H3C网络学院路由互换第四卷实验指导书.pdf

实验1 配置 GRE VPN 实验任务一： GRE VPN 大体配置步骤一：搭建实验环境在 SWA 上配置 VLAN2 ，将接口E1/0/2 加入 VLAN2 ：SWAvlan 2 SWA-vlan2port Ethernet 1/0/2 步骤二：检测公网连通性查看 SWA 的路由表和端口状态，确认其工作正常SWAdisplay ip interface brief *down: administratively down (s): spoofing Interface Physical Protocol IP Address Description Vlan-interface1 up up .2 Vlan-inte. Vlan-interface2 up up .2 Vlan-inte. SWAdisplay ip routing-table Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost NextHop Interface .0/24 Direct 0 0 .2 Vlan1 .2/32 Direct 0 0 InLoop0 .0/24 Direct 0 0 .2 Vlan2 .2/32 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Direct 0 0 InLoop0 也能够利用display interface命令。

在 RTA 和 RTB 上配置公网接口互通所需的静态路由RTAinterface GigabitEthernet0/0 RTA-GigabitEthernet0/0ip address GigabitEthernet0/1 RTA-GigabitEthernet0/1ip address .1 route-static .0 GigabitEthernet0/0 RTB-GigabitEthernet0/0ip address GigabitEthernet0/1 步骤三： RTB-GigabitEthernet0/1ip address .1 route-static .0 配置 GRE 隧道接口RTA interface Tunnel0 RTA-Tunnel0 ip address source .1 RTA-Tunnel0 destination .1 RTB interface Tunnel0 RTB-Tunnel0 ip address source .1 RTB-Tunnel0 destination .1 步骤四：为私网配置静态路由RTA ip route-static Tunnel0 RTB ip route-static Tunnel0 配置时也能够用下一跳地址。

步骤五：查验隧道工作状况查看 RTA 与 RTB 的路由表，可见公网、私网路由均存在于路由表中：RTBdisplay ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost NextHop Interface .0/24 Static 60 0 .2 GE0/1 .0/24 Direct 0 0 .1 GE0/1 .1/32 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Static 60 0 Tun0 Direct 0 0 GE0/0 Direct 0 0 InLoop0 Direct 0 0 Tun0 Direct 0 0 InLoop0 查看 RTA 和 RTB 的隧道接口状态，可见其利用GRE 封装，状态为UP ：RTBdisplay interface Tunnel 0 Tunnel0 current state: UP Line protocol current state: UP Description: Tunnel0 Interface The Maximum Transmit Unit is 1476 Internet Address is Primary Encapsulation is TUNNEL, service-loopback-group ID not set. Tunnel source .1, destination keepalive disable Tunnel protocol/transport GRE/IP GRE key disabled Checksumming of GRE packets disabled Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last 300 seconds input: 15 bytes/sec, 0 packets/sec Last 300 seconds output: 21 bytes/sec, 0 packets/sec 133 packets input, 5701 bytes 0 input error 124 packets output, 7469 bytes 0 output error 在 RTA 上打开 GRE 协议调试开关用debugging命令查验路由器实际收发的报文，说明其地址已经改变。

terminal monitor terminal debugging debugging gre packet 在 PCA 上对 RTB 运行 ping 命令，但只发送一个ICMP 包：C:Documents and SettingsUserping -n 1 with 32 bytes of data: Reply from bytes=32 time1ms TTL=254 Ping statistics for Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms 观看 RTA 上的输出信息： *Jun 26 16:15:30:443 2020 RTA GRE/7/debug: Tunnel0 packet:After encapsulation, Outgoing packet header .1- = 84) *Jun 26 16:15:30:443 2020 RTA GRE/7/debug:Output: Gre packet has been fast-switc hed successfully, interface index is 0 x2f0000. 可见 RTA 从 Tunnel0 接口发出了一个包，源地址为.1，目的地址为。

因为发送的包已经被GRE 封装后在公网发送了步骤六：清除静态路由用 undo ip route-static命令步骤七：为公网配置动态路由RTAospf 1 RTA-ospf-1 network 1 RTB-ospf-1 network 1 SWA-ospf-1 步骤八： network 为私网配置动态路由RTArip 1 RTA-rip-1version 2 RTA-rip-1network 2 步骤九： RTB-rip-1network 再次查验隧道工作状况查看 RTA 与 RTB 的路由表：display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost NextHop Interface .0/24 OSPF 10 2 .2 GE0/1 .0/24 Direct 0 0 .1 GE0/1 .1/32 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Direct 0 0 InLoop0 RIP 100 1 Tun0 Direct 0 0 GE0/0 Direct 0 0 InLoop0 Direct 0 0 Tun0 Direct 0 0 InLoop0 转入下一实验任务。

实验任务二： GRE VPN 隧道验证步骤一：单方配置隧道验证第一在 RTA 上单方启动隧道验证：RTA-Tunnel0gre key 1234 步骤二：查验隧道连通性用 ping 命令验证 PCA 与 PCB 之间的连通性 由于仅单方配置了隧道验证，现在应该无法连通C:Documents and SettingsUserping with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 步骤三：配置错误的隧道验证在 RTB 上也启动隧道验证，但验证值配置与RTA 不同：RTB-Tunnel0gre key 12345 步骤四：查验隧道连通性用 ping 命令验证 PCA 与 PCB 之间的连通性 由于配置的隧道验证值错误，现在应该无法连通C:Documents and SettingsUserping with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), 步骤五：正确配置隧道验证在 RTB 上配置与RTA 相同的验证值：RTB-Tunnel0gre key 1234 步骤六：查验隧道连通性用 ping 命令验证 PCA 与 PCB 之间的连通性。

由于配置的隧道验证正确，现在应该能够连通C:Documents and SettingsUserping with 32 bytes of data: Reply from bytes=32 time=1ms TTL=254 Reply from bytes=32 time1ms TTL=254 Reply from bytes=32 time1ms TTL=254 Reply from bytes=32 time1ms TTL=254 Ping statistics for Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms 注意：由于 RTA 和 RTB 上配置了RIP 路由，若是隧道验证值长时刻不匹配，RIP 会删除来自对方的私网路由在这种情形下，配置了正确的隧道验证值后需要等待RIP 从头学习路由实验任务三： GRE VPN 隧道 Keepalive 步骤一：恢复静态路由配置 RTAundo rip Warning : Undo RIP。