目录
一、实验要求
1.R2为ISP,其上只能配置IP地址
2.R1-R2之间为HDLC封装
3.R2-R3之间为ppp封装,pap认证,R2为主认证方
4.R2-R4之间为ppp封装,chap认证,R2为主认证方
5.R1、R3、R4构建MGRE环境,仅R1 IP地址固定
6.内网使用RIP获取路由,所有pc可以互相访问,并目可访问R2的环回。
二、实验拓扑图
三、实验分析
1.IP 地址配置
设备 | IP地址 |
PC1 | 192.168.1.1 24 |
PC2 | 192.168.2.1 24 |
PC3 | 192.168.3.1 24 |
AR1 | GE 0/0/0:192.168.1.2 24 S 4/0/0:12.1.1.1 24 |
AR2 | S 3/0/0:12.1.1.2 24 S 3/0/1:32.1.1.2 24 S 4/0/0:42.1.1.2 24 |
AR3 | GE 0/0/0:192.168.2.2 24 S 4/0/0:32.1.1.1 |
AR4 | GE 0/0/0:192.168.3.2 24 S 4/0/0:42.1.1.1 |
AR2环回 | 5.5.5.5 24 |
2.配置缺省路由和NAT
R2作为ISP,所以R1、R3、R4均要配置缺省路由指向R2即可
3.实现R1-R2之间为HDLC封装
只用在对应的接口更改link-protocol即可
4.PAP认证
因为R2时主认证方,所以在R2的aaa空间创建用户并作PAP的认证,然后在R1对应的接口做认证即可
5.CHAP认证
在做PAP认证时已经创建过对应的用户,直接做认证即可
6.构建MGRE环境
因为R1地址固定,所以R1为该MGRE的中心站点,R3、R4为分支站点
7.构建RIP
在MGRE环境下
RIP
需要开启伪⼴播和关闭⽔平分割,其他按照正常配置RIP 步骤去配即可
四、实验配置
1.配置缺省路由和NAT
[R1]IP route-static 0.0.0.0 0 12.1.1.2
[R1]acl 2000
[R1-acl-basic-2000]rule permit source any
[R1-Serial4/0/0]nat outbound 2000
[R3]IP route-static 0.0.0.0 0 32.1.1.2
[R3]acl 2000
[R3-acl-basic-2000]rule permit source any
[R3-Serial4/0/0]nat outbound 2000
[R4]IP route-static 0.0.0.0 0 42.1.1.2
[R4]acl 2000
[R4-acl-basic-2000]rule permit source any
[R4-Serial4/0/0]nat outbound 2000
2.HDLC配置
[r1]int s 4/0/0
[r1-Serial4/0/0]link-protocol hdlc
[R2]int s3/0/0
[R2-Serial3/0/0]link-protocol hdlc
3.PAP认证
[R2-aaa]local-user admin password cipher huawei
[R2-aaa]local-user admin service-type ppp
[R2-Serial3/0/1]ppp authentication-mode pap
[R3-Serial4/0/0]ppp pap local-user admin password cipher huawei
4.CHAP认证
[R2-Serial4/0/0]ppp authentication-mode chap
[R4-Serial4/0/0]ppp chap user admin
[R4-Serial4/0/0]ppp chap password cipher huawei
5.构建MGRE环境
[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.1.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 12.1.1.1
[r1-Tunnel0/0/0]nhrp network-id 100
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.2 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source s 4/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
[R4]int Tunnel 0/0/0
[R4-Tunnel0/0/0]ip address 10.1.1.3 24
[R4-Tunnel0/0/0]tunnel-protocol gre p2mp
[R4-Tunnel0/0/0]source s 4/0/0
[R4-Tunnel0/0/0]nhrp network-id 100
[R4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
6.构建RIP
[r1]rip 1
[r1-rip-1]version 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 12.0.0.0
[r1-rip-1]network 10.0.0.0
[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
[r1-Tunnel0/0/0]undo rip split-horizon
[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 192.168.2.0
[R3-rip-1]network 32.0.0.0
[R3-rip-1]network 10.0.0.0
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]undo rip split-horizon
R4]RIP 1
[R4-rip-1]version 2
[R4-rip-1]network 192.168.3.0
[R4-rip-1]network 42.0.0.0
[R4-rip-1]network 10.0.0.0
[R4-Tunnel0/0/0]nhrp entry multicast dynamic
[R4-Tunnel0/0/0]undo rip split-horizon