The experimental requirements

1、R4 by ISP, Can only be configured on it IP Address ;R4 Public equipment is used with all other directly connected equipment IP.

2、R3、R5、R6、R7 by MGRE Environmental Science ,R3 For the central site .

3、 Whole OSPF Environmental Science IP The address is based on 172.16.0.0/16 Divide .

4、 Reduce LSA Update quantity of , Speed up convergence , Keep updates safe .

5、 Network wide accessibility .

Experimental thinking
1、 According to the experimental requirements 172.16.0.0/16 The network segment is divided into subnets , Convenient subnet summary , So as to reduce the number of routing entries .

2、 Carry out IP Address configuration , And configuration of loopback interface .

3、 Yes R3、R5、R6、R7 The equipment carries out MGRE Configuration of the environment ,R3 For the central site , These four routers are configured to ISP The default route for , Realize the private network interworking of border routers .

4、 Configure each router OSPF Agreement and announcement , Note that the routing information that can be summarized at the time of announcement can be summarized and announced together , Let each router get the routing topology information of other network segments , To get the routing entry .

5、 The extraterritorial route is realized by republishing OSPF Can be interconnected within .

6、 Configure special areas for areas that need special areas

7、 Configure the border router NAT Protocol to achieve access to the public network
 

Experiment contents and steps

1、 The regional IP Division of address

take 172.16.0.0/16 The network segment of is divided into subnets , Divide the network segment into 8 Net segment , Take one of them 6 One is used in our experiment IP Address , The rest 2 individual IP Address as our backup network segment , It is convenient for the network topology to change in the future , Need to add equipment , Come to the spare network segment left . Each network segment is divided into subnets , It is divided into P2P The network needs to be used IP Address , and MA Used by the network IP Address , And the loopback address IP Address . Each area IP The result of address division is as follows ：

Be careful ：

1、 Today's experiments need to judge the type of network interface as P2P The network type is still MA Network type .

2、 The experiments done now should be in line with practical projects , Because a broadcast domain usually has at most 200 To 300 Host equipment , Therefore, the network segment should be divided into /24 Network segment to use , This is more practical .

3、P2P There are only two devices in the network type , So you can use /30 The network segment , And in practice MA Among the network types, there may be multiple routers using one network segment , So it will MA The network segment is divided into /29 The network segment of is more reasonable .

172.16.0.0/19 --- AREA0

        172.16.0.0/24 --- P2P The backbone

                172.16.0.0/30

                ......

        172.16.1.0/24 --- MA The backbone

                172.16.1.0/29

                ......

        172.16.2.0/24

        ......

172.16.32.0/19 --- AREA1

        172.16.32.0/24 --- P2P The backbone

                172.16.32.0/30

                ......

        172.16.33.0/24 --- MA The backbone

                172.16.33.0/29

                ......

        172.16.34.0/24

        ......

172.16.64.0/19 --- AREA2

        172.16.64.0/24 --- P2P The backbone

                172.16.64.0/30

                ......

        172.16.65.0/24 --- MA The backbone

                172.16.65.0/30

                ......

        172.16.66.0/24

        ......

172.16.96.0/19 --- AREA3     

        172.16.96.0/24 --- P2P The backbone

                172.16.96.0/30

                ......

        172.16.97.0/24 --- MA The backbone

                172.16.97.0/29

                ......        

        172.16.98.0/24

        ......

172.16.128.0/19 --- AREA4

        172.16.128.0/24 --- P2P The backbone

                172.16.128.0/30

                ......

        172.16.129.0/24 --- MA The backbone

                172.16.129.0/29

                ......

        172.16.130.0/24

        ......

172.16.160.0/19 --- RIP

        172.16.160.0/20        

        172.16.176.0/20

172.16.192.0/19

172.16.224.0/19

2、 Yes AERA0 Equipment in the area IP Configuration of address, loopback address and default route

AR3

[r3]int s 4/0/0
[r3-Serial4/0/0]ip a 34.0.0.1 24
[r3]ip route-static 0.0.0.0 0 34.0.0.2

AR4

[isp]int s 4/0/0
[isp-Serial4/0/0]ip a 34.0.0.2 24
[isp-Serial4/0/0]int s 3/0/0
[isp-Serial3/0/0]ip a 46.0.0.2 24
[isp-Serial3/0/0]int s 4/0/1
[isp-Serial4/0/1]ip a 45.0.0.2 24
[isp-Serial4/0/1]int g0/0/0
[isp-GigabitEthernet0/0/0]ip a 47.0.0.2 24
[isp-GigabitEthernet0/0/0]int lo0
[isp-LoopBack0]ip a 4.4.4.4 24

AR5

[r5]int s 4/0/0
[r5-Serial4/0/0]ip a 45.0.0.1 24
[r5-Serial4/0/0]int lo0
[r5-LoopBack0]ip a 172.16.2.1 24
[r5]ip route-static 0.0.0.0 0 45.0.0.2

AR6

[r6]int s 4/0/0
[r6-Serial4/0/0]ip a 46.0.0.1 24
[r6-Serial4/0/0]int lo0
[r6-LoopBack0]ip a 172.16.3.1 24
[r6]ip route-static 0.0.0.0 0 46.0.0.2

AR7

[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip a 47.0.0.1 24
[r7-GigabitEthernet0/0/0]int lo0
[r7-LoopBack0]ip a 172.16.4.1 24
[r7]ip route-static 0.0.0.0 0 47.0.0.2

3、 Yes R3、R5、R6、R7 To configure MGRE Environmental Science ,R3 For the central site .

AR3

[r3]int t 0/0/0
[r3-Tunnel0/0/0]ip a 172.16.1.1 29  
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp  
[r3-Tunnel0/0/0]source 34.0.0.1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry multicast dynamic 

AR5

[r5]int t0/0/0
[r5-Tunnel0/0/0]ip a 172.16.1.2 29 
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp   
[r5-Tunnel0/0/0]source Serial 4/0/0    
[r5-Tunnel0/0/0]nhrp network-id 100 
[r5-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register 
 

AR6

[r6]int t0/0/0
[r6-Tunnel0/0/0]ip a 172.16.1.3 29  
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp   
[r6-Tunnel0/0/0]source Serial 4/0/0 
[r6-Tunnel0/0/0]nhrp network-id 100
[r6-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register 

AR7

[r7]int t0/0/0
[r7-Tunnel0/0/0]ip a 172.16.1.4 29  
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r7-Tunnel0/0/0]source GigabitEthernet 0/0/0
[r7-Tunnel0/0/0]nhrp network-id 100
[r7-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register 

4、 To configure AREA1、AREA2、AREA3、AREA4 Of IP Address and loopback interface
AR1

[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip a 172.16.33.1 29
[r1-GigabitEthernet0/0/0]int lo0
[r1-LoopBack0]ip a 172.16.34.1 24

AR2

[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip a 172.16.33.2 29
[r2-GigabitEthernet0/0/0]int lo0
[r2-LoopBack0]ip a 172.16.35.1 24

AR3

[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip a 172.16.33.3 29
[r3-GigabitEthernet0/0/0]int lo0
[r3-LoopBack0]ip a 172.16.36.1 24

AR6

[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ip a 172.16.65.1 29

AR7

[r7]int g 0/0/1
[r7-GigabitEthernet0/0/1]ip a 172.16.97.1 29

AR8

[r8]int g0/0/0
[r8-GigabitEthernet0/0/0]ip a 172.16.97.2 29
[r8-GigabitEthernet0/0/0]int lo0
[r8-LoopBack0]ip a 172.16.98.1 24
[r8-LoopBack0]int g 0/0/1
[r8-GigabitEthernet0/0/1]ip a 172.16.97.9 29

AR9

[r9]int g0/0/0
[r9-GigabitEthernet0/0/0]ip a 172.16.97.10 29
[r9-GigabitEthernet0/0/0]int g0/0/1
[r9-GigabitEthernet0/0/1]ip a 172.16.129.1 29
[r9-GigabitEthernet0/0/1]int lo0
[r9-LoopBack0]ip a 172.16.130.1 24

AR10

[r10]int g0/0/0
[r10-GigabitEthernet0/0/0]ip a 172.16.129.2 29
[r10-GigabitEthernet0/0/0]int lo0
[r10-LoopBack0]ip a 172.16.131.1 24

AR11

[r11]int g 0/0/0
[r11-GigabitEthernet0/0/0]ip a 172.16.65.2 29
[r11-GigabitEthernet0/0/0]int lo0
[r11-LoopBack0]ip a 172.16.66.1 24
[r11-GigabitEthernet0/0/1]ip a 172.16.65.9 29

AR12

[r12]int g0/0/0
[r12-GigabitEthernet0/0/0]ip a 172.16.65.10 29
[r12]int lo0
[r12-LoopBack0]ip a 172.16.160.1 20
[r12-LoopBack0]int lo1
[r12-LoopBack1]ip a 172.16.176.1 20
[r12-LoopBack1]

5、 Start each device OSPF agreement
AR1

[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

AR2

[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a 1
[r2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

AR3

[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.7.255

[r3-ospf-1-area-0.0.0.1]a 0
[r3-ospf-1-area-0.0.0.0]net    
[r3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0

AR5

[r5]ospf 1 rout    
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]a 0  
[r5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

AR6

[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]a 0
[r6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[r6-ospf-1-area-0.0.0.0]a 2
[r6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0

AR7

[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a 0   
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.7.255
[r7-ospf-1-area-0.0.0.0]a 3
[r7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0

AR8

[r8]ospf 1 router-id 8.8.8.8
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]network 172.16.0.0 0.0.255.255

AR9

[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]a 3
[r9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[r9-ospf-1-area-0.0.0.3]a 4
[r9-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.3.255

AR10

[r10]ospf 1 router-id 10.10.10.10
[r10-ospf-1]a 4 
[r10-ospf-1-area-0.0.0.4]network 172.16.0.0 0.0.255.255

AR11

[r11]ospf 1 router-id 11.11.11.11
[r11-ospf-1]a 2
[r11-ospf-1-area-0.0.0.2]network 172.16.0.0 0.0.255.255

AR12

[r12]ospf 1 router-id 12.12.12.12
[r12-ospf-1]a 2 
[r12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0
[r12]rip 1
[r12-rip-1]v 2
[r12-rip-1]network 172.16.0.0

5、 change tunnel Interface type of interface
AR3

[r3]int t0/0/0
[r3-Tunnel0/0/0]ospf network-type p2mp

AR5

[r5]int t0/0/0 
[r5-Tunnel0/0/0]ospf network-type p2mp

AR6

[r6]int t0/0/0 
[r6-Tunnel0/0/0]ospf network-type p2mp

AR7

[r7]int t0/0/0
[r7-Tunnel0/0/0]ospf network-type p2mp

6、 stay R12 Republish , Thus, you can run OSPF The device learns the extraterritorial route AR12

[r12]ospf 1 
[r12-ospf-1]import-route rip 1

7、 take AREA4 Change to out of domain routing to reduce routing information

take AREA4 Change to extraterritorial routing , In order to make a special area to reduce the number of routing entries, so in R9 Reopen one on OSPF process , Republish .（ No virtual links and Tunnel Tunnel technology is for special areas , So here we need to use two-way republishing , But in this topology, only single republishing is required , Then write a default route .）

AR9

[r9]ospf 1
[r9-ospf-1]a 4
[r9-ospf-1-area-0.0.0.4]undo network 172.16.128.0 0.0.3.255
[r9-ospf-1-area-0.0.0.4]q
[r9-ospf-1]undo a 4
[r9-ospf-1]q
[r9]ospf 2 rout    
[r9]ospf 2 router-id 9.9.9.9
[r9-ospf-2]a 4
[r9-ospf-2-area-0.0.0.4]net    
[r9-ospf-2-area-0.0.0.4]network 172.16.128.0 0.0.3.255  
[r9]ospf 1
[r9-ospf-1]import-route ospf 2   
[r9]ospf 2
[r9-ospf-2]de    
[r9-ospf-2]default-route-advertise

8、 stay ABR Do inter domain routing summary and ASBR Do a summary of extraterritorial routes on your device

AR3

[r3]ospf 1    
[r3-ospf-1]a 1 
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0

AR6

[r6]ospf 1
[r6-ospf-1]a 2
[r6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0

AR7

[r7]ospf 1
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

AR12

[r12]ospf 1
[r12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0

AR9

[r9]ospf 1
[r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0

9、 take AREA1、AREA2、AREA3 Make it into a special area , To reduce the number of routing entries

AR1

[r1]ospf 1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]stub 

AR2

[r1]ospf 1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]stub 

AR3

[r3]ospf 1
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]stub no-summary 

AR6

[r6]ospf 1
[r6-ospf-1]a 2  
[r6-ospf-1-area-0.0.0.2]nssa no-summary

AR11

r11]ospf 1
[r11-ospf-1]a 2  
[r11-ospf-1-area-0.0.0.2]nssa 

AR12

[r12]ospf 1
[r12-ospf-1]a 2
[r12-ospf-1-area-0.0.0.2]nssa 

AR7

[r7]ospf 1
[r7-ospf-1]a 3
[r7-ospf-1-area-0.0.0.3]nssa no-summary

AR8

[r8]ospf 1
[r8-ospf-1]a 3
[r8-ospf-1-area-0.0.0.3]nssa 

AR9

[r9]ospf 1
[r9-ospf-1]a 3 
[r9-ospf-1-area-0.0.0.3]nssa

10、 Yes ABR And ASBR The router that has done subnet summary shorting interface to prevent ring

AR3

[r3]ip route-static 172.16.32.0 19 NULL 0

AR6

[r6]ip route-static 172.16.64.0 19 NULL 0

AR7

[r7]ip route-static 172.16.96.0 19 NULL 0

AR12

[r12]ip route-static 172.16.160.0 19 NULL 0

AR9

[r9]ip route-static 172.16.128.0 19 NULL 0

11、 Be able to access the public network . Conduct NAT Protocol configuration

AR3

[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3]int s 4/0/0
[r3-Serial4/0/0]nat outbound 2000

AR5

[r5]acl 2000   
[r5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r5]int s4/0/0
[r5-Serial4/0/0]nat outbound 2000

AR6

[r6]acl 2000   
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6]int s 4/0/0
[r6-Serial4/0/0]nat outbound 2000

AR7

[r7]acl 2000 
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000

12、 Yes AREA1 Configure regional authentication , Keep updates safe

AR1

[r1]ospf 1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

AR2

[r1]ospf 1
[r1-ospf-1]a 1
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

AR3

[r3]ospf 1
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

13、 Speed up convergence

AR3

[r3]int t0/0/0
[r3-Tunnel0/0/0]ospf timer hello 10

AR5

[r5]int t0/0/0
[r5-Tunnel0/0/0]ospf timer hello 10

AR6

[r6]int t0/0/0
[r6-Tunnel0/0/0]ospf timer  hello 10

AR7

[r7]int t0/0/0   
[r7-Tunnel0/0/0]ospf timer  hello  10