H3C网络学院路由互换第四卷实验指导书.docx

1、H3C网络学院路由互换第四卷实验指导书实验1 配置GRE VPN实验任务一：GRE VPN大体配置步骤一：搭建实验环境在SWA上配置VLAN2，将接口E1/0/2加入VLAN2：SWAvlan 2SWA-vlan2port Ethernet 1/0/2步骤二：检测公网连通性查看SWA的路由表和端口状态，确认其工作正常。SWAdisplay ip interface brief*down: administratively down(s): spoofingInterface Physical Protocol IP Address DescriptionVlan-interface1 up u

2、p .2 Vlan-inte.Vlan-interface2 up up .2 Vlan-inte.SWAdisplay ip routing-tableRouting Tables: Public Destinations : 6 Routes : 6Destination/Mask Proto Pre Cost NextHop Interface.0/24 Direct 0 0 .2 Vlan1.2/32 Direct 0 0 InLoop0.0/24 Direct 0 0 .2 Vlan2.2/32 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Direct

3、 0 0 InLoop0也能够利用display interface命令。在RTA和RTB上配置公网接口互通所需的静态路由。RTAinterface GigabitEthernet0/0RTA-GigabitEthernet0/0ip address GigabitEthernet0/1RTA-GigabitEthernet0/1ip address .1 route-static .0 GigabitEthernet0/0RTB-GigabitEthernet0/0ip address GigabitEthernet0/1步骤三：RTB-GigabitEthernet0/1ip addres

4、s .1 route-static .0 配置GRE隧道接口RTA interface Tunnel0RTA-Tunnel0 ip address source .1RTA-Tunnel0 destination .1RTB interface Tunnel0RTB-Tunnel0 ip address source .1RTB-Tunnel0 destination .1步骤四：为私网配置静态路由RTA ip route-static Tunnel0RTB ip route-static Tunnel0配置时也能够用下一跳地址。步骤五：查验隧道工作状况查看RTA与RTB的路由表，可见公网、私

5、网路由均存在于路由表中： RTBdisplay ip routing-tableRouting Tables: Public Destinations : 10 Routes : 10Destination/Mask Proto Pre Cost NextHop Interface.0/24 Static 60 0 .2 GE0/1.0/24 Direct 0 0 .1 GE0/1.1/32 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Static 60 0 Tun0 Direct 0 0 GE0/0 Direct 0 0

6、InLoop0 Direct 0 0 Tun0 Direct 0 0 InLoop0查看RTA和RTB的隧道接口状态，可见其利用GRE封装，状态为UP：RTBdisplay interface Tunnel 0Tunnel0 current state: UPLine protocol current state: UPDescription: Tunnel0 InterfaceThe Maximum Transmit Unit is 1476Internet Address is PrimaryEncapsulation is TUNNEL, service-loopback-group I

7、D not set.Tunnel source .1, destination keepalive disableTunnel protocol/transport GRE/IP GRE key disabled Checksumming of GRE packets disabledOutput queue : (Urgent queuing : Size/Length/Discards) 0/100/0Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0Output queue : (FIFO queuing :

8、Size/Length/Discards) 0/75/0 Last 300 seconds input: 15 bytes/sec, 0 packets/sec Last 300 seconds output: 21 bytes/sec, 0 packets/sec 133 packets input, 5701 bytes 0 input error 124 packets output, 7469 bytes 0 output error在RTA上打开GRE协议调试开关用debugging命令查验路由器实际收发的报文，说明其地址已经改变。terminal monitorterminal d

9、ebuggingdebugging gre packet在PCA上对RTB运行ping命令，但只发送一个ICMP包：C:Documents and SettingsUserping -n 1 with 32 bytes of data:Reply from bytes=32 time1ms TTL=254Ping statistics for Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms

10、, Average = 0ms观看RTA上的输出信息：*Jun 26 16:15:30:443 2020 RTA GRE/7/debug: Tunnel0 packet:After encapsulation, Outgoing packet header .1- = 84)*Jun 26 16:15:30:443 2020 RTA GRE/7/debug:Output: Gre packet has been fast-switched successfully, interface index is 0x2f0000.可见RTA从Tunnel0接口发出了一个包，源地址为.1，目的地址为。因

11、为发送的包已经被GRE封装后在公网发送了。步骤六：清除静态路由用undo ip route-static命令。步骤七：为公网配置动态路由RTAospf 1RTA-ospf-1network 1RTB-ospf-1network 1SWA-ospf-1步骤八：network 为私网配置动态路由RTArip 1RTA-rip-1version 2RTA-rip-1network 2步骤九：RTB-rip-1network 再次查验隧道工作状况查看RTA与RTB的路由表： display ip routing-tableRouting Tables: Public Destinations : 10

12、 Routes : 10Destination/Mask Proto Pre Cost NextHop Interface.0/24 OSPF 10 2 .2 GE0/1.0/24 Direct 0 0 .1 GE0/1.1/32 Direct 0 0 InLoop0 Direct 0 0 InLoop0 Direct 0 0 InLoop0 RIP 100 1 Tun0 Direct 0 0 GE0/0 Direct 0 0 InLoop0 Direct 0 0 Tun0 Direct 0 0 InLoop0转入下一实验任务。实验任务二：GRE VPN隧道验证步骤一：单方配置隧道验证第一在R

13、TA上单方启动隧道验证：RTA-Tunnel0gre key 1234步骤二：查验隧道连通性用ping命令验证PCA与PCB之间的连通性。由于仅单方配置了隧道验证，现在应该无法连通。C:Documents and SettingsUserping with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),步骤三：配置错误

14、的隧道验证在RTB上也启动隧道验证，但验证值配置与RTA不同：RTB-Tunnel0gre key 12345步骤四：查验隧道连通性用ping命令验证PCA与PCB之间的连通性。由于配置的隧道验证值错误，现在应该无法连通。C:Documents and SettingsUserping with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for Packets: Sent = 4, Received = 0, Lost = 4

15、(100% loss),步骤五：正确配置隧道验证在RTB上配置与RTA相同的验证值：RTB-Tunnel0gre key 1234步骤六：查验隧道连通性用ping命令验证PCA与PCB之间的连通性。由于配置的隧道验证正确，现在应该能够连通。C:Documents and SettingsUserping with 32 bytes of data:Reply from bytes=32 time=1ms TTL=254Reply from bytes=32 time1ms TTL=254Reply from bytes=32 time1ms TTL=254Reply from bytes=32

16、 time1ms TTL=254Ping statistics for Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms注意：由于RTA和RTB上配置了RIP路由，若是隧道验证值长时刻不匹配，RIP会删除来自对方的私网路由。在这种情形下，配置了正确的隧道验证值后需要等待RIP从头学习路由。实验任务三：GRE VPN隧道Keepalive步骤一：恢复静态路由配置

17、RTAundo ripWarning : Undo RIP process? Y/N:yRTAundo ospfWarning : Undo OSPF process? Y/N:yRTAip route-static Tunnel0 RTAip route-static .0 ripWarning : Undo RIP process? Y/N:yRTBundo ospfWarning : Undo OSPF process? Y/N:yRTBip route-static Tunnel0步骤二：RTBip route-static .0 模拟网络故障 SWA-Vlan-interface2s

18、hutdown步骤三：检查RTA上的隧道接口状态在RTA上检查隧道接口状态，发觉隧道接口状态仍然正常：RTAdisplay interface Tunnel 0Tunnel0 current state: UPLine protocol current state: UPDescription: Tunnel0 InterfaceThe Maximum Transmit Unit is 1472Internet Address is PrimaryEncapsulation is TUNNEL, service-loopback-group ID not set.Tunnel source .

19、1, destination keepalive disableTunnel protocol/transport GRE/IP GRE key value is 1234 Checksumming of GRE packets disabledOutput queue : (Urgent queuing : Size/Length/Discards) 0/100/0Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0Output queue : (FIFO queuing : Size/Length/Discards

20、) 0/75/0 Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec 1016 packets input, 100223 bytes 10 input error 981 packets output, 41128 bytes 0 output error这说明其无法了解对端转变情形。这是因为在RTA上，隧道源地址所属接口正常，隧道目的地址所需的路由仍然存在。步骤四：恢复网络故障SWA-Vlan-interface2undo shutdow

21、n步骤五：配置隧道KeepaliveRTAinterface Tunnel 0RTA-Tunnel0keepaliveRTBinterface Tunnel 0RTB-Tunnel0keepalive步骤六：模拟网络故障在RTA上启动debugging开关：terminal monitorterminal debuggingdebugging gre alldebugging tunnel all关闭SWA的VLAN2接口，模拟公网路由突然发生故障。SWA-Vlan-interface2shutdown步骤七：观看成效，查验隧道连通性在RTA上观看debugging信息。输出信息形如：*Jun

22、 26 17:31:54:794 2020 RTA TUNNEL/7/debug:Tunnel0 link state is UP, no change.*Jun 26 17:31:55:508 2020 RTA TUNNEL/7/debug: Before encapsulation, the packets ulLoopTimes is 0.*Jun 26 17:32:55:968 2020 RTA TUNNEL/7/debug: Before encapsulation, the packets ulLoopTimes is 0.*Jun 26 17:33:00:293 2020 RTA

23、 TUNNEL/7/debug:Tunnel0 link state is UP, no change.*Jun 26 17:33:05:332 2020 RTA TUNNEL/7/debug:Tunnel0 link state is UP, no change.*Jun 26 17:33:06:45 2020 RTA TUNNEL/7/debug: Before encapsulation, the packets ulLoopTimes is 0.*Jun 26 17:33:10:369 2020 RTA TUNNEL/7/debug:Tunnel0 link state is UP,

24、no change.*Jun 26 17:33:15:408 2020 RTA TUNNEL/7/debug:Tunnel0 link state is UP, no change.%Jun 26 17:33:16:168 2020 RTA TUNNEL/4/LINK UPDOWN: Tunnel0: link status is DOWN%Jun 26 17:33:16:168 2020 RTA IFNET/4/UPDOWN: Line protocol on the interface Tunnel0 is DOWN*Jun 26 17:33:16:168 2020 RTA TUNNEL/

25、7/debug:Tunnel0 down, because keepalive is not reached.*Jun 26 17:33:16:169 2020 RTA TUNNEL/7/debug:Can not get tunnel ID when tunnel(index = 0x2f0000) state is down.*Jun 26 17:33:16:169 2020 RTA TUNNEL/7/debug:Tunnel_DelTunnInUpTunnTbl: The tunnel(0x2f0000) state is down.*Jun 26 17:33:16:169 2020 R

26、TA TUNNEL/7/debug: Before encapsulation, the packets ulLoopTimes is 0.*Jun 26 17:33:20:451 2020 RTA TUNNEL/7/debug:Tunnel0 down, because keepalive is not reached.*Jun 26 17:33:20:451 2020 RTA TUNNEL/7/debug:Tunnel0 link state is DOWN, no change.*Jun 26 17:33:25:490 2020 RTA TUNNEL/7/debug:Tunnel0 do

27、wn, because keepalive is not reached.*Jun 26 17:33:25:490 2020 RTA TUNNEL/7/debug:Tunnel0 link state is DOWN, no change.*Jun 26 17:33:26:203 2020 RTA TUNNEL/7/debug:可见通过一段时刻后，Tunnel0接口状态变成DOWN，依照debugging信息，缘故是keepalive消息丢失。关闭debugging开关，查看Tunnel0接口信息：undo debugging allAll possible debugging has bee

28、n turned offdisplay interface tunnel 0Tunnel0 current state: DOWNLine protocol current state: DOWNDescription: Tunnel0 InterfaceThe Maximum Transmit Unit is 1472Internet Address is PrimaryEncapsulation is TUNNEL, service-loopback-group ID not set.Tunnel source .1, destination keepalive enable, Perio

29、d(10 s), Retries(3)Tunnel protocol/transport GRE/IP GRE key value is 1234 Checksumming of GRE packets disabledOutput queue : (Urgent queuing : Size/Length/Discards) 0/100/0Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last

30、 300 seconds input: 2 bytes/sec, 0 packets/sec Last 300 seconds output: 2 bytes/sec, 0 packets/sec 1115 packets input, 101679 bytes 10 input error 1084 packets output, 44012 bytes 0 output error可见Tunnel0接口状态确实已经变成DOWN。在SWA上从头打开VLAN2接口，过一段时刻以后， Tunnel0接口状态和PCA与PCB之间的连通性能够恢复正常。实验2 配置L2TP VPN实验任务一：配置独立LAC模式步骤一：搭建实验环境连接设备。在SWA上配置VLAN2，将接口E1/0/2加入VLAN2。SWAvlan 2SWA-vlan2port Ethernet 1/0/2步骤二：检测公网连通性查看SWA的路由表和端口状态，确认其工作正常。SWAdisplay ip interface brief*down: administratively down(s): spoofingInterfa