20201209 cisco VRF & OSPF
課堂資料
Virtual Routing and Forwarding
Virtual Routing and Forwarding(VRF):虛擬路由和轉發,為第三層的網路虛擬化。
課堂練習
VRF
int e0/0ip add 192.168.1.1 255.255.255.0no shutexit
int e0/0ip add 192.168.2.1 255.255.255.0no shutexit
int e0/0ip add 192.168.3.1 255.255.255.0no shutexit
int e0/0ip add 192.168.4.1 255.255.255.0no shutexit
創建這些 VRF
ip vrf Blueexitip vrf Redexit
使用
ip vrf forwarding命令將接口分配給正確的 VRF
int e0/0ip vrf forwarding Blueip add 192.168.1.2 255.255.255.0no shutint e0/1ip vrf forwarding Redip add 192.168.2.2 255.255.255.0no shutint e0/2ip vrf forwarding Blueip add 192.168.3.2 255.255.255.0no shutint e0/3ip vrf forwarding Redip add 192.168.4.2 255.255.255.0no shut
看看 ISP 路由器的全局路由表
do sh ip ro connected檢查 VRF 路由表
do sh ip ro vrf Blue
do sh ip ro vrf Red
do ping vrf Blue 192.168.1.1
配置靜態路由,則必須指定正確的 VRF。
R Blue 01有一個 IP 位址為 1.1.1.1 / 32 的環回接口。
我們在 ISP 路由器上創建一個靜態路由,以便我們可以訪問它
exitip route vrf Blue 1.1.1.1 255.255.255.255 192.168.1.1do ping vrf Blue 1.1.1.1ip route vrf Red 2.2.2.2 255.255.255.255 192.168.2.1do ping vrf Red 2.2.2.2ip route vrf Blue 3.3.3.3 255.255.255.255 192.168.3.1do ping vrf Blue 3.3.3.3ip route vrf Red 4.4.4.4 255.255.255.255 192.168.4.1do ping vrf Red 4.4.4.4do sh ip ro vrf UpperOSPF
router ospf 1network 192.168.1.0 0.0.0.255 area 0network 1.1.1.1 0.0.0.0 area 0
router ospf 1network 192.168.2.0 0.0.0.255 area 0network 2.2.2.2 0.0.0.0 area 0
router ospf 1network 192.168.3.0 0.0.0.255 area 0network 3.3.3.3 0.0.0.0 area 0
router ospf 1network 192.168.4.0 0.0.0.255 area 0network 4.4.4.4 0.0.0.0 area 0
Blue
router ospf 1 vrf Bluenetwork 192.168.1.0 0.0.0.255 area 0network 192.168.3.0 0.0.0.255 area 0Red
router ospf 2 vrf Rednetwork 192.168.2.0 0.0.0.255 area 0network 192.168.4.0 0.0.0.255 area 0ISP 路由器上的 VRF 路由表現在的樣子
do sh ip ro vrf Blue ospfdo sh ip ro vrf Red ospf
Dynamic NAT ( DAT ):Many to Many Mopping
Port NAT ( PAT ) :Many to 1
Static NAT:1 to 1
Part 01.
int e0/0ip add 12.1.1.1 255.255.255.0no shutint lo1ip add 192.168.1.1 255.255.255.0no shutint lo2ip add 192.168.2.1 255.255.255.0no shutexitip route 0.0.0.0 0.0.0.0 12.1.1.2
do ping 12.1.1.2do ping 23.1.1.3do ping 23.1.1.3 source 192.168.1.1do ping 23.1.1.3 source 192.168.2.1
ping 3.3.3.3 source 192.168.1.1
int e0/0ip add 12.1.1.2 255.255.255.0no shutint e0/1ip add 23.1.1.2 255.255.255.0no shutexitip route 192.168.1.0 255.255.255.0 12.1.1.1ip route 192.168.2.0 255.255.255.0 12.1.1.1ip route 0.0.0.0 0.0.0.0 23.1.1.3
do ping 23.1.1.3do ping 3.3.3.3do ping 8.8.8.8access-list 1 permit 192.168.1.0 0.0.0.255access-list 2 permit 192.168.2.0 0.0.0.255ip nat pool DNAT 23.1.1.100 23.1.1.200 netmask 255.255.255.0int e0/0ip nat insideint e0/1ip nat outsideexitip nat inside source list 1 pool DNATip nat inside source list 2 pool DNAT
exitsh ip nat translationssh ip nat statistics
conf tno ip nat inside source list 1 pool DNATno ip nat inside source list 2 pool DNATip nat pool PAT 23.1.1.2 23.1.1.2 netmask 255.255.255.0ip nat inside source list 1 pool DNAT overloadip nat inside source list 2 pool DNAT overloadexitdebug ip nat
int e0/0ip add 23.1.1.3 255.255.255.0no shutint lo1ip add 3.3.3.3 255.255.255.255no shutint lo2ip add 8.8.8.8 255.255.255.255no shutexitdo sh ip ro
conf tline vty 0 4password ciscologintransport input telnet
Part 02.
ifconfig eth0 192.168.3.2/24ip addr add 192.168.3.2/24 brd + dev eth0ip route add default via 192.168.3.1ping 192.168.3.1ping 12.1.1.1ping 12.1.1.2
ping 23.1.1.2
ip route add default 192.168.3.2/24 brd + dev eth0wiresharktelnet 23.1.1.3conf tint e0/1ip add 192.168.3.1 255.255.255.0no shut
conf tip route 192.168.3.0 255.255.255.0 12.1.1.1access-list 3 permit 192.168.3.0 0.0.0.255ip nat inside source list 3 pool DNAT overload
Part 03.
int e0/0ip add 12.1.1.1 255.255.255.0no shutexitip route 0.0.0.0 0.0.0.0 12.1.1.2line vty 0 4password ciscologintransport input telnet
int e0/0ip add 12.1.1.2 255.255.255.0no shutint e0/1ip add 23.1.1.2 255.255.255.0no shutexitip route 0.0.0.0 0.0.0.0 23.1.1.3telnet 12.1.1.1exitint e0/0ip nat insideint e0/1ip nat outsideexitip nat inside source static 12.1.1.1 23.1.1.10do sh ip nat translations
int e0/0ip add 23.1.1.3 255.255.255.0no shutexitdo ping 23.1.1.2telnet 23.1.1.10
Last updated
Was this helpful?