配置GRE隧道使两个不同的网段实现内部通讯,有必有的还可以配置加密

基本的路由信息配置(使用OSPF模拟互联网)

AR1

The device is running!
system-view #进入系统视图
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable #关闭信息中心提示
Info: Information center is disabled.
[Huawei]sysname AR1 #修改设备名称
[AR1]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR1-GigabitEthernet0/0/0]ip address 12.1.1.1 24 #配置IP地址及子网掩码
[AR1-GigabitEthernet0/0/0]quit #退出端口
[AR1]interface GigabitEthernet 0/0/1 #进入端口0/0/1
[AR1-GigabitEthernet0/0/1]ip address 13.1.1.1 24 #配置IP地址及子网掩码
[AR1-GigabitEthernet0/0/1]quit #退出端口
[AR1]ospf 1 #创建ospf进程 1
[AR1-ospf-1]area 0 #创建area区域 0
[AR1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255 #宣告网段及长度
[AR1-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255 #宣告网段及长度
[AR1-ospf-1-area-0.0.0.0]quit #退出区域 0
[AR1-ospf-1]quit #退出ospf进程

AR2

The device is running!
system-view #进入系统视图
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable #关闭信息中心提示
Info: Information center is disabled.
[Huawei]sysname AR2 #修改设备名称
[AR2]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR2-GigabitEthernet0/0/0]ip address 12.1.1.2 24 #配置IP地址及子网掩码
[AR2-GigabitEthernet0/0/0]ping 12.1.1.1 #检测与AR1的连通性
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=130 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/48/130 ms
[AR2-GigabitEthernet0/0/0]quit #退出端口
[AR2]interface GigabitEthernet 0/0/1 #进入端口0/0/1
[AR2-GigabitEthernet0/0/1]ip address 10.1.1.1 24 #配置IP地址及子网掩码
[AR2-GigabitEthernet0/0/1]ping 10.1.1.2 #检测与PC1的连通性
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=30 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=20 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=20 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=20 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=10 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/20/30 ms
[AR2-GigabitEthernet0/0/1]quit #退出端口
[AR2]ospf 1 #创建ospf进程 1
[AR2-ospf-1]area 0 #创建area区域 0
[AR2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255 #宣告网段及长度
[AR2-ospf-1-area-0.0.0.0]quit #退出区域 0
[AR2-ospf-1]quit #退出ospf进程
[AR2]

AR3

The device is running!
system-view #进入系统视图
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable #关闭信息中心提示
Info: Information center is disabled.
[Huawei]sysname AR3 #修改设备名称
[AR3]interface GigabitEthernet 0/0/0 #进入端口0/0/0
[AR3-GigabitEthernet0/0/0]ip address 13.1.1.2 24 #配置IP地址及子网掩码
[AR3-GigabitEthernet0/0/0]ping 13.1.1.1 #检测与AR1的连通性
PING 13.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 13.1.1.1: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 13.1.1.1: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 13.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 13.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 13.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 13.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/40/90 ms
[AR3-GigabitEthernet0/0/0]quit #退出端口
[AR3]interface GigabitEthernet 0/0/1 #进入端口0/0/1
[AR3-GigabitEthernet0/0/1]ip add 10.2.2.1 24 #配置IP地址及子网掩码
[AR3-GigabitEthernet0/0/1]ping 10.2.2.2 #检测与PC2的连通性
PING 10.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.2.2.2: bytes=56 Sequence=1 ttl=128 time=50 ms
Reply from 10.2.2.2: bytes=56 Sequence=2 ttl=128 time=10 ms
Reply from 10.2.2.2: bytes=56 Sequence=3 ttl=128 time=10 ms
Reply from 10.2.2.2: bytes=56 Sequence=4 ttl=128 time=30 ms
Reply from 10.2.2.2: bytes=56 Sequence=5 ttl=128 time=10 ms
--- 10.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/22/50 ms
[AR3-GigabitEthernet0/0/1]quit #退出端口
[AR3]ospf 1 #创建ospf进程 1
[AR3-ospf-1]area 0 #创建area 区域 0
[AR3-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255 #宣告网段及长度
[AR3-ospf-1-area-0.0.0.0]quit #退出区域 0
[AR3-ospf-1]quit #退出ospf进程

基本的网络信息配置完成了,我们来检测一下以上配置是否有误,因为没有宣告AR2、AR3连接PC端的网段(10.1.1.0/24以及10.2.2.0/24),默认是AR3可以访问到AR2的0/0/0端口,无法访问到0/0/1端口的网段

下面开始来配置GRE的信息

AR2

[AR2]interface Tunnel 0/0/1 #进入Tunnel端口0/0/1
[AR2-Tunnel0/0/1]tunnel-protocol gre #配置端口协议为GRE
[AR2-Tunnel0/0/1]ip address 10.23.1.1 24 #配置端口地址及子网掩码
[AR2-Tunnel0/0/1]source 12.1.1.2 #配置源IP地址
[AR2-Tunnel0/0/1]destination 13.1.1.2 #配置目的IP地址 ??
# destination 配置目的IP时使用这个才可以
# description 这个是配置端口说明备注信息的
[AR2-Tunnel0/0/1]keepalive #开启Keepalive检测功能
[AR2-Tunnel0/0/1]quit #退出端口

AR3

[AR3]interface Tunnel 0/0/1 #进入Tunnel端口0/0/1
[AR3-Tunnel0/0/1]tunnel-protocol gre #配置端口协议为GRE
[AR3-Tunnel0/0/1]ip address 10.23.1.2 24 #配置端口IP地址及子网掩码
[AR3-Tunnel0/0/1]source 13.1.1.2 #配置源IP地址
[AR3-Tunnel0/0/1]destination 12.1.1.2 #配置目的IP地址
[AR3-Tunnel0/0/1]keepalive #开启Keepalive检测功能
[AR3-Tunnel0/0/1]quit #退出端口

以上基本的GRE隧道就搭建好了,我们看看检测信息

查看Tunnel端口信息

从AR2用带源ping访问AR3的Tunnel端口IP

分别在AR2、AR3上添加默认路由并指向Tunnel,让两端PC端互访通过GRE隧道

[AR2]ip route-static 10.2.2.0 24 Tunnel 0/0/1 #添加访问pc2网段的路由并执行Tunnel端口

[AR3]ip route-static 10.1.1.0 24 Tunnel 0/0/1 #添加访问pc1网段的路由并执行Tunnel端口

最后检测信息:

从PC1访问PC2,并检测路由信息

访问pc2

路由追踪

最后#谢谢#

#华为##路由器#

#头条#