实验要求:
实操拓扑图的搭建:
配置过程
配IP
AR1端
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 45.0.0.2 24
[AR1-GigabitEthernet0/0/0]q
[AR1]interface Serial 4/0/0
[AR1-Serial4/0/0]ip address 35.0.0.2 24
[AR1-Serial4/0/0]q
[AR1]interface Serial 3/0/1
[AR1-Serial3/0/1]ip address 25.0.0.2 24
[AR1-Serial3/0/1]q
[AR1-Serial3/0/1]interface Serial 3/0/0
[AR1-Serial3/0/0]ip address 15.0.0.2 24
[AR1-Serial3/0/0]q
[AR1]interface LoopBack 0
[AR1-LoopBack0]ip address 5.5.5.1 24
AR2端
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[AR2-GigabitEthernet0/0/0]q
[AR2]interface Serial 3/0/0
[AR2-Serial3/0/0]ip address 15.0.0.1 24
[AR2-Serial3/0/0]q
[AR2]ip route-static 0.0.0.0 0 15.0.0.2
AR3端
[AR3]interface GigabitEthernet 0/0/0
[AR3-GigabitEthernet0/0/0]ip address 192.168.4.1 24
[AR3-GigabitEthernet0/0/0]q
[AR3]interface GigabitEthernet 0/0/1
[AR3-GigabitEthernet0/0/1]ip address 45.0.0.1 24
[AR3-GigabitEthernet0/0/1]q
[AR3]ip route-static 0.0.0.0 0 45.0.0.2
AR4端
[AR4]interface GigabitEthernet 0/0/0
[AR4-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[AR4-GigabitEthernet0/0/0]q
[AR4]interface Serial 4/0/0
[AR4-Serial4/0/0]ip address 25.0.0.1 24
[AR4-Serial4/0/0]q
[AR4]ip route-static 0.0.0.0 0 25.0.0.2
AR5端
[AR5]interface GigabitEthernet 0/0/0
[AR5-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[AR5-GigabitEthernet0/0/0]q
[AR5]interface Serial 4/0/0
[AR5-Serial4/0/0]ip address 35.0.0.1 24
[AR5-Serial4/0/0]q
[AR5]ip route-static 0.0.0.0 0 35.0.0.2
边界路由配置NAT
AR2端
[AR2]acl 2000
[AR2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[AR2-acl-basic-2000]q
[AR2]interface Serial 3/0/0
[AR2-Serial3/0/0]nat outbound 2000
AR3端
[AR3]acl 2000
[AR3-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[AR3-acl-basic-2000]q
[AR3]interface GigabitEthernet 0/0/1
[AR3-GigabitEthernet0/0/1]nat outbound 2000
AR4端
[AR4]acl 2000
[AR4-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[AR4-acl-basic-2000]q
[AR4]interface Serial 4/0/0
[AR4-Serial4/0/0]nat outbound 2000
AR5端
[AR5]acl 2000
[AR5-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[AR5-acl-basic-2000]q
[AR5]interface Serial 4/0/0
[AR5-Serial4/0/0]nat outbound 2000
在AR2、AR4、AR5端配置MGRE
AR2为服务端、AR4、AR5为客户端,使用5.0/24隧道1网端
AR2端
[AR2]interface Tunnel 0/0/0
[AR2-Tunnel0/0/0]ip address 192.168.5.1 24
[AR2-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR2-Tunnel0/0/0]source 15.0.0.1RIP:
[AR2]rip 1
[AR2-rip-1]version 2
[AR2-rip-1]network 192.168.5.0
[AR2-rip-1]network 192.168.1.0[AR2]interface Tunnel 0/0/0
[AR2-Tunnel0/0/0]nhrp entry multicast dynamic
[AR2-Tunnel0/0/0]undo rip summary-address
[AR2-Tunnel0/0/0]undo rip split-horizon
AR4端
[AR4]interface Tunnel 0/0/0
[AR4-Tunnel0/0/0]ip address 192.168.5.2 24
[AR4-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR4-Tunnel0/0/0]source Serial 4/0/0
[AR4-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 registerRIP:
[AR4]rip 1
[AR4-rip-1]version 2
[AR4-rip-1]network 192.168.5.0
[AR4-rip-1]network 192.168.2.0
AR5端
[AR5]interface Tunnel 0/0/0
[AR5-Tunnel0/0/0]ip address 192.168.5.3 24
[AR5-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR5-Tunnel0/0/0]source Serial 4/0/0
[AR5-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 registerRIP:
[AR5]rip 1
[AR5-rip-1]version 2
[AR5-rip-1]network 192.168.5.0
[AR5-rip-1]network 192.168.3.0
建立AR2-AR5 点对点GRE:
AR2端
[AR2]interface Tunnel 0/0/1
[AR2-Tunnel0/0/1]ip address 192.168.6.1 24
[AR2-Tunnel0/0/1]tunnel-protocol gre
[AR2-Tunnel0/0/1]source 15.0.0.1
[AR2-Tunnel0/0/1]destination 45.0.0.1RIP:
[AR2-Tunnel0/0/1]rip 1
[AR2-rip-1]version 2
[AR2-rip-1]network 192.168.6.0
AR3端
[AR3]interface Tunnel 0/0/1
[AR3-Tunnel0/0/1]ip address 192.168.6.4 24
[AR3-Tunnel0/0/1]tunnel-protocol gre
[AR3-Tunnel0/0/1]source 45.0.0.1
[AR3-Tunnel0/0/1]destination 15.0.0.1
[AR3-Tunnel0/0/1]qRIP:
[AR3]rip 1
[AR3-rip-1]version 2
[AR3-rip-1]network 192.168.4.0
[AR3-rip-1]network 192.168.6.0
AR2-AR1作PPP的PAP认证 AR1为主
AR1端
[AR1]aaa
[AR1-aaa]local-user huawei password cipher 666666
[AR1-aaa]local-user huawei service-type ppp
[AR1-aaa]q
[AR1]interface Serial 3/0/0
[AR1-Serial3/0/0]ppp authentication-mode pap
AR2端
[AR2]interface Serial 3/0/0
[AR2-Serial3/0/0]ppp pap local-user huawei password cipher 666666
AR4-AR1作PPP的chap认证 AR1为主
AR1端
[AR1]aaa
[AR1-aaa]local-user admin password cipher 777777
[AR1-aaa]local-user admin service-type ppp
[AR1-aaa]q
[AR1]interface Serial 3/0/1
[AR1-Serial3/0/1]ppp authentication-mode chap
AR4端
[AR4]interface Serial 4/0/0
[AR4-Serial4/0/0]ppp chap user admin
[AR4-Serial4/0/0]ppp chap password cipher 777777
AR5-AR1作HDLC封装
AR1端
[AR1]interface Serial 4/0/0
[AR1-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
实验结果测试:
全网可达
PAP认证、chap认证、HDLC封装
PC端同AR1环回