Cisco之路由重分发和NAT

    在一个大型网络中可能存在着多种路由协议，因此关系到路由重分发的问题。网络架构如下图所示：

架构说明：

1 R1为总公司路由器；

2 R2、R5为上海分公司路由器；

3 R3、R4为杭州分公司路由器；

4 总公司和分公司之间使用OSPF协议，上海分公司使用RIP协议，而杭州分公司使用静态路由协议；

5 所有分公司访问公网都通过总公司路由器R1实现；

6 本地所带主机由Loopback1接口模拟；

7 Loopback0使用192.168.255.0/24网段并且作为Router ID；

1）配置基本信息

R1配置如下：

R1(config)#hostname R1

R1(config)#int f0/0

R1(config-if)#ip add 10.0.0.1 255.255.255.252

R1(config-if)#no sh

R1(config-if)#int f1/0

R1(config-if)#ip add 10.0.0.6 255.255.255.252

R1(config-if)#no sh

R1(config-if)#int f2/0

R1(config-if)#ip add 172.16.31.1 255.255.255.252

R1(config-if)#no sh

R1(config)#int loopback 0

R1(config-if)#ip add 192.168.255.1 255.255.255.0

R1(config-if)#no sh

R1(config)#int loopback 1

R1(config-if)#ip add 192.168.1.1 255.255.255.0

R1(config-if)#no sh

R1(config)#router ospf 1

R1(config-router)#router-id 192.168.255.1

R1(config-router)#network 192.168.1.0 0.0.0.255 area 0

R1(config-router)#network 10.0.0.4 0.0.0.3 area 1

R1(config-router)#network 192.168.255.1 0.0.0.0 area 0

R1(config-router)#network 10.0.0.0 0.0.0.3 area 0

R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.31.2

R2配置如下：

R2(config)#hostname R2

R2(config)#int f0/0

R2(config-if)#ip add 10.0.0.2 255.255.255.252

R2(config-if)#no sh

R2(config-if)#int f1/0

R2(config-if)#ip add 192.168.100.1 255.255.255.0

R2(config-if)#no sh

R2(config)#int loopback 0

R2(config-if)#ip add 192.168.255.2 255.255.255.255

R2(config-if)#no sh

R2(config)#router ospf 1

R2(config-router)#router-id 192.168.255.2 

R2(config-router)#network 10.0.0.0 0.0.0.3 area 0

R2(config-router)#network 192.168.255.2 0.0.0.0 area 0

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#no auto-summary 

R2(config-router)#network 192.168.100.0

R3配置如下：

R3(config)#hostname R3

R3(config)#int f1/0

R3(config-if)#ip add 10.0.0.5 255.255.255.252

R3(config-if)#no sh

R3(config-if)#int f0/0

R3(config-if)#ip add 10.0.0.10 255.255.255.252

R3(config-if)#no sh

R3(config)#int loopback 0

R3(config-if)#ip add 192.168.255.3 255.255.255.255

R3(config-if)#no sh

R3(config)#router ospf 1

R3(config-router)#router-id 192.168.255.3

R3(config-router)#network 10.0.0.4 0.0.0.3 area 1

R3(config-router)#network 192.168.255.3 0.0.0.0 area 1

R3(config)#ip route 192.168.3.0 255.255.255.0 10.0.0.9

R4配置如下：

R4(config)#hostname R4

R4(config)#int f0/0

R4(config-if)#ip add 10.0.0.9 255.255.255.252

R4(config-if)#no sh

R4(config)#int loopback 0

R4(config-if)#ip add 192.168.255.4 255.255.255.255

R4(config-if)#no sh

R4(config)#int loopback 1

R4(config-if)#ip add 192.168.3.1 255.255.255.0

R4(config-if)#no sh

R4(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.10

R5配置如下：

R5(config)#hostname R5

R5(config)#int f0/0

R5(config-if)#ip add 192.168.100.2 255.255.255.0

R5(config-if)#no sh

R5(config)#int loopback 1

R5(config-if)#ip add 192.168.2.1 255.255.255.0

R5(config-if)#no sh

R5(config)#router rip

R5(config-router)#version 2

R5(config-router)#no auto-summary

R5(config-router)#network 192.168.100.0

R5(config-router)#network 192.168.2.0

Internet配置如下：

Internet(config)#hostname Internet

Internet(config)#int f0/0

Internet(config-if)#ip add 172.16.31.2 255.255.255.252

Internet(config-if)#no sh

Internet(config)#int loopback 1

Internet(config-if)#ip add 59.56.61.1 255.255.255.0

Internet(config-if)#no sh

查看路由表：

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.31.2 to network 0.0.0.0

     172.16.0.0/30 is subnetted, 1 subnets

C       172.16.31.0 is directly connected, FastEthernet2/0

     10.0.0.0/30 is subnetted, 2 subnets

C       10.0.0.0 is directly connected, FastEthernet0/0

C       10.0.0.4 is directly connected, FastEthernet1/0

     192.168.255.0/24 is variably subnetted, 3 subnets, 2 masks

O       192.168.255.3/32 [110/2] via 10.0.0.5, 00:21:37, FastEthernet1/0

O       192.168.255.2/32 [110/2] via 10.0.0.2, 00:31:22, FastEthernet0/0

C       192.168.255.0/24 is directly connected, Loopback0

C    192.168.1.0/24 is directly connected, Loopback1

S*   0.0.0.0/0 [1/0] via 172.16.31.2

2）配置路由重分发：

路由器R1重发布默认路由：

R1(config)#router ospf 1

R1(config-router)#default-information originate always 

路由器R2重分发：

R2(config)#router ospf 1

R2(config-router)#redistribute rip subnets 

R2(config)#router rip

R2(config-router)#redistribute ospf 1 metric 3

路由器R3重发布静态路由和直连路由：

R3(config)#router ospf 1

R3(config-router)#redistribute static subnets 

R3(config-router)#redistribute connected subnets 

3）验证网络通信是否正常

R3#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.6 to network 0.0.0.0

     10.0.0.0/30 is subnetted, 3 subnets

C       10.0.0.8 is directly connected, FastEthernet0/0

O IA    10.0.0.0 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0

C       10.0.0.4 is directly connected, FastEthernet1/0

     192.168.255.0/32 is subnetted, 3 subnets

C       192.168.255.3 is directly connected, Loopback0

O IA    192.168.255.2 [110/3] via 10.0.0.6, 00:02:31, FastEthernet1/0

O IA    192.168.255.1 [110/2] via 10.0.0.6, 00:02:31, FastEthernet1/0

     192.168.1.0/32 is subnetted, 1 subnets

O IA    192.168.1.1 [110/2] via 10.0.0.6, 00:02:33, FastEthernet1/0

O E2 192.168.2.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0

O E2 192.168.100.0/24 [110/20] via 10.0.0.6, 00:02:33, FastEthernet1/0

S    192.168.3.0/24 [1/0] via 10.0.0.9

O*E2 0.0.0.0/0 [110/1] via 10.0.0.6, 00:02:35, FastEthernet1/0

R4#ping 192.168.2.1 source 192.168.3.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.3.1 

!!!!!

R5#ping 10.0.0.5 source 192.168.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.5, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.1 

!!!!!

4) 在R1路由器上配置NAT

R1(config)#int f1/0

R1(config-if)#ip nat inside 

R1(config)#int f0/0

R1(config-if)#ip nat inside 

R1(config)#int f2/0

R1(config-if)#ip nat outside 

R1(config)#access-list 1 permit any 

R1(config)#ip nat inside source list 1 int f2/0 overload 

测试内网访问外网的连通性

R5#ping 59.56.61.1 source 192.168.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.1 

!!!!!

R4#ping 59.56.61.1 source 192.168.3.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.3.1 

!!!!!

当然，我们可以禁止192.168.2.0的网段对外网的访问：

R1(config)#no access-list 1

R1(config)#access-list 1 deny 192.168.2.0 0.0.0.255

R1(config)#access-list 1 permit any

R1(config)#ip nat inside source list 1 interface f2/0 overload 

R5#ping 59.56.61.1 source 192.168.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.1 

.....

R4#ping 59.56.61.1 source 192.168.3.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 59.56.61.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.3.1 

!!!!!