MGRE实验

实验拓扑如下：

实验要求：

R4、R5为公网网段；以R1为中心站点（一级站点）；R2和R3为分支站点（二级中心站点）；R2，R3向R1注册；R6、R7为分支站点，R2为R6、R7的中心站点，R3为R8、R9的中心站点；R8、R9为分支站点。R10为用户，通过在R9上配置NAT去公网上进行上网行为。

实验配置如下：

1）4、5模拟公网，应用OSPF收集公网路由。
2）1为一级中心站点，出基本MGRE配置外还需开启nhrp重定向功能，避免路由不可达。以及修改OSPF的类型为p2mp，否则无法正常建立邻居关系。
R1

  interface GigabitEthernet0/0/0
    ip address 10.1.14.1 255.255.255.0 
    #
    interface LoopBack0
     ip address 1.1.1.1 255.255.255.0 
    #
    interface Tunnel0/0/0
    ip address 192.168.1.1 255.255.255.0 
    tunnel-protocol gre p2mp
    source GigabitEthernet0/0/0
    ospf network-type p2mp
    nhrp redirect
    nhrp entry multicast dynamic
    nhrp network-id 1
    #
    ospf 1 router-id 1.1.1.1 
    area 0.0.0.0 
    network 1.1.1.1 0.0.0.0 
   network 192.168.1.1 0.0.0.0 
    #
   ip route-static 0.0.0.0 0.0.0.0 10.1.14.2

R2

interface GigabitEthernet0/0/0
 ip address 10.1.24.1 255.255.255.0 
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 192.168.1.2 255.255.255.0 
 tunnel-protocol gre p2mp
 source GigabitEthernet0/0/0
 ospf network-type p2mp
 ospf dr-priority 0
 nhrp redirect
 nhrp shortcut
 nhrp entry multicast dynamic
 nhrp network-id 1
 nhrp entry 192.168.1.1 10.1.14.1 register
#
ospf 1 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 192.168.1.2 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.1.24.2

R3

interface GigabitEthernet0/0/0
 ip address 10.1.34.1 255.255.255.0 
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 192.168.1.3 255.255.255.0 
 tunnel-protocol gre p2mp
 source GigabitEthernet0/0/0
 ospf network-type p2mp
 ospf dr-priority 0
 nhrp redirect
 nhrp shortcut
 nhrp entry multicast dynamic
 nhrp network-id 1
 nhrp entry 192.168.1.1 10.1.14.1 register


#
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 192.168.1.3 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.1.34.2

R4

interface GigabitEthernet0/0/0
 ip address 10.1.14.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.24.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.1.34.2 255.255.255.0 
#
interface GigabitEthernet4/0/0
 ip address 10.1.45.1 255.255.255.0 
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.0 
#
ospf 1 router-id 4.4.4.4 
 area 0.0.0.0 
  network 0.0.0.0 255.255.255.255 

R5

interface GigabitEthernet0/0/0
 ip address 10.1.45.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.56.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.1.57.2 255.255.255.0 
#
interface GigabitEthernet4/0/0
 ip address 10.1.58.2 255.255.255.0 
#
interface GigabitEthernet4/0/1
 ip address 10.1.59.2 255.255.255.0 
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.0 
#
ospf 1 router-id 5.5.5.5 
 area 0.0.0.0 
  network 0.0.0.0 255.255.255.255 

R6

interface GigabitEthernet0/0/0
 ip address 10.1.56.1 255.255.255.0 
#
interface LoopBack0
 ip address 6.6.6.6 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 192.168.1.6 255.255.255.0 
 tunnel-protocol gre p2mp
 source GigabitEthernet0/0/0
 ospf network-type p2mp
 nhrp shortcut
 nhrp network-id 1
 nhrp entry 192.168.1.2 10.1.24.1 register
#
ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 6.6.6.6 0.0.0.0 
  network 192.168.1.6 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.1.56.2

R7

interface GigabitEthernet0/0/0
 ip address 10.1.57.1 255.255.255.0 
#
interface LoopBack0
 ip address 7.7.7.7 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 192.168.1.7 255.255.255.0 
 tunnel-protocol gre p2mp
 source GigabitEthernet0/0/0
 ospf network-type p2mp
 nhrp shortcut
 nhrp network-id 1
 nhrp entry 192.168.1.2 10.1.24.1 register
#
ospf 1 router-id 7.7.7.7 
 area 0.0.0.0 
  network 7.7.7.7 0.0.0.0 
  network 192.168.1.7 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.1.57.2

R8

interface GigabitEthernet0/0/0
 ip address 10.1.58.1 255.255.255.0 
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 192.168.1.8 255.255.255.0 
 tunnel-protocol gre p2mp
 source GigabitEthernet0/0/0
 ospf network-type p2mp
 nhrp shortcut
 nhrp network-id 1
 nhrp entry 192.168.1.3 10.1.34.1 register
#
ospf 1 router-id 8.8.8.8 
 area 0.0.0.0 
  network 8.8.8.8 0.0.0.0 
  network 192.168.1.8 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.1.58.2

R9

acl number 2000  
 rule 5 permit 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.1.59.1 255.255.255.0 
 nat outbound 2000
#
interface GigabitEthernet0/0/1
 ip address 172.168.1.2 255.255.255.0 
#
interface LoopBack0
 ip address 9.9.9.9 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 192.168.1.9 255.255.255.0 
 tunnel-protocol gre p2mp
 source GigabitEthernet0/0/0
 ospf network-type p2mp
 nhrp shortcut
 nhrp network-id 1
 nhrp entry 192.168.1.3 10.1.34.1 register
#
ospf 1 router-id 9.9.9.9 
 area 0.0.0.0 
  network 9.9.9.9 0.0.0.0 
  network 192.168.1.9 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.1.59.2
ip route-static 172.0.0.0 255.0.0.0 172.168.1.1
#

R10

interface GigabitEthernet0/0/0
 ip address 172.168.1.1 255.255.255.0 
#
interface LoopBack0
 ip address 172.168.2.1 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 192.168.1.10 255.255.255.0 
 tunnel-protocol gre p2mp
 source GigabitEthernet0/0/0
 ospf network-type p2mp
 nhrp shortcut
 nhrp network-id 1
 nhrp entry 192.168.1.3 10.1.34.1 register
#
ospf 1 router-id 10.10.10.10 
 area 0.0.0.0 
  network 172.168.2.1 0.0.0.0 
  network 192.168.1.10 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 172.168.1.2

如果需保证通讯的安全高效，可以配置nhrp的注册认证、OSPF身份认定、OSPF的快速计算以及邻居状态的快速检测。

interface Tunnel0/0/0
ospf authentication-mode md5 5 cipher  xxxxx   //OSPF身份认定
nhrp authentication cipher xxxx   //nhrp的注册认证
ospf bfd enable   //邻居状态快速检测
ospf frr block   //OSPF的快速计

实验验证：