipv6-family [r5-bgp-af-ipv6]network 2002:2201:0102:8000:: 49
R4宣告缺省
[r4]bgp 1 [r4-bgp]ipv6-family [r4-bgp-af-ipv6]network 2002:: 16 路由传给5 EBGP关系,所以优,5传给6不优,因为IBGP关系,所以更改下一跳 [r5]bgp 64512 [r5-bgp]ipv6-family [r5-bgp-af-ipv6]peer 6::6 next-hop-local 6优了会传给7吗?不会,因为IBGP水平分割,调一个反射器 [r6]bgp 64512 [r6-bgp]ipv6-family [r6-bgp-af-ipv6]peer 7::7 reflect-client
测试:
实验完成!
