一、实验要求
1、R5为ISP,只能进行IP地址配置;其所有地址均配为公有IP地址
2,R1和R5间使用PPP的PAP认证,R5为主认证方;
R2于R5之间使用PPP的chap认证,R5为主认证方;
R3于R5之间使用HDLC封装。
3、R1/R3/R3构建一个MGRE环境,R1为中心站点;R1、R4间为点到点的GRE。
4、整个私有网络基于RIP全网可达
5、所有pc设置私有Ip为源IP,可以访问R5环回。
二、实验分析、具体配置及结果
1、对各个接口进行IP配置
注:R1-R4上加指向R5的缺省
[r1]ip route-static 0.0.0.0 0 15.0.0.2
[r2]ip route-static 0.0.0.0 0 25.0.0.2
[r3]ip route-static 0.0.0.0 0 35.0.0.2
[r4]ip route-static 0.0.0.0 0 45.0.0.2
2、R1-R5之间进行PAP认证
[isp-aaa]local-user r1 password cipher 123456
Info: Add a new user.
[isp-aaa]local-user r1 service-type ppp
[isp-Serial3/0/0]ppp authentication-mode pap
[r1-Serial4/0/0]ppp pap local-user r1 password cipher 123456
[r1-Serial4/0/0]shutdown
[r1-Serial4/0/0]undo shutdown-------通过重新开启接口检测是否认证成功
[r1-Serial4/0/0]ping 15.0.0.2
结果:
PING 15.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 15.0.0.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 15.0.0.2: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 15.0.0.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 15.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/
max = 20/26/30 ms
R2与R5之间进行CHAP认证
[isp-aaa]local-user r2 password cipher 123456
Info: Add a new user.
[isp-aaa]local-user r2 service-type ppp
[isp-Serial3/0/1]ppp authentication-mode chap
[r2-Serial4/0/0]ppp chap user r2
[r2-Serial4/0/0]ppp chap password cipher 123456
[r2-Serial4/0/0]shutdown
[r2-Serial4/0/0]undo shutdown-------通过重新开启接口检测是否认证成功
结果:
[r2-Serial4/0/0]ping 25.0.0.2
PING 25.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 25.0.0.2: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 25.0.0.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 25.0.0.2: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 25.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 25.0.0.2: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 25.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/18/40 ms
3、R3于R5之间使用HDLC封装
[isp-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[r3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
4、R1/R3/R3构建一个MGRE环境,R1为中心站点:在R1、R2、R3建立私网192.168.5.0 网段,创建tunnel口,
[r1-Tunnel0/0/0]ip address 192.168.5.1 24——创建隧道接口,配置私网地址
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp——定义封装类型
[r1-Tunnel0/0/0]source 15.0.0.1——定义源IP地址
[r1-Tunnel0/0/0]nhrp network-id 100——创建NHRP域
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
[r2-Tunnel0/0/0]ip address 192.168.5.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source Serial 4/0/0---以接口作为封装源,以应对IP地址的变化
Jan 10 2022 19:30:10-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[r2-Tunnel0/0/0]nhrp network-id 100----加入NHRP域,必须是和中心站点创建相同的域
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register——找中心站点进行注册
[r3-Tunnel0/0/0]ip address 192.168.5.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial 4/0/0
Jan 10 2022 19:32:27-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
R1、R4间为点到点的GRE:
[r1-Tunnel0/0/1]ip address 192.168.6.1 24——隧道接口配置ip地址
[r1-Tunnel0/0/1]tunnel-protocol gre——定义封装类型
[r1-Tunnel0/0/1]source 15.0.0.1——定义封装内容
[r1-Tunnel0/0/1]destination 45.0.0.1
[r4-Tunnel0/0/0]ip address 192.168.6.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.1
[r4-Tunnel0/0/0]destination 15.0.0.1
5、整个私有网络基于RIP全网可达:
[r1]rip
[r1-rip-1]v 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 192.168.5.0
[r1-rip-1]net
[r1-rip-1]network 192.168.6.0
[r2]rip
[r2-rip-1]v 2
[r2-rip-1]network 192.168.2.0
[r2-rip-1]network 192.168.5.0
[r3]rip
[r3-rip-1]v 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 192.168.5.0
[r4]rip
[r4-rip-1]v 2
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 192.168.6.0
注:关闭RIP水平分割
[r1-Tunnel0/0/0]undo rip split-horizon
结果:
[r2]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 4 Routes : 4
RIP routing table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
192.168.3.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.4.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.6.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
[r1-Tunnel0/0/0]ping -a 192.168.1.1 192.168.4.1
PING 192.168.4.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.4.1: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 192.168.4.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 192.168.4.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.4.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 192.168.4.1: bytes=56 Sequence=5 ttl=255 time=40 ms
--- 192.168.4.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/32/40 ms
5、所有pc设置私有Ip为源IP,可以访问R5环回:
通过NAT在边界路由器上抓取私有网段流量,让其可以访问R5环回
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-Serial4/0/0]nat outbound 2000
[r2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r2-Serial4/0/0]nat outbound 2000
结果:
PC>ping 5.5.5.5
Ping 5.5.5.5: 32 data bytes, Press Ctrl_C to break
From 5.5.5.5: bytes=32 seq=1 ttl=254 time=31 ms
From 5.5.5.5: bytes=32 seq=2 ttl=254 time=16 ms
From 5.5.5.5: bytes=32 seq=3 ttl=254 time=15 ms
From 5.5.5.5: bytes=32 seq=4 ttl=254 time=32 ms
From 5.5.5.5: bytes=32 seq=5 ttl=254 time=15 ms
--- 5.5.5.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/21/32 ms