一、实验需求
1,R5为ISP,只能进行IP地址配置,其所有地址均为公有IP地址
2,R1与R5之间使用ppp的pap认证,R5为主认证方
R2与R5之间使用ppp的chap认证,R5为主认证方
R3与R5之间使用HDLC封装 3,R1/R2/R3构建一个MGRE环境,R1为中心站点,R1、R4间为点到点的GRE
4,整个私有网络基于RIP全网可达
5,所有Pc设置私有IP为源IP,可以访问R5环回
二、实验目的
掌握ppp认证
掌握hdlc封装
掌握MGRE/GRE配置
掌握RIP动态路由协议配置
三、实验步骤
1,布置元件,连线开机
2,划分网段
3,R5改名字并进行IP地址配置
<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP
[ISP]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 45.0.0.2 8
Oct 29 2023 10:29:57-08:00 ISP %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[ISP-GigabitEthernet0/0/0]int s 3/0/0
[ISP-Serial3/0/0]ip address 15.0.0.2 8
[ISP-Serial3/0/0]int s 3/0/1
[ISP-Serial3/0/1]ip address 25.0.0.2 8
[ISP-Serial3/0/1]int s 4/0/0
[ISP-Serial4/0/0]ip address 35.0.0.2 8
[ISP-Serial4/0/0]q
[ISP]q
<ISP>save4,R1\R2\R3进行认证配置
R1配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
Oct 29 2023 10:38:12-08:00 r1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]int s 4/0/0
[r1-Serial4/0/0]ip address 15.0.0.1 8
[r1-Serial4/0/0]ppp pap local-user huazhu password cipher 123456R2配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r2
[r2]int s
[r2]int Serial 4/0/0
[r2-Serial4/0/0]ppp chap user huazhu
[r2-Serial4/0/0]ppp chap password cipher 123456
[r2-Serial4/0/0]ip address 25.0.0.1 8
[r2-Serial4/0/0]
Oct 29 2023 10:48:37-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the UP state.
[r2-Serial4/0/0]shut
[r2-Serial4/0/0]shutdown
Oct 29 2023 10:48:44-08:00 r2 %%01PPP/4/PHYSICALDOWN(l)[1]:On the interface Seri
al4/0/0, PPP link was closed because the status of the physical layer was Down.
Oct 29 2023 10:48:44-08:00 r2 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP
on the interface Serial4/0/0 has entered the DOWN state.
Oct 29 2023 10:48:44-08:00 r2 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the DOWN state.
Oct 29 2023 10:48:44-08:00 r2 %%01IFPDT/4/IF_STATE(l)[4]:Interface Serial4/0/0 h
as turned into DOWN state.
[r2-Serial4/0/0]undo shutdown
Oct 29 2023 10:48:52-08:00 r2 %%01IFPDT/4/IF_STATE(l)[5]:Interface Serial4/0/0 h
as turned into UP state.
Oct 29 2023 10:48:54-08:00 r2 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol PPP
on the interface Serial4/0/0 has entered the UP state.
Oct 29 2023 10:48:54-08:00 r2 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the UP state.
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.2.1 24R3配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r3
[r3]int g 0/0/0
[r3-GigabitEthernet0/0/0]ip add
[r3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
Oct 29 2023 10:51:34-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r3-GigabitEthernet0/0/0]int s 4/0/0
[r3-Serial4/0/0]ip a
[r3-Serial4/0/0]ip accounting
[r3-Serial4/0/0]ip address 35.0.0.1 8
[r3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
Oct 29 2023 10:52:44-08:00 r3 %%01IFNET/4/CHANGE_ENCAP(l)[1]:The user performed
the configuration that will change the encapsulation protocol of the link and then selected Y. R5配置
[ISP]int Serial 4/0/0
[ISP-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
Oct 29 2023 10:32:25-08:00 ISP %%01IFNET/4/CHANGE_ENCAP(l)[1]:The user performed
the configuration that will change the encapsulation protocol of the link and t
hen selected Y.
[ISP]aaa
[ISP-aaa]lo
[ISP-aaa]local-user huazhu p
[ISP-aaa]local-user huazhu password c
[ISP-aaa]local-user huazhu password cipher 123456
Info: Add a new user.
[ISP-aaa]l
[ISP-aaa]local-user hua
[ISP-aaa]local-user huazhu s
[ISP-aaa]local-user huazhu service-type ppp
[ISP-aaa]q
[ISP]int s 3/0/0
[ISP-Serial3/0/0]ppp authentication-mode pap
[ISP-Serial3/0/0]shutdown
Oct 29 2023 10:35:19-08:00 ISP %%01PPP/4/PHYSICALDOWN(l)[8]:On the interface Ser
ial3/0/0, PPP link was closed because the status of the physical layer was Down.
[ISP-Serial3/0/0]
[ISP-Serial3/0/0]
Oct 29 2023 10:35:19-08:00 ISP %%01IFNET/4/LINK_STATE(l)[9]:The line protocol PP
P on the interface Serial3/0/0 has entered the DOWN state.
[ISP-Serial3/0/0]
Oct 29 2023 10:35:19-08:00 ISP %%01IFPDT/4/IF_STATE(l)[10]:Interface Serial3/0/0
has turned into DOWN state.
[ISP-Serial3/0/0]undo shutdown
[ISP-Serial3/0/0]q
[ISP]int s 3/0/1
[ISP-Serial3/0/1]ppp authentication-mode chap 5,MGRE/GRE配置(配置前保证公网联通,配置缺省路由)
[r1]ip route-static 0.0.0.0 0 15.0.0.2
[r2]ip route-static 0.0.0.0 0 25.0.0.2
[r3]ip route-static 0.0.0.0 0 35.0.0.2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r4
[r4]int g 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.4.1 24
Oct 29 2023 11:00:32-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r4-GigabitEthernet0/0/0]int g 0/0/1
[r4-GigabitEthernet0/0/1]ip address 45.0.0.1 8
Oct 29 2023 11:00:50-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r4-GigabitEthernet0/0/1]q
[r4]ip route-static 0.0.0.0 0 45.0.0.2R1配置
[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 192.168.5.1 24
[r1-Tunnel0/0/0]tun
[r1-Tunnel0/0/0]tunnel-protocol g
[r1-Tunnel0/0/0]tunnel-protocol gre p
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]sour
[r1-Tunnel0/0/0]source 15.0.0.1
Oct 29 2023 13:32:57-08:00 r1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[r1-Tunnel0/0/0]
[r1-Tunnel0/0/0]nh
[r1-Tunnel0/0/0]nhrp n
[r1-Tunnel0/0/0]nhrp network-id 500
[r1-Tunnel0/0/0]int tu 0/0/1
[r1-Tunnel0/0/1]ip address 192.168.6.1 24
[r1-Tunnel0/0/1]tun
[r1-Tunnel0/0/1]tunnel-protocol g
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]sour
[r1-Tunnel0/0/1]source 15.0.0.1
[r1-Tunnel0/0/1]de
[r1-Tunnel0/0/1]description
[r1-Tunnel0/0/1]destination 45.0.0.2R2配置
[r2]int Tunnel 0/0/0
[r2-Tunnel0/0/0]ip add
[r2-Tunnel0/0/0]ip address 192.168.5.2 24
[r2-Tunnel0/0/0]tun
[r2-Tunnel0/0/0]tunnel-protocol g
[r2-Tunnel0/0/0]tunnel-protocol gre p
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]sou
[r2-Tunnel0/0/0]source s
[r2-Tunnel0/0/0]source Serial 4/0/0
Oct 29 2023 13:35:40-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[r2-Tunnel0/0/0]
[r2-Tunnel0/0/0]nh
[r2-Tunnel0/0/0]nhrp n
[r2-Tunnel0/0/0]nhrp network-id 500
[r2-Tunnel0/0/0]nhr
[r2-Tunnel0/0/0]nhrp en
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 re R3配置
[r3]int Tunnel 0/0/0
[r3-Tunnel0/0/0]ip a
[r3-Tunnel0/0/0]ip accounting
[r3-Tunnel0/0/0]ip address 192.168.5.3 24
[r3-Tunnel0/0/0]tun
[r3-Tunnel0/0/0]tunnel-protocol g
[r3-Tunnel0/0/0]tunnel-protocol gre p
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]sour
[r3-Tunnel0/0/0]source s
[r3-Tunnel0/0/0]source Serial 4/0/0
Oct 29 2023 13:37:18-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state
[r3-Tunnel0/0/0]nhrp network-id 500
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register R4配置
[r4]interface Tunnel 0/0/0
[r4-Tunnel0/0/0]ip add
[r4-Tunnel0/0/0]ip address 192.168.6.2 24
[r4-Tunnel0/0/0]tun
[r4-Tunnel0/0/0]tunnel-protocol g
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.1
[r4-Tunnel0/0/0]d
[r4-Tunnel0/0/0]ddns
[r4-Tunnel0/0/0]description
[r4-Tunnel0/0/0]destination 15.0.0.2
Oct 29 2023 13:40:11-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state. 6,RIP配置
(MGRE环境解决两个问题:
1,运行RIP协议后,只有中心获取了所有的分支的路由信息,但是分支没有获取到路由
[r1-Tunnel0/0/0]nhrp entry multicase dynamic---需要中心开启伪广播
2.当RIP环境中中心开启伪广播后,分支只获取到中心的路由信息,没有分支的路由
[Huawei-Tunnel0/0/0]undo rip split-horizon--中心关闭RIP的水分割)
R1配置
[r1]rip
[r1-rip-1]ve
[r1-rip-1]verify-source
[r1-rip-1]version 2
[r1-rip-1]net
[r1-rip-1]network 192.168.1.0
[r1-rip-1]n
[r1-rip-1]network 192.168.5.0
[r1-rip-1]network 192.168.6.0
[r1-rip-1]int s 4/0/0
[r1-Serial4/0/0]q
[r1]int t 0/0/0
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
[r1-Tunnel0/0/0]undo rip split-horizonR2配置
[r2]rip
[r2-rip-1]ve
[r2-rip-1]verify-source
[r2-rip-1]version 2
[r2-rip-1]n
[r2-rip-1]network 192.168.2.0
[r2-rip-1]network 192.168.5.0R3配置
[r3]rip
[r3-rip-1]ver
[r3-rip-1]verify-source
[r3-rip-1]version 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 192.168.5.0
R4配置
[r4]rip
[r4-rip-1]ve
[r4-rip-1]verify-source
[r4-rip-1]version 2
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 192.168.6.07,所有Pc设置私有IP为源IP,可以访问R5环回
R5配置
[ISP]int LoopBack 0
[ISP-LoopBack0]ip address 5.5.5.5 24PC配置(其他PC一样配置)
发现ping不通,原因是公网路由器上没有私网路由,需要在边界路由器配置easy ip
边界路由器配置(基础ACL,出接口配nat)
[r1]acl 2000
[r1-acl-basic-2000]rule permit source any
[r1-acl-basic-2000]q
[r1]int Serial 4/0/0
[r1-Serial4/0/0]nat outbound 2000
写完发现没有获取带4.0网段的路由
发现是R1和R4隧道配置错误
修改如下:
[r1-Tunnel0/0/1]destination 45.0.0.1
[r4-Tunnel0/0/0]destination 15.0.0.1
检查问题的方法:
1,看接口是否配置错误
2,检查配置
3,看隧道通断ping -a 192.168.6.1 192.168.6.2
624
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
