实验拓扑:
实验要求:
1,R5为ISP,只能进行IP地址配置,其所有地址均配为公有iP地址
2,R1和R5间使用PPP的PAP认证,R5为主认证方;R2于R5之间使用PPP的chap认证,R5为主认证方;R3于R5之间使用HDLC封装。
3,R1/R2/R3构建一个MGRE环境,R1为中心站点;R1、R4间为点到点的GRE。
4,整个私有网络基于RIP全网可达
5,所有pc设置私有IP为源IP,可以访问R5环回。
r1配置:
[r1] IP route-static 0.0.0.0 0 15.0.0.2
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.10.1 24
[r1-GigabitEthernet0/0/0]int s4/0/0
[r1-Serial4/0/0]link-protocol ppp
[r1-Serial4/0/0]ppp pap local-user admin password cipher 123
[r1-Serial4/0/0]ip address 15.0.0.1 24
[r1-Serial4/0/0]q
[r1]int t0/0/0
ip address 192.168.1.1 255.255.255.0
undo rip split-horizon
tunnel-protocol gre p2mp
source 15.0.0.1
nhrp entry multicast dynamic
nhrp network-id 100
[r1-Tunnel0/0/0]int t0/0/1
ip address 192.168.4.1 255.255.255.0
tunnel-protocol gre
source 15.0.0.1
destination 45.0.0.1
[r1]rip
undo summary
version 2
network 192.168.10.0
network 192.168.1.0
network 192.168.4.0
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.10.2 0.0.0.255
[r1-acl-basic-2000]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000
r2配置
[r2] IP route-static 0.0.0.0 0 25.0.0.2
[r2]int s4/0/0
[r2-Serial4/0/0]dis th
interface Serial4/0/0
link-protocol ppp
ppp chap user admin
ppp chap password cipher 123
ip address 25.0.0.1 255.255.255.0
nat outbound 2000
acl 2000
roule permit source 192.168.20.2 0.0.0.255
[r2-]int tun 0/0/0
[r2]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.1.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 192.168.1.1 15.0.0.1 register
#
return
r3配置
[r3] IP route-static 0.0.0.0 0 35.0.0.2
[r3]int t0/0/0
[r3-Tunnel0/0/0]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.1.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 192.168.1.1 15.0.0.1 register
#
return
acl 2000
roule permit source 192.168.30.2 0.0.0.255
[r3]int s4/0/0
[r3-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol hdlc
ip address 35.0.0.1 255.255.255.0
nat outbound 2000
#
return
r4配置
[r4]int t0/0/1
[r4-Tunnel0/0/1]
[r4-Tunnel0/0/1]dis th
[V200R003C00]
#
interface Tunnel0/0/1
ip address 192.168.4.2 255.255.255.0
undo rip split-horizon
tunnel-protocol gre
source 45.0.0.1
destination 15.0.0.1
#
return
acl 2000
roule permit source 192.168.40.2 0.0.0.255
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 45.0.0.1 255.255.255.0
nat outbound 2000
#
return
r5配置(仅接口地址)
实验截图:
实验中出现的问题
在点对点的gre配置中 destination 与 description 出现混淆
在mgre 分支配置中 tunnel 接口IP地址 不在一个网段,导致rip路由无法正常生成,
解决思路:
1.各个tunnel接口IP地址在同一网段。
2,需要配置静态路由或动态路由,使本端设备有到对端Tunnel接口IP地址的路由。