该实验旨在通过配置IP地址,启用HDLC封装,设置PPP(PAP/CHAP)认证,构建MGRE隧道,配置RIP路由协议以及NAT地址转换,确保拓扑环境中的所有设备全网可达。AR系列路由器分别进行了相应的配置,包括接口IP,路由,认证方法以及地址转换规则的设定。
一、实验目的
让如下图所示的拓扑环境实现全网可达
实验步骤
1、各个接口配置IP地址
1)AR1
[R1]int GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.1.2 24
[R1-GigabitEthernet0/0/1]int Serial 4/0/0
[R1-Serial4/0/0]ip address 12.1.1.1 24
2)AR2
[R2]int Serial 4/0/0
[R2-Serial4/0/0]ip add 12.1.1.2 24
[R2-Serial4/0/0]int Serial 4/0/1
[R2-Serial4/0/1]ip address 32.1.1.1 24
[R2-Serial4/0/1]int s 3/0/0
[R2-Serial3/0/0]ip address 42.1.1.1 24
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 1.1.1.1 24
3)AR3
[R3]int Serial 4/0/0
[R3-Serial4/0/0]ip address 32.1.1.2 24
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]ip add 192.168.2.1 24
4)AR4
[R4]interface Serial 4/0/0
[R4-Serial4/0/0]ip address 42.1.1.2 24
[R4]interface g0/0/1
[R4-GigabitEthernet0/0/1]ip address 192.168.3.1 24
IP分配如下图所示
2、HDLC封装
1)AR1
[R1]int Serial 4/0/0
[R1-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
2)AR2
[R2]int Serial 4/0/0
[R2-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
3、PaP认证
1)AR2
[R2]aaa
[R2-aaa]local-user xx privilege level 15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user xx service-type ppp
[R2-aaa]int s4/0/1
[R2-Serial4/0/1]ppp authentication-mode pap
2)AR3
[R3]int s4/0/0
[R3-Serial4/0/0]ppp pap local-user xx password cipher 123456
4、Chap认证
1)AR2
[R2]aaa
[R2-aaa]local-user hh privilege level 15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user hh service-type ppp
[R2-aaa]q
[R2]int s3/0/0
[R2-Serial3/0/0]ppp authentication-mode chap
2)AR4
[R4]int s4/0/0
[R4-Serial4/0/0]ppp chap password cipher 123456
[R4-Serial4/0/0]ppp chap user hh
5、构建MGRE环境
1)AR1
[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 12.1.1.1
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
2)AR3
[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.2 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source Serial 4/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
3)AR4
[R4]interface Tunnel 0/0/0
[R4-Tunnel0/0/0]ip address 10.1.1.3 24
[R4-Tunnel0/0/0]tunnel-protocol gre p2mp
[R4-Tunnel0/0/0]source Serial 4/0/0
[R4-Tunnel0/0/0]nhrp network-id 100
[R4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
6、 缺省路由和RIP的配置
1)AR1
[R1]ip route-static 0.0.0.0 0 12.1.1.2
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 10.0.0.0
[R1-rip-1]network 192.168.1.0
[R1-Tunnel0/0/0]undo rip split-horizon
2)AR3
[R3]ip route-static 0.0.0.0 0 32.1.1.1
[R2-rip-1]network 10.0.0.0
[R3]rip 1
[R3-rip-1]ver 2
[R3-rip-1]network 10.0.0.0
[R3-rip-1]network 192.168.2.0
3)AR4
[R4]ip route-static 0.0.0.0 0 42.1.1.1
[R4]rip 1
[R4-rip-1]ver 2
[R4-rip-1]network 10.0.0.0
[R4-rip-1]network 192.168.3.0
7、nat地址转换
1)AR1
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-Serial4/0/0]nat outbound 2000
2)AR3
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R3-Serial4/0/0]nat outbound 2000
3)AR4
[R4]acl 2000
[R4-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R4-Serial4/0/0]nat outbound 2000
四、测试
扫一扫
250
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
