IP地址划分:
R1
G0/0/0 192.168.1.1/24 S4/0/0 15.1.1.1/24
R2
G0/0/0 192.168.2.1/24 S4/0/0 25.1.1.1/24
R3
G0/0/0 192.168.2.1/24 S4/0/0 35.1.1.1/24
R4
G0/0/0 192.168.2.1/24 S4/0/0 45.1.1.1/24
R5
S3/0/0 15.1.1.2/24 S3/0/1 25.1.1.1/24
G0/0/2 35.1.1.1/24 S4/0/1 45.1.1.1/24
1.R1与R5间使用ppp的pap认证,5为主认证
在R5上建立PAP认证用户
aaa
local-user r5tor1 password cipher r5tor1
local-user r5tor1 service-type ppp
在R5接口上开启PAP认证
interface Serial3/0/0
link-protocol ppp
ppp authentication-mode pap
ip address 15.1.1.2 255.255.255.0
在R1接口上配置PAP认证信息
interface Serial4/0/0
link-protocol ppp
ppp pap local-user r5tor1 password cipher r5tor1
ip address 15.1.1.1 255.255.255.0
2. R2与R5间使用ppp的chap认证,R5为主认证:
R5上配置ppp认证用户
aaa
local-user r5tor1 service-type ppp
local-user r5tor2 password cipher r5tor2
接口上配置chap认证认
interface Serial3/0/1
link-protocol ppp
ppp authentication-mode chap
ip address 25.1.1.2 255.255.255.0
在R2接口上配置chap认证信息
interface Serial4/0/0
link-protocol ppp
ppp chap user r5tor2
ppp chap password cipher r5tor2
ip address 25.1.1.1 255.255.255.0
3.R4与R5间使用HDLC封装:
[r4-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[r5-Serial4/0/1]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
4.R1 R2 R4 配置MGRE环境 R1为中心节点:
R1配置MGRE
interface Tunnel0/0/0
ip address 192.168.10.1 255.255.255.0
tunnel-protocol gre p2mp
source 15.1.1.1
nhrp entry multicast dynamic
nhrp network-id 100
R2配置MGRE
interface Tunnel0/0/0
ip address 192.168.10.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 192.168.10.1 15.1.1.1 register
R4配置MGRE
interface Tunnel0/0/0
ip address 192.168.10.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 192.168.10.1 15.1.1.1 register
验证MGRE:
<r1>dis nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.10.3 32 45.1.1.1 192.168.10.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 01:05:55
Expire time : 01:54:05
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.10.2 32 25.1.1.1 192.168.10.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 01:05:42
Expire time : 01:54:18
Number of nhrp peers: 2
R1 R3 为点到点GRE:
R1配置GRE
interface Tunnel0/0/1
ip address 192.168.20.1 255.255.255.0
tunnel-protocol gre
source 15.1.1.1
destination 35.1.1.1
R3配置GRE
interface Tunnel0/0/1
ip address 192.168.20.2 255.255.255.0
tunnel-protocol gre
source 35.1.1.1
destination 15.1.1.1
配置RIP全内网可达:
R1配置rip
rip 1
undo summary
version 2
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
R2配置rip
rip 1
undo summary
version 2
network 192.168.2.0
network 192.168.10.0
R3配置rip
rip 1
undo summary
version 2
network 192.168.3.0
network 192.168.20.0
R4配置rip
rip 1
undo summary
version 2
network 192.168.4.0
network 192.168.10.0
验证RIP:
<r1>dis ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 3 Routes : 3
RIP routing table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.2.0/24 RIP 100 1 D 192.168.10.2 Tunnel0/0/0
192.168.3.0/24 RIP 100 1 D 192.168.20.2 Tunnel0/0/1
192.168.4.0/24 RIP 100 1 D 192.168.10.3 Tunnel0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
个路由器配置
R1
[V200R003C00]
#
sysname r1
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl name nat-acl 2000
rule 10 permit source 192.168.1.0 0.0.0.255
#
ip pool r1
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
lease day 0 hour 1 minute 0
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 2 15.1.1.3 15.1.1.5
#
interface Serial4/0/0
link-protocol ppp
ppp pap local-user r5tor1 password cipher %$%$N!R^1n*3jMlk:xJ4t<IP,0]J%$%$
ip address 15.1.1.1 255.255.255.0
nat outbound 2000 address-group 2
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 192.168.10.1 255.255.255.0
rip authentication-mode md5 usual cipher %$%$-;ISO6Tnm8$rQnFsG>J~W(Ga%$%$
undo rip split-horizon
tunnel-protocol gre p2mp
source 15.1.1.1
nhrp entry multicast dynamic
nhrp network-id 100
#
interface Tunnel0/0/1
ip address 192.168.20.1 255.255.255.0
tunnel-protocol gre
source 15.1.1.1
destination 35.1.1.1
#
rip 1
undo summary
version 2
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
#
ip route-static 0.0.0.0 0.0.0.0 15.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R2
[V200R003C00]
#
sysname r2
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl name nat-acl 2000
rule 10 permit source 192.168.2.0 0.0.0.255
#
ip pool r2
gateway-list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
lease day 0 hour 1 minute 0
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 2 25.1.1.3 25.1.1.4
#
interface Serial4/0/0
link-protocol ppp
ppp chap user r5tor2
ppp chap password cipher %$%$1}%~,SD\yWFoIKV*YU)U,.(D%$%$
ip address 25.1.1.1 255.255.255.0
nat outbound 2000 address-group 2
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.2.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 192.168.10.2 255.255.255.0
rip authentication-mode md5 usual cipher %$%$`:nf-r)h@X+!_p!%xIOOW,W`%$%$
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 192.168.10.1 15.1.1.1 register
#
rip 1
undo summary
version 2
network 192.168.2.0
network 192.168.10.0
#
ip route-static 0.0.0.0 0.0.0.0 25.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R3
V200R003C00]
#
sysname r3
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl name nat-acl 2000
rule 10 permit source 192.168.3.0 0.0.0.255
#
ip pool r3
gateway-list 192.168.3.1
network 192.168.3.0 mask 255.255.255.0
lease day 0 hour 1 minute 0
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 2 35.1.1.3 35.1.1.4
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.3.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
ip address 35.1.1.1 255.255.255.0
nat outbound 2000 address-group 2
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
rip authentication-mode md5 usual cipher %$%$.oT/Fl6=U4wKN\!-gKR>W--'%$%$
#
interface Tunnel0/0/1
ip address 192.168.20.2 255.255.255.0
tunnel-protocol gre
source 35.1.1.1
destination 15.1.1.1
#
rip 1
undo summary
version 2
network 192.168.3.0
network 192.168.20.0
#
ip route-static 0.0.0.0 0.0.0.0 35.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R4
[V200R003C00]
#
sysname r4
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl name nat-acl 2000
rule 10 permit source 192.168.4.0 0.0.0.255
#
ip pool r4
gateway-list 192.168.4.1
network 192.168.4.0 mask 255.255.255.0
lease day 0 hour 1 minute 0
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 2 45.1.1.3 45.1.1.4
#
interface Serial4/0/0
link-protocol hdlc
ip address 45.1.1.1 255.255.255.0
nat outbound 2000 address-group 2
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.4.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 192.168.10.3 255.255.255.0
rip authentication-mode md5 usual cipher %$%$M7;f=k0#ZBRzl>O``|e@W1R;%$%$
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 192.168.10.1 15.1.1.1 register
#
rip 1
undo summary
version 2
network 192.168.4.0
network 192.168.10.0
#
ip route-static 0.0.0.0 0.0.0.0 45.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R5
[V200R003C00]
#
sysname r5
#
board add 0/3 2SA
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user r5tor1 password cipher %$%$KRbh@Ow)VJ2C=NLHTnC0M2XY%$%$
local-user r5tor1 service-type ppp
local-user r5tor2 password cipher %$%$r)yf0fy_j)|Z^c!x^ZT0R&p&%$%$
#
firewall zone Local
priority 15
#
interface Serial3/0/0
link-protocol ppp
ppp authentication-mode pap
ip address 15.1.1.2 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
ppp authentication-mode chap
ip address 25.1.1.2 255.255.255.0
#
interface Serial4/0/0
link-protocol hdlc
#
interface Serial4/0/1
link-protocol hdlc
ip address 45.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 35.1.1.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return