前言
基于实际工程演变的实验,R1、R2、R3、R4为一个公司,R1是母公司,R2、R3、R4为子公司,分别开在不同的地方,需要用VPN虚拟专用网络连接起来,R5所在的范围为互联网。
物理拓扑
MGRE(多点GRE)属于NBMA网络类型,非广播型多路访问,在一个MA网段没有洪泛机制,基于NHRP实现
NHRP:下一跳路径发现协议 非固定ip地址分支站点,主动到固定IP的中心站点注册;中心生成MAP映射—tunnel口IP与公有ip地址的对应;
PPP常用于以前的拨号上网功能
逻辑拓扑
一、IP地址+PPP+HDLC
R1
PPP中的被认证方
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
interface Serial4/0/0
link-protocol ppp //修改二层封装技术为PPP
ppp pap local-user xiaoli password cipher xiaoli123 //PPP明文传输PAP
ip address 15.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 15.1.1.2 //将公网连接起来
R2
interface GigabitEthernet0/0/0
ip address 192.168.2.1 255.255.255.0
interface Serial4/0/0
link-protocol ppp
ppp chap user xiaoli //PPP密文传输CHAP
ppp chap password cipher xiaoli123
ip address 25.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 25.1.1.2
R3
interface GigabitEthernet0/0/0
ip address 192.168.3.1 255.255.255.0
interface Serial4/0/0
link-protocol hdlc //修改二层封装技术为HDLC
ip address 35.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 25.1.1.2
R4
interface GigabitEthernet0/0/0
ip address 45.1.1.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.4.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 45.1.1.2
R5
PPP中的主认证方----服务端
aaa //为PPP认证准备账号密码
local-user xiaoli password cipher xiaoli123
local-user xiaoli service-type ppp
interface Serial3/0/0
link-protocol ppp
ppp authentication-mode pap
ip address 15.1.1.2 255.255.255.0
interface Serial3/0/1
link-protocol ppp
ppp authentication-mode chap
ip address 25.1.1.2 255.255.255.0
interface Serial4/0/0
link-protocol hdlc
ip address 35.1.1.2 255.255.255.0
interface GigabitEthernet0/0/0
ip address 45.1.1.2 255.255.255.0
interface LoopBack0
ip address 5.5.5.5 255.255.255.0
二、GRE/MGRE
R1
interface Tunnel0/0/0 //MGRE
ip address 123.1.1.1 255.255.255.0
tunnel-protocol gre p2mp //修改虚拟Tunnel口为MGRE
source 15.1.1.1 //固定公有IP地址,物理上通过的接口
nhrp entry multicast dynamic //表明本地是NHRP的中心,可以进行伪广播
nhrp network-id 1 //MGRE内所有接口必须为相同域
interface Tunnel0/0/1 //GRE
ip address 14.1.1.1 255.255.255.0
tunnel-protocol gre
source 15.1.1.1 //物理上通过的接口
destination 45.1.1.1 //物理上访问的接口
R2
interface Tunnel0/0/0
ip address 123.1.1.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0 //IP地址不固定
nhrp network-id 1
nhrp entry 123.1.1.1 15.1.1.1 register //找NHRP中心注册
R3
interface Tunnel0/0/0
ip address 123.1.1.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 1
nhrp entry 123.1.1.1 15.1.1.1 register
R4
interface Tunnel0/0/0
ip address 14.1.1.2 255.255.255.0
tunnel-protocol gre
source 45.1.1.1
destination 15.1.1.1
三、RIP路由(私有网络全网可达)
R1
rip 1
version 2
undo summary
network 192.168.1.0
network 123.0.0.0
network 14.0.0.0
interface Tunnel0/0/0
undo rip split-horizon //在MGRE接口上关闭RIP水平分割机制
R2
rip 1
version 2
undo summary
network 192.168.2.0
network 123.0.0.0
R3
rip 1
version 2
undo summary
network 192.168.3.0
network 123.0.0.0
R4
rip 1
version 2
undo summary
network 192.168.4.0
network 14.0.0.0
四、上网
R1
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
interface Serial4/0/0
nat outbound 2000
R2
acl number 2000
rule 5 permit source 192.168.2.0 0.0.0.255
interface Serial4/0/0
nat outbound 2000
R3
acl number 2000
rule 5 permit source 192.168.3.0 0.0.0.255
interface Serial4/0/0
nat outbound 2000
R4
acl number 2000
rule 5 permit source 192.168.4.0 0.0.0.255
interface GigabitEthernet0/0/0
nat outbound 2000
总结
到此,整个实验已经完成,希望对大家有所帮助。