一、拓扑图
二、实验要求
1、R5为 ISP ,只能进行 Ip 地址配置;其所有地址均配为公有 Ip 地址
2、R1和R5间使用 ppp 的 PAP 认证,R5为主认证方;
R2于R5之间使用 ppp 的 chap 认证,R5为主认证方;
R3于R5之间使用 HDLC 封装。
3、R1/R2/R3构建一个 MGRE 环境,R1为中心站点;R1、R4间为点到点的 GRE 。
4、整个私有网络基于 RIP 全网可达
5、所有 PC 设置私有 IP 为源 IP ,可以访问R5环回。
三、实验配置
R1:
#
interface Serial4/0/0
link-protocol ppp
ppp pap local-user abc password cipher 12345 //PaP模式认证配置
ip address 15.1.1.1 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 10.0.0.1 255.255.255.0 //MGRE配置
undo rip split-horizon
tunnel-protocol gre p2mp
source 15.1.1.1
nhrp entry multicast dynamic
nhrp network-id 10
#
interface Tunnel0/0/1
description 45.1.1.4 //GRE配置
tunnel-protocol gre
source 15.1.1.1
#
rip 1
undo summary
version 2
network 192.168.1.0
network 10.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 15.1.1.5 //配置缺省路由实现互通
#
acl number 2000 //配置ACL匹配源IP访问R5环回
rule 5 permit source 192.168.1.0 0.0.0.255
#
R2:
#
interface Serial4/0/0
link-protocol ppp
ppp chap password cipher 12345 //chap模式配置
ip address 25.1.1.2 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/0
ip address 192.168.2.1 255.255.255.0
#
#
interface Tunnel0/0/0
ip address 10.0.0.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 10
nhrp entry 10.0.0.1 15.1.1.1 register
#
rip 1
undo summary
version 2
network 192.168.2.0
network 10.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 25.1.1.5
#
acl number 2000
rule 5 permit source 192.168.2.0 0.0.0.255
#
R3:
#
interface Serial4/0/0
link-protocol hdlc //hdlc封装模式配置
ip address 35.1.1.3 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/0
ip address 192.168.3.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 10.0.0.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 10
nhrp entry 10.0.0.1 15.1.1.1 register
#
rip 1
undo summary
version 2
network 192.168.3.0
network 10.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 35.1.1.5
#
acl number 2000
rule 5 permit source 192.168.3.0 0.0.0.255
#
R4:
#
interface GigabitEthernet0/0/0
ip address 45.1.1.4 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/1
ip address 192.168.4.1 255.255.255.0
#
interface Tunnel0/0/0 //GRE配置
description 15.1.1.1
ip address 10.0.0.4 255.255.255.0
tunnel-protocol gre
source GigabitEthernet0/0/0
#
rip 1
undo summary
version 2
network 192.168.4.0
network 10.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 45.1.1.5
#
acl number 2000
rule 5 permit source 192.168.4.0 0.0.0.255
#
R5:
#
aaa
local-user abc password cipher 12345
local-user abc service-type ppp
#
interface Serial3/0/0
link-protocol ppp
ppp authentication-mode pap
ip address 15.1.1.5 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
ppp authentication-mode chap
ip address 25.1.1.5 255.255.255.0
#
interface Serial4/0/0
link-protocol hdlc
ip address 35.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
四、实验结果测试
1、查看R1的nhrp路由表
2、全网互通(只用R1做示范)
3、pc1ping通R5环回