HCIP第三天实验---PPP认证CHAP认证RIP环境下的MGRE和GRE

实验步骤

 

基本配置以及缺省路由和NAT地址转化

R1

#
interface Serial4/0/0
 ip address 15.1.1.1 255.255.255.0 
 nat outbound 2000
ip route-static 0.0.0.0 0.0.0.0 15.1.1.5

R2

interface Serial4/0/0
 ip address 25.1.1.2 255.255.255.0 
 nat outbound 2000
ip route-static 0.0.0.0 0.0.0.0 25.1.1.5

R3

interface Serial4/0/0
 ip address 35.1.1.3 255.255.255.0 
 nat outbound 2000
ip route-static 0.0.0.0 0.0.0.0 35.1.1.5

R4

#
interface GigabitEthernet0/0/0
 ip address 45.1.1.4 255.255.255.0 
 nat outbound 2000

ip route-static 0.0.0.0 0.0.0.0 45.1.1.5

R5

interface Serial3/0/0
 ip address 15.1.1.5 255.255.255.0 
#
interface Serial3/0/1
 ip address 25.1.1.5 255.255.255.0 
#
interface Serial4/0/0
 ip address 35.1.1.5 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 45.1.1.5 255.255.255.0 
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.0 

 

R1和R5间使用PPP的PAP认证，R5为主认证方

R1

link-protocol ppp
 ppp pap local-user huawei password cipher %$%$cp9Y"Zo;u;M8e%WYHhQT,"Iq%$%$

R5

aaa认证

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
 local-user huawei password cipher %$%$A@4qSDGz<$&xzg<7JnjB3F\V%$%$
 local-user huawei service-type ppp

 调用AAA认证至S3/0/0接口

 link-protocol ppp
 ppp authentication-mode pap 

 R2于R5之间使用PPP的chap认证，R5为主认证方;

R2

link-protocol ppp
 ppp chap user huawei
 ppp chap password cipher %$%$%T#Z-'Bg\8Z~T4-(kBF2,"g>%$%$

R5

 调用AAA至S3/0//1接口使用CHAP认证

link-protocol ppp
 ppp authentication-mode chap 

R3于R5之间使用HDLC封装。 

R3

 link-protocol hdlc

R5

 link-protocol hdlc

R1/R2/R3构建一个MGRE环境，R1为中心站点

 R1

interface Tunnel0/0/0
 ip address 10.1.1.1 255.255.255.0 
 tunnel-protocol gre p2mp
 source 15.1.1.1
 nhrp entry multicast dynamic
 nhrp network-id 100
 

R2

interface Tunnel0/0/0
 ip address 10.1.1.2 255.255.255.0 
 tunnel-protocol gre p2mp
 source 25.1.1.2
 nhrp network-id 100
 nhrp entry 10.1.1.1 15.1.1.1 register
# 

 R3

interface Tunnel0/0/0
 ip address 10.1.1.3 255.255.255.0 
 tunnel-protocol gre p2mp
 source 35.1.1.3
 nhrp network-id 100
 nhrp entry 10.1.1.1 15.1.1.1 register

R1、R4间为点到点的GRE

R1

interface Tunnel0/0/1
 ip address 20.1.1.1 255.255.255.0 
 tunnel-protocol gre
 source 15.1.1.1
 destination 45.1.1.4 

R4

interface Tunnel0/0/0
 ip address 20.1.1.4 255.255.255.0 
 tunnel-protocol gre
 source 45.1.1.4
 destination 15.1.1.1 

整个私有网络基于RIP全网可达 

 R1

rip 1
 version 2
 network 10.0.0.0
 network 20.0.0.0
 network 192.168.1.0
#

R2

        rip 1
 version 2
 network 10.0.0.0
 network 192.168.2.0

R3

rip 1
 version 2
 network 10.0.0.0
 network 192.168.3.0

R4

rip 1
 version 2
 network 20.0.0.0
 network 192.168.4.0

测试

PC1访问PC2

 

PC1访问PC4

 

R1访问R5的换回