您的当前位置:首页正文

配置GRE tunnel隧道

2022-06-15 来源:知库网
实验拓扑:

预备知识:

通用路由封装(GenericRoutingEncapsulation,简称GRE)隧道 按照通过IPv4网络传输数据的定义,GRE通过将需要传输的数据包封装在GRE数据包内,从而使一个网络协议能够通过另一个网络协议进行传输。GRE是通过隧道传输IPv6业务负载的一个理想机制。 实验说明:

路由器ISP模拟运营商,分部R1要和总部R2通信,但是不想让Internet上的路由器学到其内网网络,所以在R1和R2之间做条隧道,总部和分部之间启用EIGRP路由协议。 实验过程:

第一步:配置R1,ISP,R2的接口地址 R1>en R1#conf t

Enter configuration commands, one per line. End with CNTL/Z. R1(config)#no ip domai loo R1(config)#line con 0 R1(config-line)#no exec-t R1(config-line)#lo

00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to downgg syn

R1(config-line)#exi R1(config)#int s 1/1

R1(config-if)#ip add 131.1.1.1 255.255.255.252 R1(config-if)#no sh R1(config-if)#int loo 0

R1(config-if)#ip add 192.168.0.1 255.255.255.0 R1(config-if)#end R1#sh ip i

00:01:57: %SYS-5-CONFIG_I: Configured from console by console R1#sh ip int b

Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down

Serial1/0 unassigned YES unset administratively down down

Serial1/1 131.1.1.1 YES manual up down Serial1/2 unassigned YES unset administratively down down

Serial1/3 unassigned YES unset administratively down down

Serial2/0 unassigned YES unset administratively down down

Serial2/1 unassigned YES unset administratively down down

Serial2/2 unassigned YES unset administratively down down

Serial2/3 unassigned YES unset administratively down down

Loopback0 192.168.0.1 YES manual up up R1# ISP>en ISP#conf t

Enter configuration commands, one per line. End with CNTL/Z. ISP(config)#no ip domain loo ISP(config)#line con 0 ISP(config-line)#no exec-t ISP(config-line)#logg syn ISP(config-line)#exi ISP(config)#int s 1/0

ISP(config-if)#ip add 131.1.1.2 255.255.255.252 ISP(config-if)#no sh ISP(config-if)#int s 1/1 ISP(config-if)#i

00:02:55: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up 00:02:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

ISP(config-if)#ip add 131.1.1.5 255.255.255.252 ISP(config-if)#no sh ISP(config-if)#end ISP#sh ip in

00:03:09: %SYS-5-CONFIG_I: Configured from console by console ISP#sh ip int b

Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down

Serial1/0 131.1.1.2 YES manual up up Serial1/1 131.1.1.5 YES manual up up Serial1/2 unassigned YES unset administratively down down

Serial1/3 unassigned YES unset administratively down down

Serial2/0 unassigned YES unset administratively down down

Serial2/1 unassigned YES unset administratively down down

Serial2/2 unassigned YES unset administratively down down

Serial2/3 unassigned YES unset administratively down down ISP# R2>en R2#conf t

Enter configuration commands, one per line. End with CNTL/Z. R2(config)#no ip doma loo R2(config)#line con 0 R2(config-line)#no exec-t R2(config-line)#logg syn R2(config-line)#exi R2(config)#int s 1/0

R2(config-if)#ip add 131.1.1.6 255.255.255.252 R2(config-if)#no sh R2(config-if)#int loo 0 R2(config-if)#ip add

00:04:14: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up R2(config-if)#ip add

00:04:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

R2(config-if)#ip add 192.168.1.1 255.255.255.0 R2(config-if)#end R2#sh ip int

00:04:24: %SYS-5-CONFIG_I: Configured from console by consoleb R2#sh ip int b

Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down

Serial1/0 131.1.1.6 YES manual up up Serial1/1 unassigned YES unset administratively down

down

Serial1/2 unassigned YES unset administratively down down

Serial1/3 unassigned YES unset administratively down down

Serial2/0 unassigned YES unset administratively down down

Serial2/1 unassigned YES unset administratively down down

Serial2/2 unassigned YES unset administratively down down

Serial2/3 unassigned YES unset administratively down down

Loopback0 192.168.1.1 YES manual up up R2#

第二步:测试直连连通性 ISP#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID R2 Ser 1/1 155 R 7206VXR Ser 1/0 R1 Ser 1/0 153 R 7206VXR Ser 1/1 ISP#

//邻居建立直连连通性正常 第三步:配置GRE隧道 R1#conf t

Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip route 0.0.0.0 0.0.0.0 s 1/1 //默认路由出接口应该指向物理接口 R1(config)#int tu

R1(config)#int tunnel 0 R1(config-if)#ip add

00:07:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down

R1(config-if)#ip add 172.16.0.1 255.255.255.0 R1(config-if)#tu

R1(config-if)#tunnel sour s 1/1 R1(config-if)#tun R1(config-if)#tunnel des

R1(config-if)#tunnel destination 131.1.1.6 R1(config-if)#no sh R1(config-if)#

00:08:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R1(config-if)#end R1#sh run int tunnel 0 Building configuration...

Current configuration : 117 bytes !

interface Tunnel0

ip address 172.16.0.1 255.255.255.0 tunnel source Serial1/1 tunnel destination 131.1.1.6 end

//分部R1上的tunnel配置完成 R2#conf t

Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip route 0.0.0.0 0.0.0.0 s 1/0 R2(config)#int tu R2(config)#int tunnel 0 R2(config-if)#ip add 172.16.

00:12:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down

R2(config-if)#ip add 172.16.0.2 255.255.255.0 R2(config-if)#tun

R2(config-if)#tunnel sou s1/0 R2(config-if)#tun

R2(config-if)#tunnel des 131.1.1.1 R2(config-if)#no sh R2(config-if)#

00:12:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R2(config-if)#end R2#sh run int tunnel 0 Building configuration...

Current configuration : 117 bytes !

interface Tunnel0

ip address 172.16.0.2 255.255.255.0 tunnel source Serial1/0 tunnel destination 131.1.1.1 end

R1#sh ip rou

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets C 172.16.0.0 is directly connected, Tunnel0 131.1.0.0/30 is subnetted, 1 subnets C 131.1.1.0 is directly connected, Serial1/1 C 192.168.0.0/24 is directly connected, Loopback0 S* 0.0.0.0/0 is directly connected, Serial1/1 R1#ping 172.16.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/31/40 ms R1#

//隧道直连连通性正常

第四步:在R1和R2上启用路由协议 R1#conf t

Enter configuration commands, one per line. End with CNTL/Z. R1(config)#router eig 90 R1(config-router)#no au

R1(config-router)#net 192.168.0.0 R1(config-router)#net 172.16.0.0 R1(config-router)#end R1# R2#conf t

Enter configuration commands, one per line. End with CNTL/Z. R2(config)#router eig 90 R2(config-router)#no au R2(config-router)#net 172.16.0.0 R2(config-router)#net 192.168.1.

00:19:58: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 172.16.0.1 (Tunnel0) is up: new adjacency R2(config-router)#net 192.168.1.1

R2(config-router)#end R2#

R1#sh ip rou

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0 172.16.0.0/24 is subnetted, 1 subnets C 172.16.0.0 is directly connected, Tunnel0 131.1.0.0/30 is subnetted, 1 subnets C 131.1.1.0 is directly connected, Serial1/1 C 192.168.0.0/24 is directly connected, Loopback0

D 192.168.1.0/24 [90/297372416] via 172.16.0.2, 00:00:21, Tunnel0//eigrp通过Tunnle口学到到总部的路由

S* 0.0.0.0/0 is directly connected, Serial1/1 R1#sh ip eig nei

IP-EIGRP neighbors for process 90

H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 172.16.0.2 Tu0 12 00:01:39 44 5000 0 3 //EIGRP邻居建立 ISP#sh ip rou

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set

131.1.0.0/30 is subnetted, 2 subnets

C 131.1.1.0 is directly connected, Serial1/0 C 131.1.1.4 is directly connected, Serial1/1 ISP#

//Internet ISP路由器上只有公网路由,这样保证了安全。 第五步:测试分部到总部通过隧道的连通性

R1#ping 192.168.1.1 source 192.168.0.1 Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Packet sent with a source address of 192.168.0.1 !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/77/112 ms R1# //连通性正常

因篇幅问题不能全部显示,请点此查看更多更全内容