H3C网络学院路由交换第四卷实验指导书.docx
- 文档编号:10964313
- 上传时间:2023-02-24
- 格式:DOCX
- 页数:124
- 大小:405.25KB
H3C网络学院路由交换第四卷实验指导书.docx
《H3C网络学院路由交换第四卷实验指导书.docx》由会员分享,可在线阅读,更多相关《H3C网络学院路由交换第四卷实验指导书.docx(124页珍藏版)》请在冰豆网上搜索。
H3C网络学院路由交换第四卷实验指导书
实验1配置GREVPN
实验任务一:
GREVPN基本配置
步骤一:
搭建实验环境
在SWA上配置VLAN2,将接口E1/0/2加入VLAN2:
[SWA]vlan2
[SWA-vlan2]portEthernet1/0/2
步骤二:
检测公网连通性
查看SWA的路由表和端口状态,确认其工作正常。
[SWA]displayipinterfacebrief
*down:
administrativelydown
(s):
spoofing
InterfacePhysicalProtocolIPAddressDescription
Vlan-interface1upup1.1.1.2Vlan-inte...
Vlan-interface2upup2.2.2.2Vlan-inte...
[SWA]displayiprouting-table
RoutingTables:
Public
Destinations:
6Routes:
6
Destination/MaskProtoPreCostNextHopInterface
1.1.1.0/24Direct001.1.1.2Vlan1
1.1.1.2/32Direct00127.0.0.1InLoop0
2.2.2.0/24Direct002.2.2.2Vlan2
2.2.2.2/32Direct00127.0.0.1InLoop0
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
也可以使用displayinterface命令。
在RTA和RTB上配置公网接口互通所需的静态路由。
[RTA]interfaceGigabitEthernet0/0
[RTA-GigabitEthernet0/0]ipaddress192.168.1.1255.255.255.0
[RTA-GigabitEthernet0/0]interfaceGigabitEthernet0/1
[RTA-GigabitEthernet0/1]ipaddress1.1.1.1255.255.255.0
[RTA-GigabitEthernet0/1]iproute-static2.2.2.0255.255.255.01.1.1.2
[RTB]interfaceGigabitEthernet0/0
[RTB-GigabitEthernet0/0]ipaddress192.168.2.1255.255.255.0
[RTB-GigabitEthernet0/0]interfaceGigabitEthernet0/1
[RTB-GigabitEthernet0/1]ipaddress2.2.2.1255.255.255.0
[RTB-GigabitEthernet0/1]iproute-static1.1.1.0255.255.255.02.2.2.2
步骤三:
配置GRE隧道接口
[RTA]interfaceTunnel0
[RTA-Tunnel0]ipaddress192.168.3.1255.255.255.252
[RTA-Tunnel0]source1.1.1.1
[RTA-Tunnel0]destination2.2.2.1
[RTB]interfaceTunnel0
[RTB-Tunnel0]ipaddress192.168.3.2255.255.255.252
[RTB-Tunnel0]source2.2.2.1
[RTB-Tunnel0]destination1.1.1.1
步骤四:
为私网配置静态路由
[RTA]iproute-static192.168.2.0255.255.255.0Tunnel0
[RTB]iproute-static192.168.1.0255.255.255.0Tunnel0
配置时也可以用下一跳地址。
步骤五:
检验隧道工作状况
查看RTA与RTB的路由表,可见公网、私网路由均存在于路由表中:
[RTB]displayiprouting-table
RoutingTables:
Public
Destinations:
10Routes:
10
Destination/MaskProtoPreCostNextHopInterface
1.1.1.0/24Static6002.2.2.2GE0/1
2.2.2.0/24Direct002.2.2.1GE0/1
2.2.2.1/32Direct00127.0.0.1InLoop0
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
192.168.1.0/24Static600192.168.3.2Tun0
192.168.2.0/24Direct00192.168.2.1GE0/0
192.168.2.1/32Direct00127.0.0.1InLoop0
192.168.3.0/30Direct00192.168.3.2Tun0
192.168.3.2/32Direct00127.0.0.1InLoop0
查看RTA和RTB的隧道接口状态,可见其使用GRE封装,状态为UP:
[RTB]displayinterfaceTunnel0
Tunnel0currentstate:
UP
Lineprotocolcurrentstate:
UP
Description:
Tunnel0Interface
TheMaximumTransmitUnitis1476
InternetAddressis192.168.3.2/30Primary
EncapsulationisTUNNEL,service-loopback-groupIDnotset.
Tunnelsource2.2.2.1,destination1.1.1.1
Tunnelkeepalivedisable
Tunnelprotocol/transportGRE/IP
GREkeydisabled
ChecksummingofGREpacketsdisabled
Outputqueue:
(Urgentqueuing:
Size/Length/Discards)0/100/0
Outputqueue:
(Protocolqueuing:
Size/Length/Discards)0/500/0
Outputqueue:
(FIFOqueuing:
Size/Length/Discards)0/75/0
Last300secondsinput:
15bytes/sec,0packets/sec
Last300secondsoutput:
21bytes/sec,0packets/sec
133packetsinput,5701bytes
0inputerror
124packetsoutput,7469bytes
0outputerror
在RTA上打开GRE协议调试开关用debugging命令检验路由器实际收发的报文,说明其地址已经改变。
在PCA上对RTB运行ping命令,但只发送一个ICMP包:
C:
\DocumentsandSettings\User>ping-n1192.168.2.1
Pinging192.168.2.1with32bytesofdata:
Replyfrom192.168.2.1:
bytes=32time<1msTTL=254
Pingstatisticsfor192.168.2.1:
Packets:
Sent=1,Received=1,Lost=0(0%loss),
Approximateroundtriptimesinmilli-seconds:
Minimum=0ms,Maximum=0ms,Average=0ms
观察RTA上的输出信息:
*Jun2616:
15:
30:
4432009RTAGRE/7/debug:
Tunnel0packet:
Afterencapsulation,
Outgoingpacketheader1.1.1.1->2.2.2.1(length=84)
*Jun2616:
15:
30:
4432009RTAGRE/7/debug:
Output:
Grepackethasbeenfast-switc
hedsuccessfully,interfaceindexis0x2f0000.
可见RTA从Tunnel0接口发出了一个包,源地址为1.1.1.1,目的地址为2.2.2.1。
因为发送的包已经被GRE封装后在公网发送了。
步骤六:
清除静态路由
用undoiproute-static命令。
步骤七:
为公网配置动态路由
[RTA]ospf1
[RTA-ospf-1]area0.0.0.0
[RTA-ospf-1-area-0.0.0.0]network1.0.0.00.255.255.255
[RTB]ospf1
[RTB-ospf-1]area0.0.0.0
[RTB-ospf-1-area-0.0.0.0]network2.0.0.00.255.255.255
[SWA]ospf1
[SWA-ospf-1]area0.0.0.0
[SWA-ospf-1-area-0.0.0.0]network1.0.0.00.255.255.255
[SWA-ospf-1-area-0.0.0.0]network2.0.0.00.255.255.255
步骤八:
为私网配置动态路由
[RTA]rip1
[RTA-rip-1]version2
[RTA-rip-1]network192.168.1.0
[RTA-rip-1]network192.168.3.0
[RTB]rip
[RTB-rip-1]version2
[RTB-rip-1]network192.168.2.0
[RTB-rip-1]network192.168.3.0
步骤九:
再次检验隧道工作状况
查看RTA与RTB的路由表:
RoutingTables:
Public
Destinations:
10Routes:
10
Destination/MaskProtoPreCostNextHopInterface
1.1.1.0/24OSPF1022.2.2.2GE0/1
2.2.2.0/24Direct002.2.2.1GE0/1
2.2.2.1/32Direct00127.0.0.1InLoop0
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
192.168.1.0/24RIP1001192.168.3.1Tun0
192.168.2.0/24Direct00192.168.2.1GE0/0
192.168.2.1/32Direct00127.0.0.1InLoop0
192.168.3.0/30Direct00192.168.3.2Tun0
192.168.3.2/32Direct00127.0.0.1InLoop0
转入下一实验任务。
实验任务二:
GREVPN隧道验证
步骤一:
单方配置隧道验证
首先在RTA上单方启动隧道验证:
[RTA-Tunnel0]grekey1234
步骤二:
检验隧道连通性
用ping命令验证PCA与PCB之间的连通性。
由于仅单方配置了隧道验证,此时应该无法连通。
C:
\DocumentsandSettings\User>ping192.168.2.1
Pinging192.168.2.1with32bytesofdata:
Requesttimedout.
Requesttimedout.
Requesttimedout.
Requesttimedout.
Pingstatisticsfor192.168.2.1:
Packets:
Sent=4,Received=0,Lost=4(100%loss),
步骤三:
配置错误的隧道验证
在RTB上也启动隧道验证,但验证值配置与RTA不同:
[RTB-Tunnel0]grekey12345
步骤四:
检验隧道连通性
用ping命令验证PCA与PCB之间的连通性。
由于配置的隧道验证值错误,此时应该无法连通。
C:
\DocumentsandSettings\User>ping192.168.2.1
Pinging192.168.2.1with32bytesofdata:
Requesttimedout.
Requesttimedout.
Requesttimedout.
Requesttimedout.
Pingstatisticsfor192.168.2.1:
Packets:
Sent=4,Received=0,Lost=4(100%loss),
步骤五:
正确配置隧道验证
在RTB上配置与RTA相同的验证值:
[RTB-Tunnel0]grekey1234
步骤六:
检验隧道连通性
用ping命令验证PCA与PCB之间的连通性。
由于配置的隧道验证正确,此时应该可以连通。
C:
\DocumentsandSettings\User>ping192.168.2.1
Pinging192.168.2.1with32bytesofdata:
Replyfrom192.168.2.1:
bytes=32time=1msTTL=254
Replyfrom192.168.2.1:
bytes=32time<1msTTL=254
Replyfrom192.168.2.1:
bytes=32time<1msTTL=254
Replyfrom192.168.2.1:
bytes=32time<1msTTL=254
Pingstatisticsfor192.168.2.1:
Packets:
Sent=4,Received=4,Lost=0(0%loss),
Approximateroundtriptimesinmilli-seconds:
Minimum=0ms,Maximum=1ms,Average=0ms
注意:
由于RTA和RTB上配置了RIP路由,如果隧道验证值长时间不匹配,RIP会删除来自对方的私网路由。
在这种情况下,配置了正确的隧道验证值后需要等待RIP重新学习路由。
实验任务三:
GREVPN隧道Keepalive
步骤一:
恢复静态路由配置
[RTA]undorip
Warning:
UndoRIPprocess?
[Y/N]:
y
[RTA]undoospf
Warning:
UndoOSPFprocess?
[Y/N]:
y
[RTA]iproute-static192.168.2.0255.255.255.0Tunnel0
[RTA]iproute-static2.2.2.0255.255.255.01.1.1.2
[RTB]undorip
Warning:
UndoRIPprocess?
[Y/N]:
y
[RTB]undoospf
Warning:
UndoOSPFprocess?
[Y/N]:
y
[RTB]iproute-static192.168.1.0255.255.255.0Tunnel0
[RTB]iproute-static1.1.1.0255.255.255.02.2.2.2
步骤二:
模拟网络故障
[SWA-Vlan-interface2]shutdown
步骤三:
检查RTA上的隧道接口状态
在RTA上检查隧道接口状态,发现隧道接口状态仍然正常:
[RTA]displayinterfaceTunnel0
Tunnel0currentstate:
UP
Lineprotocolcurrentstate:
UP
Description:
Tunnel0Interface
TheMaximumTransmitUnitis1472
InternetAddressis192.168.3.1/30Primary
EncapsulationisTUNNEL,service-loopback-groupIDnotset.
Tunnelsource1.1.1.1,destination2.2.2.1
Tunnelkeepalivedisable
Tunnelprotocol/transportGRE/IP
GREkeyvalueis1234
ChecksummingofGREpacketsdisabled
Outputqueue:
(Urgentqueuing:
Size/Length/Discards)0/100/0
Outputqueue:
(Protocolqueuing:
Size/Length/Discards)0/500/0
Outputqueue:
(FIFOqueuing:
Size/Length/Discards)0/75/0
Last300secondsinput:
0bytes/sec,0packets/sec
Last300secondsoutput:
0bytes/sec,0packets/sec
1016packetsinput,100223bytes
10inputerror
981packetsoutput,41128bytes
0outputerror
这说明其无法了解对端变化情况。
这是因为在RTA上,隧道源地址所属接口正常,隧道目的地址所需的路由仍然存在。
步骤四:
恢复网络故障
[SWA-Vlan-interface2]undoshutdown
步骤五:
配置隧道Keepalive
[RTA]interfaceTunnel0
[RTA-Tunnel0]keepalive
[RTB]interfaceTunnel0
[RTB-Tunnel0]keepalive
步骤六:
模拟网络故障
在RTA上启动debugging开关:
关闭SWA的VLAN2接口,模拟公网路由突然发生故障。
[SWA-Vlan-interface2]shutdown
步骤七:
观察效果,检验隧道连通性
在RTA上观察debugging信息。
输出信息形如:
*Jun2617:
31:
54:
7942009RTATUNNEL/7/debug:
Tunnel0linkstateisUP,nochange.
*Jun2617:
31:
55:
5082009RTATUNNEL/7/debug:
Beforeencapsulation,thepacket'sulLoopTimesis0.
......
......
*Jun2617:
32:
55:
9682009RTATUNNEL/7/debug:
Beforeencapsulation,thepacket'sulLoopTimesis0.
*Jun2617:
33:
00:
2932009RTATUNNEL/7/debug:
Tunnel0linkstateisUP,nochange.
*Jun2617:
33:
05:
3322009RTATUNNEL/7/debug:
Tunnel0linkstateisUP,nochange.
*Jun2617:
33:
06:
452009RTATUNNEL/7/debug:
Beforeencapsulation,thepacket'sulLoopTimesis0.
*Jun2617:
33:
10:
3692009RTATUNNEL/7/debug:
Tunnel0linkstateisUP,nochange.
*Jun2617:
33:
15:
4082009RTATUNNEL/7/debug:
Tunnel0linkstateisUP,nochange.
%Jun2617:
33:
16:
1682009RTATUNNEL/4/LINKUPDOWN:
Tunnel0:
linkstatusisDOWN
%Jun2617:
33:
16:
1682009RTAIFNET/4/UPDOWN:
LineprotocolontheinterfaceTunnel0isDOWN
*Jun2617:
33:
16:
1682009RTATUNNEL/7/debug:
Tunnel0down,becausekeepaliveisnotreached.
*Jun2617:
33:
16:
1692009RTATUNNEL/7/debug:
CannotgettunnelIDwhentunnel(index=0x2f0000)stateisdown.
*Jun2617:
33:
16:
1692009RTATUNNEL/7/debug:
Tunnel_DelTunnInUpTunnTbl:
Thetunnel(0x2f0000)stateisdown.
*Jun2617:
33:
16:
1692009RTATUNNEL/7
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- H3C 网络学院 路由 交换 第四 实验 指导书