HCIP作业2

1.R5为ISP，只能进行IP地址配置；其所有接口配置为公有ip地址
2.R1与R5之间使用PPP的PAP认证，R5为主认证方；R2与R5间使用PPP的chap认证，R5为主认证方；R3与R5之间使用HDLC封装
3.R1/2/3构建一个MGRE环境，R1为中心站点；R1/R4间为点到点GRE
4.整个私有网络基于RIP全网可达
5.所有路由器基于环回私有地址为源IP时，可以正常访问R5环回
 

第一步配置PAP

[ISP-aaa]local-user hcip password cipher 123456
[ISP-aaa]local-user hcip service-type ppp
[ISP-aaa]quit
[ISP]int s3/0/0
[ISP-Serial3/0/0]ppp authentication-mode pap
[ISP-Serial3/0/0]ip ad 15.1.1.2 24
 

[r1-Serial4/0/0]ip ad 15.1.1.1 24
[r1-Serial4/0/0]ppp pap local-user hcip password cipher 123456

第二步chap认证，R5为主认证方

[ISP-aaa]local-user aaa password cipher  123456
Info: Add a new user.
[ISP-aaa]local-user aaa service-type ppp
[ISP-aaa]quit
[ISP]int s3/0/1
[ISP-Serial3/0/1]ppp authentication-mode chap

[ISP-aaa]local-user aaa password cipher  123456
Info: Add a new user.
[ISP-aaa]quit
[ISP]int s3/0/1
[ISP-Serial3/0/1]ppp au    
[ISP-Serial3/0/1]ppp authentication-mode chap
[ISP-Serial3/0/1]ip ad 12.0.0.1 24

[r2-Serial4/0/0]ip ad 12.0.0.2 24
[r2-Serial4/0/0]
Oct 21 2023 02:50:00-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP
 IPCP on the interface Serial4/0/0 has entered the UP state. 

[r2-Serial4/0/0]ppp chap user aaa 

[r2-Serial4/0/0]ppp chap password cipher 123456

测试---关掉ISP  查看R2的状态

第3步 HDLC

[ISP-Serial4/0/0]ip ad 13.0.0.1 24
[ISP-Serial4/0/0]link-protocol hdlc

[R3-Serial4/0/0]ip ad 13.0.0.2 24
[R3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
 

第四步配置IP 全网可达

[ISP-LoopBack0]ip ad 5.5.5.5 24
[ISP-LoopBack0]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad 14.0.0.2 24
[R4-GigabitEthernet0/0/1]ip ad 14.0.0.1 24

配置连接PC的端口
[r1-GigabitEthernet0/0/0]ip ad 192.168.1.1 24
[r2-GigabitEthernet0/0/0]ip ad 192.168.2.1 24


[R3-GigabitEthernet0/0/0]ip add 192.168.3.1 24
[R4-GigabitEthernet0/0/0]ip add 192.168.4.1 24

 首先使公网可以联通（可以ping通R５的环回）
用静态写一条指向R５的缺省路由
[r1]ip route-static 0.0.0.0 0 15.1.1.1
[r2]ip route-static 0.0.0.0 0 12.0.0.2

[R3]ip route-static 0.0.0.0 0 13.0.0.1
[R4]ip route-static 0.0.0.0 0 14.0.0.2
测试：pingR５的环回

 

在R1~3建立MGRE，R1/4建立GRE
注意两个GRE要建立在两个不同的网段上

先建立R 1 R4 GRE

[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]ip ad 10.0.0.1 24

[r1-Tunnel0/0/0]tunnel-protocol gre

[R4]int Tunnel 0/0/0
[R4-Tunnel0/0/0]tu    
[R4-Tunnel0/0/0]tunnel-protocol gre
[R4-Tunnel0/0/0]ip ad 10.0.0.2 24
[R4-Tunnel0/0/0]source 14.0.0.1
[R4-Tunnel0/0/0]de    
[R4-Tunnel0/0/0]description 15.1.1.1

建立R1~3 之间的MGRE

[r1-Tunnel0/0/1]ip ad 10.0.1.1 24

[r1-Tunnel0/0/1]tunnel-protocol gre p2mp
[r1-Tunnel0/0/1]sou    
[r1-Tunnel0/0/1]source 15.1.1.1
Oct 21 2023 03:41:18-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/1 has entered the UP state. 
[r1-Tunnel0/0/1]

[r1-Tunnel0/0/1]nhrp entry multicast dynamic --使R1成为中心站点

[r2]int Tunnel 0/0/0
[r2-Tunnel0/0/0]ip ad 10.0.1.2 24
[r2-Tunnel0/0/0]tu    
[r2-Tunnel0/0/0]tunnel-protocol gre P2mp
[r2-Tunnel0/0/0]so    
[r2-Tunnel0/0/0]source S4/0/0
Oct 21 2023 03:45:05-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[r2-Tunnel0/0/0]
[r2-Tunnel0/0/0]nh    
[r2-Tunnel0/0/0]nhrp en    
[r2-Tunnel0/0/0]nhrp entry 10.0.1.1 15.1.1.1 r    
[r2-Tunnel0/0/0]nhrp entry 10.0.1.1 15.1.1.1 register 
[r2-Tunnel0/0/0]

[R3-Tunnel0/0/0]ip ad 10.0.1.3 24
[R3-Tunnel0/0/0]t    
[R3-Tunnel0/0/0]tu    
[R3-Tunnel0/0/0]tunnel-protocol gre p    
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R3-Tunnel0/0/0]sou    
[R3-Tunnel0/0/0]source s4/0/0
Oct 21 2023 03:46:48-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[R3-Tunnel0/0/0]nhrp en    
[R3-Tunnel0/0/0]nhrp entry 10.0.1.1 15.1.1.1 r    
[R3-Tunnel0/0/0]nhrp entry 10.0.1.1 15.1.1.1 register 
[R3-Tunnel0/0/0]nhrp network-id 12
 

[r1]rip 1
[r1-rip-1]version 2
[r1-rip-1]un summary 
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 10.0.0.0

[r2]rip 1
[r2-rip-1]version 2
[r2-rip-1]un summary 
[r2-rip-1]net 192.168.2.0
[r2-rip-1]net 10.0.0.0
 

[R3]rip 1  
[R3-rip-1]version 2
[R3-rip-1]un summary 
[R3-rip-1]net 192.168.3.0
[R3-rip-1]net 10.0.0.0
 

[R4]rip 1
[R4-rip-1]version 2
[R4-rip-1]un summary 
[R4-rip-1]net 192.168.4.0
[R4-rip-1]net 10.0.0.0
 

[r1]int Tunnel 0/0/1
[r1-Tunnel0/0/1]undo rip s    
[r1-Tunnel0/0/1]undo rip split-horizon

 所有路由器基于环回私有地址为源IP时，可以正常访问R5环回

 [r1]acl 2000
[r1-acl-basic-2000]rule permit s    
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000

[r2]acl 2000
[r2-acl-basic-2000]ru    
[r2-acl-basic-2000]rule p    
[r2-acl-basic-2000]rule permit s    
[r2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r2-acl-basic-2000]int s4/0/0
[r2-Serial4/0/0]nat out    
[r2-Serial4/0/0]nat outbound 2000

[R3]acl 2000
[R3-acl-basic-2000]ru    
[R3-acl-basic-2000]rule p    
[R3-acl-basic-2000]rule permit s    
[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R3-acl-basic-2000]int s4/0/0
[R3-Serial4/0/0]nat o    
[R3-Serial4/0/0]nat outbound 2000

[R4]acl 2000
[R4-acl-basic-2000]r    
[R4-acl-basic-2000]reset
[R4-acl-basic-2000]return
[R4-acl-basic-2000]rule p    
[R4-acl-basic-2000]rule permit  s    
[R4-acl-basic-2000]rule permit  source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]int g0/0/1
[R4-GigabitEthernet0/0/1]nat o    
[R4-GigabitEthernet0/0/1]nat outbound 2000