一.实验内容及要求
二.具体配置
1.配置各个设备接口ip地址
R1:
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/O]ip ad 192.158.1.1 24
[R1-GigabitEthernet0/0/O]int s 4/0/0
[R1-Serial4/0/O]lip ad 15.0.0.1 8
R2:
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/O]ip ad 192.158.2.1 24
[R2-GigabitEthernet0/0/O]int s 4/0/0
[R2-Serial4/0/O]ip ad 25.0.0.1 8
R3:
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/O]ip ad 192.168.3.1 24
[R3-GigabitEthernet0/0/O]int s 4/0/0
[R3-Serial4/0/O]ip ad 35.0.0.1 8
R4:
[R4]int g 0/0/0
[R4-GigabitEtherneto/0/O]ip ad 192.168.4.1 24
[R4-GigabitEtherneto/0/O]int g 0/0/1
[R4-GigabitEthernet0/0/1]ip ad 45.0.0.1 8
R5:
[R5]int s 3/0/0
[R5-Serial3/0/O]ip ad 15.0.0.2 8
[R5-Serial3/0/O]int s 3/0/1
[R5-Serial3/0/1]ip ad 25.0.0.2 8
[R5-Serial3/0/1]int s 4/0/0
[R5-Serial4/0/O]ip ad 35.0.0.2 8
[R5-Serial4/0/0]int g 0/0/0
[R5-GigabitEthernet0/0/O]ip ad 45.0.0.2 8
2.R1和R5间使用PPP的PAP认证,R5为主认证方
主认证方R5配置:
#进入aaa空间
[R5]aaa
#创建账号为huawei1,密码为123456
[R5-aaa]local-user huawei1 password cipher 123456
#定义账号的服务对象
[R5-aaa]local-user huawei1 service-type ppp
#进入端口
[R5]interface Serial 3/0/0
#修改链路层协议为ppp协议
[R5-Serial3/0/0]link-protocol ppp
#定义PPP的认证模式
[R5-Serial3/0/0]ppp authentication-mode pap
被认证方R1配置:
#进入接口
[R1]interface Serial 4/0/0
#拨号操作,携带账号huawei1,密码123456
[R1-Serial4/0/0]ppp pap local-user huawei1 password cipher 123456
3.R2与R5之间使用PPP的chap认证,R5为主认证方
主认证方R5配置:
#进入aaa空间
[R5]aaa
#创建账号为huawei2,密码为123456
[R5-aaa]local-user huawei2 password cipher 123456
#定义账号的服务对象
[R5-aaa]local-user huawei1 service-type ppp
#进入端口
[R5interface Serial 3/0/1
#修改链路层协议为ppp协议
[R5-Serial3/0/1]link-protocol ppp
#端口选择认证协议为chap
[R5-Serial3/0/1]ppp authentication-mode chap
被认证方R2配置:
#进入端口
[R2]interface Serial 4/0/0
#添加账号
[R2-Serial4/0/0]ppp chap user huawei2
#添加账号对应密码
[R2-Serial4/0/0]ppp chap password cipher 1234567
4.R3与R5之间使用HDLC封装
主认证方R5配置:
#查看当前端口协议
[R5]display interface Serial 4/0/0
...
#结果显示当前端口协议为PPP
Link layer protocol is PPP
#进入端口
[R5]interface Serial 4/0/0
#修改端口协议
[R5-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
...
#查看修改后的端口协议
[R5]display interface Serial 4/0/0
...
#结果显示当前端口协议为HDLC
Link layer protocol is nonstandard HDLC
...
被认证方R3配置:
#查看端口当前协议
[R3]display interface Serial 4/0/0
...
#协议显示为PPP
Link layer protocol is PPP
#进入端口
[R3]interface Serial 4/0/0
#修改端口默认二层协议为HDLC
[R3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
...
#查看修改情况
[R3]display interface Serial 4/0/0
...
#结果显示当前端口协议为HDLC
Link layer protocol is nonstandard HDLC
5.R1/R2/R3构建一个MGRE环境,R1为中心站点
中心站点R1配置:
#配置指向ISP的缺省路由,以保证公网的全通性
[R1]ip route-static 0.0.0.0 0 15.0.0.2
#创建隧道
[R1]interface Tunnel 0/0/0
#添加隧道IP
[R1-Tunnel0/0/0]ip address 192.168.5.1 24
#定义封装协议
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
# 定义封装内容,源IP地址为自身物理接口IP地址(公网地址)
[R1-Tunnel0/0/0]source 15.0.0.1
Jul 7 2024 21:55:42-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
#使用NHRP协议获取目的IP
[R1-Tunnel0/0/0]nhrp network-id 100
#查看配置情况
[R1-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.5.1 255.255.255.0
tunnel-protocol gre p2mp
source 15.0.0.1
nhrp network-id 100
#
return
分支R2配置:
#配置通往ISP的缺省路由
[AR2]ip route-static 0.0.0.0 0 25.0.0.2
#创建隧道
[R2]interface Tunnel 0/0/0
#给隧道端口配置IP
[R2-Tunnel0/0/0]ip address 192.168.5.2 24
#定义封装协议
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
#定义源
[R2-Tunnel0/0/0]source 25.0.0.1
Jul 7 2024 22:06:49-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
#使用NHRP协议获取目标IP
[R2-Tunnel0/0/0]nhrp network-id 100
#告诉分支中心是谁,以及怎么把汇报信息发给中心
[R2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
#查看配置情况
[R2-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.5.2 255.255.255.0
tunnel-protocol gre p2mp
source 25.0.0.1
nhrp network-id 100
nhrp entry 192.168.5.1 15.0.0.1 register
#
return
分支R3配置:
#配置通往ISP的缺省路由
[R3]ip route-static 0.0.0.0 0 35.0.0.2
#创建隧道
[R3]interface Tunnel 0/0/0
#给隧道端口配置IP
[R3-Tunnel0/0/0]ip address 192.168.5.3 24
#定义封装协议
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
#定义源
[R3-Tunnel0/0/0]source 35.0.0.1
Jul 7 2024 22:13:47-08:00 AR3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
#使用NHRP协议获取目标IP
[R3-Tunnel0/0/0]nhrp network-id 100
#告诉分支中心是谁,以及怎么把汇报信息发给中心
[R3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
#查看配置情况
[R3-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.5.3 255.255.255.0
tunnel-protocol gre p2mp
source 35.0.0.1
nhrp network-id 100
nhrp entry 192.168.5.1 15.0.0.1 register
#
return
6.R1、R4间为点到点的GRE
R1的配置:
#创建隧道
[R1]interface Tunnel 0/0/1
#给隧道端口配置IP
[R1-Tunnel0/0/1]ip address 192.168.6.1 24
#定义封装协议
[R1-Tunnel0/0/1]tunnel-protocol gre
#定义源
[R1-Tunnel0/0/1]source 15.0.0.1
#定义目标
[R1-Tunnel0/0/1]destination 45.0.0.1
Jul 7 2024 22:19:51-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/1 has entered the UP state.
#配置路由表
[R1]ip route-static 192.168.4.0 24 192.168.6.2
#查看配置情况
[R1-Tunnel0/0/1]display this
[V200R003C00]
#
interface Tunnel0/0/1
ip address 192.168.6.1 255.255.255.0
tunnel-protocol gre
source 15.0.0.1
destination 45.0.0.1
#
return
R4配置:
#配置缺省路由连通公网
[R4]ip route-static 0.0.0.0 0 45.0.0.2
#创建隧道
[R4]interface Tunnel 0/0/0
#给隧道端口配置地址
[R4-Tunnel0/0/0]ip address 19.168.6.2 24
#定义封装协议
[R4-Tunnel0/0/0]tunnel-protocol gre
#定义源
[R4-Tunnel0/0/0]source 45.0.0.1
#定义目标
[R4-Tunnel0/0/0]destination 15.0.0.1
Jul 7 2024 22:24:53-08:00 AR4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
#配置路由表
[R4]ip route-static 192.168.1.0 24 192.168.6.1
#查看配置情况
[R4-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 19.168.6.2 255.255.255.0
tunnel-protocol gre
source 45.0.0.1
destination 15.0.0.1
#
return
7.私有网络在RIP环境下全网可达
对R1,R2,R3,R4都要进行RIP宣告(每台设备宣告自身所拥有的直连网段)以下展示R1配置,其他设备与R1配置相似:
#启动RIP
[R1]rip
#选择版本
[R1-rip-1]version 2
#宣告直连网段
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 192.168.5.0
[R1-rip-1]network 192.168.6.0
三.配置完成后进行全网通测试
#R1 ping R2的192.168.2.0网段的192.168.2.2
[R1]ping 192.168.2.2
PING 192.168.2.2: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=127 time=30 ms
Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=127 time=20 ms
Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=127 time=40 ms
Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=127 time=30 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 20/30/40 ms
#R1 ping R3的192.168.3.0网段的192.168.3.2
[R1]ping 192.168.3.2
PING 192.168.3.2: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.3.2: bytes=56 Sequence=2 ttl=127 time=20 ms
Reply from 192.168.3.2: bytes=56 Sequence=3 ttl=127 time=20 ms
Reply from 192.168.3.2: bytes=56 Sequence=4 ttl=127 time=30 ms
Reply from 192.168.3.2: bytes=56 Sequence=5 ttl=127 time=20 ms
--- 192.168.3.2 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 20/22/30 ms
#R1 ping R4的192.168.4.0网段的192.168.4.2
[R1]ping 192.168.4.2
PING 192.168.4.2: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.4.2: bytes=56 Sequence=2 ttl=127 time=20 ms
Reply from 192.168.4.2: bytes=56 Sequence=3 ttl=127 time=20 ms
Reply from 192.168.4.2: bytes=56 Sequence=4 ttl=127 time=30 ms
Reply from 192.168.4.2: bytes=56 Sequence=5 ttl=127 time=20 ms
--- 192.168.4.2 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 20/22/30 ms
四.总结
本次实验要求之间直接关联性并不大,每一个点都是可以单独进行学习的,放在一起考察配置,可以发现某一块问题还是很清晰的。本次的重要是GRE环境与MGER环境 的工作原理,数据包的封装,和配置思路,最终实现全网可达。