一、问题描述
1.R5为ISP,只能进行Ip地址配置;其所有地址均为公有IP地址
2.R1和R5间使用PPP的PAP认证,R5为主认证方;
3.R2与R5之间使用PPP的chap认证,R5为主认证方;
4.R3与R5之间使用HDLC封装。
5.R1/R2/R3构建一个MGRE环境
6.R1为中心站点;R1、R4间为点到点的GRE
7.整个私有网络基于RIP全网可达
8.所有Pc设置私有IP为源IP,可以访问R5环回
二、实验配置
1.配置IP、缺省路由使公网通畅
(1)配置IP,配置ISP的环回,创建隧道接口并配置IP
- R1配置
-
[R1]interface g0/0/0 [R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24 [R1]interface Serial 4/0/0 [R1-Serial4/0/0]ip address 15.0.0.1 8 [R1]interface Tunnel 0/0/0 [R1-Tunnel0/0/0]ip address 192.168.5.1 24 [R1]interface Tunnel 0/0/1 [R1-Tunnel0/0/1]ip address 192.168.6.1 24
-
- R2配置
-
[R2]interface g0/0/0 [R2-GigabitEthernet0/0/0]ip address 192.168.2.1 24 [R2]interface Serial 4/0/0 [R2-Serial4/0/0]ip address 25.0.0.1 8 [R2]interface Tunnel 0/0/0 [R2-Tunnel0/0/0]ip address 192.168.5.2 24
-
- R3配置
-
[R3]interface g0/0/0 [R3-GigabitEthernet0/0/0]ip address 192.168.3.1 24 [R3]interface Serial 4/0/0 [R3-Serial4/0/0]ip address 35.0.0.1 8 [R3]interface Tunnel 0/0/0 [R3-Tunnel0/0/0]ip address 192.168.5.3 24
-
- R4配置
-
[R4]interface g0/0/1 [R4-GigabitEthernet0/0/1]ip address 45.0.0.1 8 [R4]interface g0/0/0 [R4-GigabitEthernet0/0/0]ip address 192.168.4.1 24 [R4]interface Tunnel 0/0/1 [R4-Tunnel0/0/1]ip address 192.168.6.2 24
-
- R5配置
-
[R5]interface g0/0/1 [R5-GigabitEthernet0/0/1]ip address 45.0.0.2 8 [R5]interface Serial 4/0/0 [R5-Serial4/0/0]ip address 35.0.0.2 8 [R5]interface Serial 3/0/1 [R5-Serial3/0/1]ip address 25.0.0.2 8 [R5]interface Serial 3/0/0 [R5-Serial3/0/0]ip address 15.0.0.2 8 [R5]interface LoopBack 0 [R5-LoopBack0]ip add 5.5.5.5 24
-
(2)配置缺省路由:
-
[R1]ip route-static 0.0.0.0 0 15.0.0.2 [R2]ip route-static 0.0.0.0 0 25.0.0.2 [R3]ip route-static 0.0.0.0 0 35.0.0.2 [R4]ip route-static 0.0.0.0 0 45.0.0.2
(3)测试:
- R1
- R2
- R3
- R4
2. R1/R5之间用PPP的PAP认证,R5为主认证方
(1)认证方R5
-
在aaa中申请用户名和密码 [ISP-aaa]local-user aaa password cipher 123456 设置服务类型ppp [ISP-aaa]local-user aaa service-type ppp 在接口做PAP认证 [ISP]interface Serial 3/0/0 [ISP-Serial3/0/0]ppp authentication-mode pap
(2)被认证方R1
-
[R1-Serial4/0/0]ppp pap local-user aaa password cipher 123456
(3)验证
-
重启接口: [R1-Serial4/0/0]shutdown [R1-Serial4/0/0]undo shutdown
- ping测试
3.R2/R5之间用PPP的CHAP认证,R5为主认证方
(1)认证方R5在接口做CHAP认证操作
-
[ISP-Serial3/0/1]ppp authentication-mode chap
(2)被认证方R2
-
[R2-Serial4/0/0]ppp chap user aaa [R2-Serial4/0/0]ppp chap password cipher 123456
(3)验证
-
重启接口: [R1-Serial4/0/0]shutdown [R1-Serial4/0/0]undo shutdown
- ping测试
4.R3/R5之间使用HDLC封装
-
[R3-Serial4/0/0]link-protocol hdlc [ISP-Serial4/0/0]link-protocol hdlc
5.以R1为中心,建立R1/R2/R3的MRGE环境
(1)中心R1隧道的配置
-
定义封装方式 [R1-Tunnel0/0/0]tunnel-protocol gre p2mp 定义封装的源IP [R1-Tunnel0/0/0]source 15.0.0.1 创建NHRP域 [R1-Tunnel0/0/0]nhrp network-id 100
(2)R2的隧道配置
-
定义封装方式 [R2-Tunnel0/0/0]tunnel-protocol gre p2mp 定义封装的源IP [R2-Tunnel0/0/0]source Serial 4/0/0 加入中心创建的NHRP域 [R2-Tunnel0/0/0]nhrp network-id 100 找中心上报映射信息 [R2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
(3)R3的隧道配置
-
定义封装方式 [R2-Tunnel0/0/0]tunnel-protocol gre p2mp 定义封装的源IP [R2-Tunnel0/0/0]source Serial 4/0/0 加入中心创建的NHRP域 [R2-Tunnel0/0/0]nhrp network-id 100 找中心上报映射信息 [R2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
(4)查看映射关系表验证
6.建立R1/R4的GRE环境
(1)R1的隧道配置
-
定义封装方式 [R1-Tunnel0/0/1]tunnel-protocol gre 定义封装内容 [R1-Tunnel0/0/1]source 15.0.0.1 [R1-Tunnel0/0/1]destination 45.0.0.1
(2)R4的隧道配置
-
定义封装方式 [R4-Tunnel0/0/1]tunnel-protocol gre 定义封装内容 [R4-Tunnel0/0/1]source 45.0.0.1 [R4-Tunnel0/0/1]destination 15.0.0.1
7.整个私网配置RIP全网可
(1)R1的配置
-
开启R1伪广播 [R1-Tunnel0/0/0]nhrp entry multicast dynamic 关闭RIP的水平分割 [R1-Tunnel0/0/0]undo rip split-horizon 进入RIP进程,选择版本 [R1]rip [R1-rip-1]version 2 宣告网段 [R1-rip-1]network 192.168.1.0 [R1-rip-1]network 192.168.5.0 [R1-rip-1]network 192.168.6.0
(2)R2/R3/R4的配置
- R2
- R3
- R4
8.为所有PC配置私有IP,均可访问R5的环回
(1)配置各PC的IP及网关信息
(2)配置NAT easyIP
- R1
-
[R1]acl 2000 [R1-acl-basic-2000]rule 10 permit source 192.168.1.0 0.0.0.255 [R1-Serial4/0/0]nat outbound 2000
-
- R2
-
[R2]acl 2000 [R2-acl-basic-2000]rule 10 permit source 192.168.2.0 0.0.0.255 [2-Serial4/0/0]nat outbound 2000
-
- R3
-
[R3]acl 2000 [R3-acl-basic-2000]rule 10 permit source 192.168.3.0 0.0.0.255 [R3-Serial4/0/0]nat outbound 2000
-
- R4
-
[R4]acl 2000 [R4-acl-basic-2000]rule 10 permit source 192.168.4.0 0.0.0.255 [R4-GigabitEthernet0/0/0]nat outbound 2000
-
(3)ping测试
- PC1
- PC2
- PC3
- PC4