HQ RTR

vmbr1 (ISP)¶

int ISP
ip addr 172.16.1.2/28
ip nat outside

port ge0
no shutdown
service-instance ISP
encapsulation untagged
connect ip interface ISP

vmbr3 (HQ-SRV)¶

int HQ-SRV
ip addr 192.168.1.1/27
ip nat inside
description HQ-SRV

port ge1
no shutdown
service-instance HQ-SRV
encapsulation dot1q 100
rewrite pop 1
connect ip interface HQ-SRV

vmbr3 (HQ-CLI)¶

int HQ-CLI
ip addr 192.168.2.1/28
ip nat inside
description HQ-CLI

port ge1
no shutdown
service-instance HQ-CLI
encapsulation dot1q 200
rewrite pop 1
connect ip interface HQ-CLI

vmbr3 (Management / Vlan 999)¶

int MGNM
ip addr 192.168.9.1/29
description Management

port ge1
no shutdown
service-instance MGNM
encapsulation dot1q 999
rewrite pop 1
connect ip interface MGNM

Gateway¶

ip route 0.0.0.0/0 172.16.1.1

GRE¶

int tunnel.1
ip addr 192.168.4.1/28
ip tunnel 172.16.1.2 172.16.2.2 mode gre
ip ospf authentication
ip ospf authentication-key aboba

OSPF¶

router ospf 1
passive-interface default
no passive-interface tunnel.1
network 192.168.1.0/27 area 0
network 192.168.2.0/28 area 0
network 192.168.9.0/29 area 0
network 192.168.4.0/28 area 0

Никогда не добавляйте сеть 172.16.0.0 (ISP) в OSPF — это ошибка.

NAT (HQ-CLI, HQ-SRV -> ISP)¶

ip nat pool NAT_POOL 192.168.1.1-192.168.1.31,192.168.2.1-192.168.2.15,192.168.9.1-192.168.9.7
ip nat source dynamic inside-to-outside pool NAT_POOL overload interface ISP

DHCP (HQ-CLI)¶

ip pool DHCP_POOL 192.168.2.2-192.168.2.15

dhcp-server 1
domain-name au-team.irpo
domain-search au-team.irpo
dns 192.168.1.2
gateway 192.168.2.1
mask 28
pool DHCP_POOL 1

interface HQ-CLI
dhcp-server 1

Hostname¶

hostname hq-rtr.au-team.irpo

Timezone¶

ntp timezone utc+3

Users¶

username net_admin
password P@ssw0rd
role admin

Сохраняемся¶

wr