1 实验要求
1 R5为ISP,只能进行IP地址的配置,其所有地址均为共有地址。
2 R1和R5之间使用ppp的PAP认证,R5为主认证方;
R2和R5使用ppp中的CHAP认证,R5为主认证方;
R3和R5之间使用hdlc封装
3 R1/R2/R3构建一个MGRE环境,R1为中心站点;R1,R4构造一个点到点的GRE。
4整个私有网络基于RIP全网可达
5所有PC设置私有IP为源IIP可以访问R5的换回
2 实验思路
首先给各个部分规划好IP地址,不仅由私有网络的IP地址,还要有公有网络的IP地址。规划之后先配置IP地址,配置完之后,接着配置各个链路的相关认证。配置完之后,在配置R1/R2/R3的MGRE环境以及R1/R4的GRE环境。接着用RIP协议把公网跑通。最后给各个边界路由器配置nat让私网的电脑可以访问公网的IP地址
3 配置命令、
1 规划IP地址
R1
私网:192.168.1.0/24 公网:15.0.0.1/24
R2
私网:192.168.2.0/24 公网:25.0.0.1 /24
R3
私网:192.168.3.0/24 公网:35.0.0.1/24
R4
私网:192.168.4.0/24 公网:45.0.0.1/24
R5
公网:15.0.0.2/24 25.0.0.2/24 35.0.0.2/24 45.0.0.2/24
2 配置IP地址
R1
interface GigabitEthernet0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 255.255.255.0
interface Serial4/0/0
[r1-Serial4/0/0] ip address 15.0.0.1 255.255.255.0
R2
interface GigabitEthernet0/0/0
[r2-GigabitEthernet0/0/0] ip address 192.168.2.1 255.255.255.0
interface Serial4/0/0
[r2-Serial4/0/0] ip address 25.0.0.1 255.255.255.0
R3
interface GigabitEthernet0/0/0
[r3-GigabitEthernet0/0/0] ip address 192.168.3.1 255.255.255.0
interface Serial4/0/0
[r3-Serial4/0/0] ip address 35.0.0.1 255.255.255.0
R4
interface GigabitEthernet0/0/1
[r4-GigabitEthernet0/0/1] ip address 192.168.4.1 255.255.255.0
interface GigabitEthernet0/0/0
[r4-GigabitEthernet0/0/0] ip address 45.0.0.1 255.255.255.0
R5
interface Serial4/0/0
[isp-Serial4/0/0] ip address 15.0.0.2 255.255.255.0
interface Serial4/0/1
[isp-Serial4/0/1] ip address 25.0.0.2 255.255.255.0
interface Serial3/0/0
[isp-Serial3/0/0] ip address 35.0.0.2 255.255.255.0
interface GigabitEthernet0/0/0
[isp-GigabitEthernet0/0/0] ip address 45.0.0.2 255.255.255.0
3 各个认证配置
PAP
R5
aaa #进入aaa空间
local-user jianglingling password cipher 123456 #创建账号
local-user jianglingling server-type ppp #修改账号类型
interface Serial4/0/0
link-protocol ppp #修改接口类型
ppp authentication-mode pap #配置认证模式
R1
interface Serial4/0/0
link-protocol ppp #修改接口类型
ppp pap local-user jianglingling password cipher 123456 #向认证方认证
CHAP
R2
interface Serial4/0/0
link-protocol ppp #修改链路类型
ppp chap user jianglingling #向认证方认证(用户名)
ppp chap password cipher 123456#向认证方认证(密码)
R5
interface Serial4/0/1
link-protocol ppp #修改链路类型
ppp authentication-mode chap #配置认证模式
HDLC
R3
interface Serial4/0/0
link-protocol hdlc #修改链路类型
R5
interface Serial3/0/0
link-protocol hdlc
4 MGRE GRE环境
MGRE
R1
ip route-static 0.0.0.0 0 15.0.0.2 #配置缺省路由
interface Tunnel0/0/0
ip address 192.168.5.1 255.255.255.0
tunnel-protocol gre p2mp #修改tunnel协议的类型
source 15.0.0.1 #定义源IP地址
nhrp entry multicast dynamic #开启伪广播
R2
ip route-static 0.0.0.0 0 25.0.0.2
interface Tunnel0/0/0
ip address 192.168.5.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp entry 192.168.5.1 15.0.0.1 register #向中心进行注册
R3
ip route-static 0.0.0.0 0 35.0.0.2
ip address 192.168.5.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp entry 192.168.5.1 15.0.0.1 register
GRE
R1
interface Tunnel0/0/1
ip address 192.168.6.1 255.255.255.0
tunnel-protocol gre
source 15.0.0.1
destination 45.0.0.1
R4
ip route-static 0.0.0.0 0 45.0.0.2
interface Tunnel0/0/0
ip address 192.168.6.2 255.255.255.0
tunnel-protocol gre
source 45.0.0.1
destination 15.0.0.1
5 RIP协议相关配置
R1
rip 1
version 2
network 192.168.1.0
network 192.168.5.0
network 192.168.6.0
interface Tunnel0/0/0
undo rip split-horizon #关闭水平分割
R2
rip 1
version 2
network 192.168.5.0
network 192.168.2.0
R3
rip 1
version 2
network 192.168.3.0
network 192.168.5.0
R4
rip 1
version 2
network 192.168.6.0
network 192.168.4.0
5 配置缺省 NAT使内网可以访问公网
R1
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
interface Serial4/0/0
nat outbound 2000
R2
acl number 2000
rule 5 permit source 192.168.2.0 0.0.0.255
interface Serial4/0/0
nat outbound 2000
R3
acl number 2000
rule 5 permit source 192.168.3.0 0.0.0.255
interface Serial4/0/0
nat outbound 2000
R4
acl number 2000
rule 5 permit source 192.168.4.0 0.0.0.255
interface g0/0/1
nat outbound 2000