MGRE实验
- 实验拓扑
- 实验要求
1、R2为ISP,其上只能配置IP地址
2、R1-R2之间为HDLC封装
3、R2-R3之间为PPP封装,pap认证,R2为主认证方
4、R2-R4之间为PPP封装,chap认证,R2为主认证方
5、R1,R2,R3构建MGRE环境,仅R1 IP地址固定
6、内网使用RIP获取路由,所有PC可以互相访问,并且可访问R2环回
- 实验步骤
R1
[V200R003C00]
#
sysname R1
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol hdlc
ip address 100.1.1.1 255.255.255.0
nat outbound 2000
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 10.1.1.1 255.255.255.0
undo rip split-horizon
tunnel-protocol gre p2mp
source 100.1.1.1
nhrp entry multicast dynamic
nhrp network-id 100
#
rip 1
version 2
network 10.0.0.0
network 192.168.1.0
undo verify-source
#
ip route-static 0.0.0.0 0.0.0.0 Serial4/0/0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
ISP
[V200R003C00]
#
sysname ISP
#
board add 0/3 2SA
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user huawei password cipher %$%$C^.`(MF^G<:0Wq-UCfJ&MoI[%$%$
local-user huawei service-type ppp
#
firewall zone Local
priority 15
#
interface Serial3/0/0
link-protocol hdlc
ip address 100.1.1.2 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
ppp authentication-mode chap
ip address 100.1.3.2 255.255.255.0
#
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode pap
ip address 100.1.2.2 255.255.255.0
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R2
[V200R003C00]
#
sysname R2
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 192.168.2.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol ppp
ppp pap local-user huawei password cipher %$%$NU0M</Egm$DB4FTRC&\:,(/z%$%$
ip address 100.1.2.1 255.255.255.0
nat outbound 2000
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 10.1.1.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 10.1.1.1 100.1.1.1 register
#
rip 1
version 2
network 10.0.0.0
network 192.168.2.0
#
ip route-static 0.0.0.0 0.0.0.0 Serial4/0/0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R3
[V200R003C00]
#
sysname R3
#
board add 0/4 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 192.168.3.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol ppp
ppp chap user huawei
ppp chap password cipher %$%$Q`F*K}.oR~QFj|9@c/V5,)SJ%$%$
ip address 100.1.3.1 255.255.255.0
nat outbound 2000
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 10.1.1.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 10.1.1.1 100.1.1.1 register
#
rip 1
version 2
network 10.0.0.0
network 192.168.3.0
#
ip route-static 0.0.0.0 0.0.0.0 Serial4/0/0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
- 结果截图