侧边栏壁纸
博主头像
落叶人生博主等级

走进秋风,寻找秋天的落叶

  • 累计撰写 130562 篇文章
  • 累计创建 28 个标签
  • 累计收到 9 条评论
标签搜索

目 录CONTENT

文章目录
系统/网络安全

GRE技术的讲解---第二篇(可跟做)

2023-03-23 星期四 / 0 评论 / 0 点赞 / 75 阅读 / 27171 字

GRE网络中的路由协议部署方案考虑点:第一:两个站点设备上面用哪个接口建立OSPF邻居关系呢?第二:OSPF的hello报文是组播传递 224.0.0.5 这个组播地址不能跨跳 即TTL为1思路:直

.

GRE网络中的路由协议部署方案

考虑点:
第一:两个站点设备上面用哪个接口建立OSPF邻居关系呢?
第二:OSPF的hello报文是组播传递 224.0.0.5 这个组播地址不能跨跳 即TTL为1

思路:
直接用tunnel接口之间建立OSPF关系
在SZ_***的G0/0/0接口抓包所示:

第一步:删除SZ***和BJ***设备的静态引流路由

**SZ_*的配置

#undo ip route-static 192.168.2.0 255.255.255.0 Tunnel0/0/1#

**BJ_*的配置

#undo ip route-static 192.168.1.0 255.255.255.0 Tunnel0/0/1#

第二步:在SZ***和BJ***设备上配置OSPF动态引流路由

**SZ_*的配置

#ospf 1 router-id 1.1.1.1  area 0.0.0.0   network 123.1.1.1 0.0.0.0   network 192.168.1.0 0.0.0.255 #

**BJ_*的配置

#ospf 1 router-id 2.2.2.2  area 0.0.0.0   network 123.1.1.2 0.0.0.0   network 192.168.2.0 0.0.0.255 #

第三步:检查如下

**SZ_*设备的检查

<SZ_***>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------Public routing table : OSPF         Destinations : 1        Routes : 1        OSPF routing table status : <Active>         Destinations : 1        Routes : 1Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface    192.168.2.0/24  OSPF    10   1563        D   123.1.1.2       Tunnel0/0/1OSPF routing table status : <Inactive>         Destinations : 0        Routes : 0

**BJ_*设备的检查

[BJ_***]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------Public routing table : OSPF         Destinations : 1        Routes : 1        OSPF routing table status : <Active>         Destinations : 1        Routes : 1Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface    192.168.1.0/24  OSPF    10   1563        D   123.1.1.1       Tunnel0/0/1OSPF routing table status : <Inactive>         Destinations : 0        Routes : 0
<SZ_***>display ospf interface Tunnel0/0/1     OSPF Process 1 with Router ID 1.1.1.1         Interfaces  Interface: 123.1.1.1 (Tunnel0/0/1) --> 123.1.1.2 Cost: 1562    State: P-2-P     Type: P2P       MTU: 1500   Timers: Hello 10 , Dead 40 , Poll  120 , Retransmit 5 , Transmit Delay 1

PC1可以访问到PC2

PC>ping  192.168.2.2Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to breakRequest timeout!From 192.168.2.2: bytes=32 seq=2 ttl=126 time=94 msFrom 192.168.2.2: bytes=32 seq=3 ttl=126 time=94 msFrom 192.168.2.2: bytes=32 seq=4 ttl=126 time=78 msFrom 192.168.2.2: bytes=32 seq=5 ttl=126 time=156 ms--- 192.168.2.2 ping statistics ---  5 packet(s) transmitted  4 packet(s) received  20.00% packet loss  round-trip min/avg/max = 0/105/156 ms

PC1追踪PC2

PC>tracert 192.168.2.2traceroute to 192.168.2.2, 8 hops max(ICMP), press Ctrl+C to stop 1  192.168.1.254   31 ms  47 ms  47 ms 2  123.1.1.2   62 ms  47 ms  47 ms 3  192.168.2.2   78 ms  94 ms  62 msPC>

**在BJ_*设备上面宣告101.1.1.1路由到OSPF进程当中

#ospf 1 router-id 2.2.2.2  area 0.0.0.0   network 101.1.1.1 0.0.0.0   network 123.1.1.2 0.0.0.0   network 192.168.2.0 0.0.0.255 #

SZ***和BJ*设备里面的OSPF邻居状态机会出现down和full的现象出现
思考请问为什么会出现这种现象?*
1、SZ_会学到101.1.1.1的OSPF路由 当SZ***往外发送hello报文的时候 会进行GRE的封装 而GRE的封装的DIP地址是101.1.1.1的IP地址 而由于SZ到达101.1.1.1的下一跳是tunnel0/0/1接口 是我自己本身 无法发送出去 那等待dead时间到期后 SZ_和BJ***的OSPF状态机会down
2、down了之后 SZ就没有101.1.1.1的路由 SZ_会10s往外发送hello报文 关系就会建立起来FULL 

PC>ping  192.168.2.2 -tPing 192.168.2.2: 32 data bytes, Press Ctrl_C to breakRequest timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!Request timeout!

GRE多站点之间的组网

 思路:在总部建立两个tunnel接口 分别为tunnel0/0/1和tunnel0/0/2接口 用这两个tunnel接口分别和北京和广州部分进行互联

第一步:基本配置

**SZ_*路由器的配置

# sysname SZ_***#interface GigabitEthernet0/0/0 ip address 202.1.1.1 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.1.254 255.255.255.0 #ip route-static 0.0.0.0 0.0.0.0 202.1.1.254#

**BJ_*路由器的配置

# sysname BJ_***#interface GigabitEthernet0/0/0 ip address 101.1.1.1 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.2.254 255.255.255.0 #ip route-static 0.0.0.0 0.0.0.0 101.1.1.254#

**GZ_*路由器的配置

# sysname GZ_***#interface GigabitEthernet0/0/0 ip address 60.1.1.1 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.3.254 255.255.255.0 #ip route-static 0.0.0.0 0.0.0.0 60.1.1.254#

internet的配置

#interface GigabitEthernet0/0/0 ip address 202.1.1.254 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 101.1.1.254 255.255.255.0 #interface GigabitEthernet0/0/2 ip address 60.1.1.254 255.255.255.0 #

检查如下:
**检查SZ_*和PC1的通信

<SZ_***>ping 192.168.1.1  PING 192.168.1.1: 56  data bytes, press CTRL_C to break    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=128 time=40 ms    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=128 time=60 ms    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=128 time=40 ms    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=128 time=60 ms    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=128 time=50 ms  --- 192.168.1.1 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 40/50/60 ms

**检查BJ_*和PC2的通信

<SZ_***>ping 192.168.2.2  PING 192.168.1.1: 56  data bytes, press CTRL_C to break    Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=128 time=40 ms    Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=128 time=60 ms    Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=128 time=40 ms    Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=128 time=60 ms    Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=128 time=50 ms  --- 192.168.2.2 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet lossround-trip min/avg/max = 40/50/60 ms

**检查GZ_*和PC3的通信

<SZ_***>ping 192.168.3.3  PING 192.168.1.1: 56  data bytes, press CTRL_C to break    Reply from 192.168.3.3: bytes=56 Sequence=1 ttl=128 time=40 ms    Reply from 192.168.3.3: bytes=56 Sequence=2 ttl=128 time=60 ms    Reply from 192.168.3.3: bytes=56 Sequence=3 ttl=128 time=40 ms    Reply from 192.168.3.3: bytes=56 Sequence=4 ttl=128 time=60 ms    Reply from 192.168.3.3: bytes=56 Sequence=5 ttl=128 time=50 ms  --- 192.168.3.3 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 40/50/60 ms

检查SZ***和BJ*的通信**

<SZ_***>ping 101.1.1.1  PING 101.1.1.1: 56  data bytes, press CTRL_C to break    Reply from 101.1.1.1: bytes=56 Sequence=1 ttl=254 time=30 ms    Reply from 101.1.1.1: bytes=56 Sequence=2 ttl=254 time=20 ms    Reply from 101.1.1.1: bytes=56 Sequence=3 ttl=254 time=40 ms    Reply from 101.1.1.1: bytes=56 Sequence=4 ttl=254 time=20 ms    Reply from 101.1.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms  --- 101.1.1.1 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet lossround-trip min/avg/max = 20/28/40 ms

检查SZ***GZ*的通信**

<SZ_***>ping 60.1.1.1  PING 60.1.1.1: 56  data bytes, press CTRL_C to break    Reply from 60.1.1.1: bytes=56 Sequence=1 ttl=254 time=30 ms    Reply from 60.1.1.1: bytes=56 Sequence=2 ttl=254 time=30 ms    Reply from 60.1.1.1: bytes=56 Sequence=3 ttl=254 time=20 ms    Reply from 60.1.1.1: bytes=56 Sequence=4 ttl=254 time=20 ms    Reply from 60.1.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms  --- 60.1.1.1 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet lossround-trip min/avg/max = 20/26/30 ms

检查BJ***和GZ*的通信**

<BJ_***>ping 60.1.1.1  PING 60.1.1.1: 56  data bytes, press CTRL_C to break    Reply from 60.1.1.1: bytes=56 Sequence=1 ttl=254 time=20 ms    Reply from 60.1.1.1: bytes=56 Sequence=2 ttl=254 time=20 ms    Reply from 60.1.1.1: bytes=56 Sequence=3 ttl=254 time=10 ms    Reply from 60.1.1.1: bytes=56 Sequence=4 ttl=254 time=30 ms    Reply from 60.1.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms  --- 60.1.1.1 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 10/22/30 ms

检查PC1和PC2的通信

PC>ping  192.168.2.2Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to breakRequest timeout!Request timeout!Request timeout!Request timeout!Request timeout!--- 192.168.2.2 ping statistics ---  5 packet(s) transmitted  0 packet(s) received  100.00% packet loss

检查PC1和PC3的通信

PC>ping  192.168.3.3Ping 192.168.3.3: 32 data bytes, Press Ctrl_C to breakRequest timeout!Request timeout!Request timeout!Request timeout!Request timeout!--- 192.168.3.3 ping statistics ---  5 packet(s) transmitted  0 packet(s) received  100.00% packet loss

检查PC2和PC3的通信

PC>ping 192.168.3.3Ping 192.168.3.3: 32 data bytes, Press Ctrl_C to breakRequest timeout!Request timeout!Request timeout!Request timeout!Request timeout!--- 192.168.3.3 ping statistics ---  5 packet(s) transmitted  0 packet(s) received  100.00% packet loss

第二步:分别在SZ***和BJ***启动TUNNEL接口

**SZ_*的配置

#interface Tunnel0/0/1 ip address 123.1.1.1 255.255.255.0  tunnel-protocol gre source 202.1.1.1 destination 101.1.1.1#interface Tunnel0/0/2 ip address 124.1.1.1 255.255.255.0  tunnel-protocol gre source 202.1.1.1 destination 60.1.1.1#

**BJ_*的配置

#interface Tunnel0/0/1 ip address 123.1.1.2 255.255.255.0  tunnel-protocol gre source 101.1.1.1 destination 202.1.1.1#

**GZ_*的配置

#interface Tunnel0/0/1 ip address 124.1.1.3 255.255.255.0  tunnel-protocol gre source 60.1.1.1 destination 202.1.1.1#

第三步:配置引流路由

**SZ_*的配置

#ip route-static 192.168.2.0 255.255.255.0 Tunnel0/0/1ip route-static 192.168.3.0 255.255.255.0 Tunnel0/0/2#

**BJ_*的配置

#ip route-static 192.168.1.0 255.255.255.0 Tunnel0/0/1#

**GZ_*的配置

#ip route-static 192.168.1.0 255.255.255.0 Tunnel0/0/1#

第四步:检查GRE隧道是否成功

**SZ_*的检查

<SZ_***>display interface Tunnel 0/0/1Tunnel0/0/1 current state : UPLine protocol current state : UPLast line protocol up time : 2020-02-25 17:50:10 UTC-08:00Description:HUAWEI, AR Series, Tunnel0/0/1 InterfaceRoute Port,The Maximum Transmit Unit is 1500Internet Address is 123.1.1.1/24Encapsulation is TUNNEL, loopback not setTunnel source 202.1.1.1 (GigabitEthernet0/0/0), destination 101.1.1.1Tunnel protocol/transport GRE/IP, key disabledkeepalive disabledChecksumming of packets disabledCurrent system time: 2020-02-25 20:19:16-08:00    300 seconds input rate 0 bits/sec, 0 packets/sec    300 seconds output rate 0 bits/sec, 0 packets/sec    0 seconds input rate 0 bits/sec, 0 packets/sec    0 seconds output rate 0 bits/sec, 0 packets/sec    0 packets input,  0 bytes    0 input error    0 packets output,  0 bytes    0 output error    Input bandwidth utilization  : --    Output bandwidth utilization : --<SZ_***>

第二个tunnel接口的详细信息

<SZ_***>display interface Tunnel 0/0/2Tunnel0/0/2 current state : UPLine protocol current state : UPLast line protocol up time : 2020-02-25 23:10:15 UTC-08:00Description:HUAWEI, AR Series, Tunnel0/0/2 InterfaceRoute Port,The Maximum Transmit Unit is 1500Internet Address is 124.1.1.1/24Encapsulation is TUNNEL, loopback not setTunnel source 202.1.1.1 (GigabitEthernet0/0/0), destination 60.1.1.1Tunnel protocol/transport GRE/IP, key disabledkeepalive disabledChecksumming of packets disabledCurrent system time: 2020-02-25 23:29:12-08:00    300 seconds input rate 0 bits/sec, 0 packets/sec    300 seconds output rate 0 bits/sec, 0 packets/sec    0 seconds input rate 0 bits/sec, 0 packets/sec    0 seconds output rate 0 bits/sec, 0 packets/sec    0 packets input,  0 bytes    0 input error    0 packets output,  0 bytes    0 output error    Input bandwidth utilization  : --    Output bandwidth utilization : --

**BJ_*的检查

<BJ_***>display interface Tunnel 0/0/1Tunnel0/0/1 current state : UPLine protocol current state : UPLast line protocol up time : 2020-02-25 17:50:53 UTC-08:00Description:HUAWEI, AR Series, Tunnel0/0/1 InterfaceRoute Port,The Maximum Transmit Unit is 1500Internet Address is 123.1.1.2/24Encapsulation is TUNNEL, loopback not setTunnel source 101.1.1.1 (GigabitEthernet0/0/0), destination 202.1.1.1Tunnel protocol/transport GRE/IP, key disabledkeepalive disabledChecksumming of packets disabledCurrent system time: 2020-02-25 20:21:08-08:00    300 seconds input rate 0 bits/sec, 0 packets/sec    300 seconds output rate 0 bits/sec, 0 packets/sec    0 seconds input rate 0 bits/sec, 0 packets/sec    0 seconds output rate 0 bits/sec, 0 packets/sec    0 packets input,  0 bytes    0 input error    0 packets output,  0 bytes    0 output error    Input bandwidth utilization  : --    Output bandwidth utilization : --<BJ_***>

**GZ_*的检查

<ZG_***>display interface Tunnel 0/0/1Tunnel0/0/1 current state : UPLine protocol current state : UPLast line protocol up time : 2020-02-25 23:03:02 UTC-08:00Description:HUAWEI, AR Series, Tunnel0/0/1 InterfaceRoute Port,The Maximum Transmit Unit is 1500Internet Address is 124.1.1.3/24Encapsulation is TUNNEL, loopback not setTunnel source 60.1.1.1 (GigabitEthernet0/0/0), destination 202.1.1.1Tunnel protocol/transport GRE/IP, key disabledkeepalive disabledChecksumming of packets disabledCurrent system time: 2020-02-25 23:30:27-08:00    300 seconds input rate 0 bits/sec, 0 packets/sec    300 seconds output rate 0 bits/sec, 0 packets/sec    0 seconds input rate 0 bits/sec, 0 packets/sec    0 seconds output rate 0 bits/sec, 0 packets/sec    0 packets input,  0 bytes    0 input error    0 packets output,  0 bytes    0 output error    Input bandwidth utilization  : --    Output bandwidth utilization : --<ZG_***>

第五步:实现北京和广州分部互通

**BJ_*的配置

#ip route-static 192.168.3.0 255.255.255.0 Tunnel0/0/1#

**GZ_*的配置

#ip route-static 192.168.3.0 255.255.255.0 Tunnel0/0/1#

测试PC2和PC3的连通性

PC>ping 192.168.3.3Ping 192.168.3.3: 32 data bytes, Press Ctrl_C to breakRequest timeout!From 192.168.3.3: bytes=32 seq=2 ttl=125 time=78 msFrom 192.168.3.3: bytes=32 seq=3 ttl=125 time=109 msFrom 192.168.3.3: bytes=32 seq=4 ttl=125 time=94 msFrom 192.168.3.3: bytes=32 seq=5 ttl=125 time=78 ms--- 192.168.3.3 ping statistics ---  5 packet(s) transmitted  4 packet(s) received  20.00% packet loss  round-trip min/avg/max = 0/89/109 msPC>

第六步:在BJ-和GZ-起一个TUNNEL接口

删除如下引流路由
在BJ_***删除

ip route-static 192.168.3.0 255.255.255.0 Tunnel0/0/1

在GZ_***删除

ip route-static 192.168.2.0 255.255.255.0 Tunnel0/0/1

在BJ***和GZ创建tunnel0/0/2接口
在BJ_创建

#interface Tunnel0/0/2 ip address 125.1.1.2 255.255.255.0  tunnel-protocol gre source 101.1.1.1 destination 60.1.1.1#ip route-static 192.168.3.0 255.255.255.0 Tunnel0/0/2

在GZ_***创建

#interface Tunnel0/0/2 ip address 125.1.1.3 255.255.255.0  tunnel-protocol gre source 60.1.1.1 destination 101.1.1.1#ip route-static 192.168.2.0 255.255.255.0 Tunnel0/0/2

检查如下

[BJ_***]display interface Tunnel 0/0/2Tunnel0/0/2 current state : UPLine protocol current state : UPLast line protocol up time : 2020-02-26 00:40:33 UTC-08:00Description:HUAWEI, AR Series, Tunnel0/0/2 InterfaceRoute Port,The Maximum Transmit Unit is 1500Internet Address is 125.1.1.2/24Encapsulation is TUNNEL, loopback not setTunnel source 101.1.1.1 (GigabitEthernet0/0/0), destination 60.1.1.1Tunnel protocol/transport GRE/IP, key disabledkeepalive disabledChecksumming of packets disabledCurrent system time: 2020-02-26 00:53:56-08:00    300 seconds input rate 0 bits/sec, 0 packets/sec    300 seconds output rate 0 bits/sec, 0 packets/sec    0 seconds input rate 0 bits/sec, 0 packets/sec    0 seconds output rate 0 bits/sec, 0 packets/sec    0 packets input,  0 bytes    0 input error    0 packets output,  0 bytes    0 output error    Input bandwidth utilization  : --    Output bandwidth utilization : --[BJ_***]

在PC2上面访问PC3

PC>ping 192.168.3.3Ping 192.168.3.3: 32 data bytes, Press Ctrl_C to breakFrom 192.168.3.3: bytes=32 seq=1 ttl=125 time=63 msFrom 192.168.3.3: bytes=32 seq=2 ttl=125 time=93 msFrom 192.168.3.3: bytes=32 seq=3 ttl=125 time=63 msFrom 192.168.3.3: bytes=32 seq=4 ttl=125 time=94 msFrom 192.168.3.3: bytes=32 seq=5 ttl=125 time=93 ms--- 192.168.3.3 ping statistics ---  5 packet(s) transmitted  5 packet(s) received  0.00% packet loss  round-trip min/avg/max = 63/81/94 msPC>tracert 192.168.3.3traceroute to 192.168.3.3, 8 hops max(ICMP), press Ctrl+C to stop 1  192.168.2.254   47 ms  46 ms  47 ms 2  125.1.1.3   47 ms  63 ms  62 ms 3  192.168.3.3   78 ms  94 ms  78 msPC>

GRE组网结合NAT讲解

第一步:基本配置

**SZ_*路由器的配置

# sysname SZ_***#interface GigabitEthernet0/0/0 ip address 172.16.12.1 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.1.254 255.255.255.0 #ip route-static 0.0.0.0 0.0.0.0 172.16.12.2#

**BJ_*路由器的配置

# sysname BJ_***#interface GigabitEthernet0/0/0 ip address 101.1.1.1 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.2.254 255.255.255.0 #ip route-static 0.0.0.0 0.0.0.0 101.1.1.254#

NAT路由器的配置

#interface GigabitEthernet0/0/0 ip address 172.16.12.2 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 202.1.1.1 255.255.255.0 #ip route-static 0.0.0.0 0.0.0.0 202.1.1.254#

internet的配置

#interface GigabitEthernet0/0/0 ip address 202.1.1.254 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 101.1.1.254 255.255.255.0 #

检查如下:
**检查SZ_*和PC1的通信

<SZ_***>ping 192.168.1.1  PING 192.168.1.1: 56  data bytes, press CTRL_C to break    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=128 time=40 ms    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=128 time=60 ms    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=128 time=40 ms    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=128 time=60 ms    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=128 time=50 ms  --- 192.168.1.1 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 40/50/60 ms

**检查BJ_*和PC2的通信

<SZ_***>ping 192.168.1.1  PING 192.168.1.1: 56  data bytes, press CTRL_C to break    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=128 time=40 ms    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=128 time=60 ms    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=128 time=40 ms    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=128 time=60 ms    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=128 time=50 ms  --- 192.168.1.1 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 40/50/60 ms

**检查NAT和BJ_*的通信

<SZ_***>ping 101.1.1.1  PING 101.1.1.1: 56  data bytes, press CTRL_C to break    Reply from 101.1.1.1: bytes=56 Sequence=1 ttl=254 time=30 ms    Reply from 101.1.1.1: bytes=56 Sequence=2 ttl=254 time=20 ms    Reply from 101.1.1.1: bytes=56 Sequence=3 ttl=254 time=40 ms    Reply from 101.1.1.1: bytes=56 Sequence=4 ttl=254 time=20 ms    Reply from 101.1.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms  --- 101.1.1.1 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 20/28/40 ms

检查PC1和PC2的通信

PC>ping  192.168.2.2Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to breakRequest timeout!Request timeout!Request timeout!Request timeout!Request timeout!--- 192.168.2.2 ping statistics ---  5 packet(s) transmitted  0 packet(s) received  100.00% packet loss

第二步:分别在SZ***和BJ***启动TUNNEL接口

**SZ_*的配置

#interface Tunnel0/0/1 ip address 123.1.1.1 255.255.255.0  tunnel-protocol gre source 172.16.12.1 destination 101.1.1.1#

**BJ_*的配置

#interface Tunnel0/0/1 ip address 123.1.1.2 255.255.255.0  tunnel-protocol gre source 101.1.1.1 destination 202.1.1.1#

NAT设备配置

#interface GigabitEthernet0/0/1nat static global 202.1.1.2 inside 172.16.12.1 netmask 255.255.255.255#

第三步:配置引流路由

**SZ_*的配置

#ip route-static 192.168.2.0 255.255.255.0 Tunnel0/0/1#

**BJ_*的配置

#ip route-static 192.168.1.0 255.255.255.0 Tunnel0/0/1#

第四步:检查GRE隧道是否成功

**SZ_*的检查

<SZ_***>display interface Tunnel 0/0/1Tunnel0/0/1 current state : UPLine protocol current state : UPLast line protocol up time : 2020-02-26 18:10:00 UTC-08:00Description:HUAWEI, AR Series, Tunnel0/0/1 InterfaceRoute Port,The Maximum Transmit Unit is 1500Internet Address is 123.1.1.1/24Encapsulation is TUNNEL, loopback not setTunnel source 172.16.12.1 (GigabitEthernet0/0/0), destination 101.1.1.1Tunnel protocol/transport GRE/IP, key disabledkeepalive disabledChecksumming of packets disabledCurrent system time: 2020-02-26 18:23:31-08:00    300 seconds input rate 0 bits/sec, 0 packets/sec    300 seconds output rate 0 bits/sec, 0 packets/sec    0 seconds input rate 0 bits/sec, 0 packets/sec    0 seconds output rate 0 bits/sec, 0 packets/sec    0 packets input,  0 bytes    0 input error    0 packets output,  0 bytes    0 output error    Input bandwidth utilization  : --    Output bandwidth utilization : --<SZ_***>

**BJ_*的检查

<BJ_***>display interface Tunnel 0/0/1Tunnel0/0/1 current state : UPLine protocol current state : UPLast line protocol up time : 2020-02-26 18:11:02 UTC-08:00Description:HUAWEI, AR Series, Tunnel0/0/1 InterfaceRoute Port,The Maximum Transmit Unit is 1500Internet Address is 123.1.1.2/24Encapsulation is TUNNEL, loopback not setTunnel source 101.1.1.1 (GigabitEthernet0/0/0), destination 202.1.1.2Tunnel protocol/transport GRE/IP, key disabledkeepalive disabledChecksumming of packets disabledCurrent system time: 2020-02-26 18:24:07-08:00    300 seconds input rate 0 bits/sec, 0 packets/sec    300 seconds output rate 0 bits/sec, 0 packets/sec    0 seconds input rate 0 bits/sec, 0 packets/sec    0 seconds output rate 0 bits/sec, 0 packets/sec    0 packets input,  0 bytes    0 input error    0 packets output,  0 bytes    0 output error    Input bandwidth utilization  : --    Output bandwidth utilization : --<BJ_***>

PC1访问PC2

PC>ping 192.168.2.2Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to breakFrom 192.168.2.2: bytes=32 seq=1 ttl=126 time=78 msFrom 192.168.2.2: bytes=32 seq=2 ttl=126 time=94 msFrom 192.168.2.2: bytes=32 seq=3 ttl=126 time=94 msFrom 192.168.2.2: bytes=32 seq=4 ttl=126 time=78 msFrom 192.168.2.2: bytes=32 seq=5 ttl=126 time=109 ms--- 192.168.2.2 ping statistics ---  5 packet(s) transmitted  5 packet(s) received  0.00% packet loss  round-trip min/avg/max = 78/90/109 msPC>
.

赞一下 返回首页
本文链接: https://www.qiuyue.org/internet/system/54588.html
广告 广告

评论区