一,实验要求
1.R2为ISP,其上只能配置IP地址
2.R1-R2之间为HDLC封装
3.R2-R3之间封装为ppp封装,pap认证,R2为主认证方
4.R2-R4之间封装为ppp封装,chap认证,R2为主认证方
5.R1、R2、R3构建MGRE环境,仅R1 IP地址固定
6.内网使用RIP获取路由,所有pc可以互相访问,并且可访问R2的环回
二,实验分析
1.先在每个路由器上配置IP地址,然后R2配置环回
2.再R1与R2进行HDLC封装,R2与R3之间的接口需要PPP进行封装,用PAP认证,R2配置为主认证方,R2与R4之间PPP封装,使用CHAP认证,R2为配置主认证方
3.最后R1、R2、R3构建MGRE环境,R1为中心站点,R3与R4为分支站点,内网使用RIP协议获取路由使PC之间可以互相访问。
三、配置过程
1.配置IP地址
R1
[R1]int g 0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.1.1 24
[R1]int s 4/0/0
[R1-Serial4/0/0]link-protocol hdlc
[R1-Serial4/0/0]ip add 12.1.1.1 24
R2
[R2-LoopBack0]int l 1
[R2-LoopBack1]ip add 2.2.2.2 24
[R2]int s 3/0/0
[R2-Serial3/0/0]ip add 42.1.1.2 24
[R2-Serial3/0/0]int s 4/0/0
[R2-Serial4/0/0]ip add 12.1.1.2 24
[R2-Serial4/0/0]int s 4/0/1
[R2-Serial4/0/1]ip add 32.1.1.2 24
R3
R4
2.HDLC封装
R1
[R1]int s 4/0/0
[R1-Serial4/0/0]link-protocol hdlc
R2
[R2]int s 4/0/0
[R2-Serial4/0/0]link-protocol hdlc
3、PPP封装及chap认证
R2
[r2]aaa
[r2-aaa]local-user qq privilege level 15 password cipher 123456
[r2-aaa]local-user qq service-type ppp
[r2]interface s3/0/0
[r2-Serial3/0/0]ppp authentication-mode chap
R4
[r4]int s4/0/0
[r4-Serial4/0/0]ppp chap password cipher 123456
[r4-Serial4/0/0]ppp chap user qq
5、构建MGRE环境
R1
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip add 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 12.1.1.1
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
R3
[R3]interface Tunnel0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source GigabitEthernet 0/0/2
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
R4
[R4-Tunnel0/0/0]interface Tunnel0/0/0
[R4-Tunnel0/0/0]ip address 10.1.1.4 255.255.255.0
[R4-Tunnel0/0/0] tunnel-protocol gre p2mp
[R4-Tunnel0/0/0] source GigabitEthernet0/0/2
[R4-Tunnel0/0/0]nhrp network-id 100
[R4-Tunnel0/0/0] nhrp entry 10.1.1.1 12.1.1.1 register
6、内网使用RIP获取路由,所有PC可以互相访问,并且可访问R2的环回
R1
R3
R4
7、配置NAT协议
R1
[R1]int s 4/0/0
[R1-Serial4/0/0]nat static global 12.1.1.3 inside 192.168.1.2 netmask 255.255.25
5.255
R3
[R3]int s 4/0/0
[R3-Serial4/0/0]nat static global 32.1.2.3 inside 192.168.1.2 netmask 255.255.25
5.255
R4
[R4]int s 4/0/0
[R4-Serial4/0/0]nat static global 42.1.1.3 inside 192.168.3.2 netmask 255.255.25
5.255
8、配置RIP协议
R1
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 10.0.0.0
R3
[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 192.168.2.0
[R3-rip-1]network 10.0.0.0
R4
[R4]rip 1
[R4-rip-1]version 2
[R4-rip-1]network 192.168.3.0
[R4-rip-1]network 10.0.0.0
四、测试
在PC1上:ping 192.168.2.2 192.168.3.2 2.2.2.2
在PC2上验证
在PC3验证