HCIP封装技术综合实验

实验内容及要求：

 

实验过程：

新建拓扑如下:

1、配置IP地址，公网IP任意，我们就随便给，先把三台PC给上IP

PC1：192.168.1.2 255.255.255.0 网关192.168.1.1

PC2：192.168.2.2 255.255.255.0 网关192.168.2.1

PC3：192.168.3.2 255.255.255.0 网关 192.168.3.1

配置路由器IP地址

R1

[r1]int GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[r1-GigabitEthernet0/0/0]q
[r1]int Serial 4/0/0
[r1-Serial4/0/0]ip address 12.1.1.1 24

R2为ISP，有一个环回

[r2]int Serial 3/0/0
[r2-Serial3/0/0]ip address 12.1.1.2 24
[r2-Serial3/0/0]q
[r2]int Serial 3/0/1
[r2-Serial3/0/1]ip address 23.1.1.1 24
[r2-Serial3/0/1]q
[r2]int Serial 4/0/0
[r2-Serial4/0/0]ip address 24.1.1.1 24
[r2-Serial4/0/0]q
[r2]interface LoopBack 0
[r2-LoopBack0]ip address 1.1.1.1 24

R3

[r3]int Serial 4/0/0
[r3-Serial4/0/0]ip address 23.1.1.2 24
[r3-Serial4/0/0]q
[r3]int GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.2.1 24

R4

[r4]int Serial 4/0/0
[r4-Serial4/0/0]ip address 24.1.1.2 24
[r4-Serial4/0/0]q
[r4]int GigabitEthernet 0/0/0         
[r4-GigabitEthernet0/0/0]ip address 192.168.3.1 24

2、R1-R2之间为HDLC封装

R1

[r1]interface Serial 4/0/0
[r1-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
Jul 19 2022 18:36:13-08:00 r1 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed the configuration that will change the encapsulation protocol of the link and then selected Y. 

R2

[r2]int Serial 3/0/0
[r2-Serial3/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
Jul 19 2022 18:37:36-08:00 r2 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed the configuration that will change the encapsulation protocol of the link and then selected Y.

3、R2-R3之间为PPP封装，PAP认证，R2为主认证方

R2

[r2]aaa
[r2-aaa]local-user huawei password cipher huawei123
Info: Add a new user.
[r2-aaa]local-user huawei service-type ppp
[r2-aaa]q
[r2]int Serial 3/0/1
[r2-Serial3/0/1]link-protocol ppp
[r2-Serial3/0/1]ppp authentication-mode pap

R3

[r3]int Serial 4/0/0
[r3-Serial4/0/0]link-protocol ppp
[r3-Serial4/0/0]ppp pap local-user huawei password cipher huawei123

4、R2-R4之间为PPP封装，CHAP认证，R2为主认证方

R2

[r2]aaa
[r2-aaa]local-user huawei password cipher huawei123
[r2-aaa]local-user huawei service-type ppp
[r2-aaa]q
[r2]int Serial 4/0/0
[r2-Serial4/0/0]link-protocol ppp
[r2-Serial4/0/0]ppp authentication-mode chap

R4

[r4]int Serial 4/0/0
[r4-Serial4/0/0]link-protocol ppp
[r4-Serial4/0/0]ppp chap user huawei
[r4-Serial4/0/0]ppp chap password cipher huawei123

5、R1、R3、R4构建MGRE环境，仅R1IP地址固定

R1设置为中心站点

[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.1.1 255.255.255.0             
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 12.1.1.1
Jul 19 2022 19:11:51-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 
[r1-Tunnel0/0/0]nhrp network-id 100

R3

[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip address 10.1.1.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial 4/0/0
Jul 19 2022 19:21:12-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register

[r3-Tunnel0/0/0]nhrp network-id 100

R4

[r4]interface Tunnel 0/0/0             
[r4-Tunnel0/0/0]ip address 10.1.1.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp
[r4-Tunnel0/0/0]source Serial 4/0/0
Jul 19 2022 19:28:16-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register 
[r4-Tunnel0/0/0]nhrp network-id 100

6、内网使用RIP获取路由，所有PC可以互相访问，并且可以访问R2的环回

R1

[r1]ip route-static 0.0.0.0 0 12.1.1.2
[r1]acl 2000
[r1-acl-basic-2000]rule 1 permit source any 
[r1-acl-basic-2000]q
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]nat outbound 2000    

[r1]rip 1
[r1-rip-1]version 2
[r1-rip-1]network 10.0.0.0
[r1-rip-1]network 192.168.1.0

R3

[r3]ip route-static 0.0.0.0 0 23.1.1.1
[r3]acl 2000
[r3-acl-basic-2000]rule 1 permit source any 
[r3-acl-basic-2000]q
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]nat outbound 2000

[r3]rip 1
[r3-rip-1]version 2
[r3-rip-1]network 10.0.0.0
[r3-rip-1]network 192.168.2.0

R4

[r4]ip route-static 0.0.0.0 0 24.1.1.1
[r4]acl 2000
[r4-acl-basic-2000]rule 1 permit source any 
[r4-acl-basic-2000]q
[r4]interface Serial 4/0/0
[r4-Serial4/0/0]nat outbound 2000

[r4]rip 1
[r4-rip-1]version 2
[r4-rip-1]network 10.0.0.0
[r4-rip-1]network 192.168.3.0

当拓扑结构为中心到站点（轴辐状），不是所有网点均为固定的公有ip，没法所有tunnel设备相互注册；只能通过关闭水平分割来实现路由的全网正常收敛

R1关闭水平分割
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]undo rip split-horizon

测试：

PC1pingR2环回 

PC1pingPC2

 至此实验结束，满足所有实验要求，全网可达