hcip第五天实验

先进行ip地址划分
配置ip地址，并在路由器上配置私有和公有ip地址，并指向ISP的一条缺省，使公网内网络互通

R1和R5之间做PAP认证，R5为主认证方，R1为被认证方
[isp]aaa
[isp-aaa]local-user huawei password cipher 123456
[isp-aaa]local-user huawei service-type ppp
[isp]int s3/0/0
[isp-Serial3/0/0]ppp authentication-mode pap
[isp-Serial3/0/0]ip address 14.1.1.2 24
[r1]int s4/0/0
[r1-Serial4/0/0]link-protocol ppp
[r1-Serial4/0/0]ppp pap local-user huawei password cipher 123456
[r1-Serial4/0/0]ip address 14.1.1.1 24

R2和R5之间做chap认证，R5为主认证
[isp]aaa
[isp-aaa]local-user huawei password cipher 123456
[isp-aaa]local-user huawei service-type ppp
[isp]int s3/0/0
[isp-Serial3/0/0]ppp authentication-mode ppp
[isp-Serial3/0/0]ppp authentication-mode chap
[r2]int s4/0/0
[r2-Serial4/0/0]link-protocol ppp
[r2-Serial4/0/0]ppp chap user huawei
[r2-Serial4/0/0]ppp chap password cipher 123456

R3与R5之间做HDLC封装
[r3-Serial4/0/0]link-protocol hdlc
[isp-Serial4/0/0]link-protocol hdlc

R1 R2 R3之间做MGRE环境，R1为中心站点
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.1.1 255.255.255.0
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 15.1.1.1
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
[r1-Tunnel0/0/0]nhrp network-id 100

[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0] ip address 10.1.1.2 255.255.255.0
[r2-Tunnel0/0/0] tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source Serial4/0/0
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]
nhrp entry 10.1.1.1 15.1.1.1 register

[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0] ip address 10.1.1.3 255.255.255.0
[r3-Tunnel0/0/0] tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]
nhrp entry 10.1.1.1 15.1.1.1 register
[r1-Tunnel0/0/0]undo rip split-horizon

R1与R4配置点到点GRE
[r1]interface Tunnel 0/0/1
[r1-Tunnel0/0/1]ip address 10.1.1.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 14.1.1.1
[r1-Tunnel0/0/1]destination 44.1.1.1
[r4]interface Tunnel 0/0/1
[r4-Tunnel0/0/1]ip address 10.1.1.1 24
[r4-Tunnel0/0/1]tunnel-protocol gre
[r4-Tunnel0/0/1]source 44.1.1.1
[r4-Tunnel0/0/1]destination 14.1.1.1

使用rip整个私网可达
[r1]rip 1
[r1-rip-1]version 2
[r1-rip-1]un summary
[r1-rip-1]network 192.168.1.0
[r1-rip-1]net
[r1-rip-1]network 10.0.0.0
[r2]rip 1
[r2-rip-1]version 2
[r2-rip-1]un summary
[r2-rip-1]network 192.168.2.0
[r2-rip-1]net
[r2-rip-1]network 10.0.0.0
[r3]rip 1
[r3-rip-1]version 2
[r3-rip-1]un summary
[r3-rip-1]network 192.168.3.0
[r3-rip-1]net
[r3-rip-1]network 10.0.0.0
[r4]rip 1
[r4-rip-1]version 2
[r4-rip-1]un summary
[r4-rip-1]network 192.168.4.0
[r4-rip-1]net
[r4-rip-1]network 10.0.0.0
acl
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]nat outbound 2000
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2]interface Serial 4/0/0
[r2-Serial4/0/0]nat outbound 2000
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]nat outbound 2000
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r4]interface Serial 4/0/0
[r1-Serial4/0/0]nat outbound 2000