拓扑图:
要求:
- R5为ISP,只能进行IP地址配置﹔其所有地址均配为公有IP地址
- R1和R5间使用PPP的PAP认证,R5为主认证方;
- R2于R5之间使用PPP的chap认证,R5为主认证方;
- R3于R5之间使用HDLC封装
- R1/R2/R3构建一个HGRE环境,R1为中心站点;R1、R4间为点到点的GRE
- 整个私有网络基于RIP全网可达
- 所有PC设置私有为源IP,可以访问R5环回
分析:
R5为ISP,只能进行IP地址配置﹔其所有地址均配为公有IP地址 --- NAT技术+缺省
R1和R5间使用PPP的PAP认证,R5为主认证方 --- PPP协议的PAP认证
R2于R5之间使用PPP的chap认证,R5为主认证方 --- PPP协议的CHAP认证
R3于R5之间使用HDLC封装 ---调整R3R5之间serial线的协议
R1/R2/R3构建一个HGRE环境,R1为中心站点 ---MGRE技术(R1为中心)
R1、R4间为点到点的GRE ---GRE技术
整个私有网络基于RIP全网可达 ---RIP宣告(与MGRE结合)
所有PC设置私有为源IP,可以访问R5环回 ---NAT技术
此时没有要求使用规定网段,我使用自己划分的网段,私网从192.168.1.0/24 到192.168.4.0/24,然后与ISP路由的网段为1.0.0.0/30到4.0.0.0/30.而在ISP内设置的环回为123.123.123.1/24,设置的MGER网段为192.168.5.0/24,GRE网段为192.168.6.0/24.ACL抓取所有的私网段去访问NAT。
!!!使用的PPP协议,使用需要加上对应的serial板
配置:
①配置接口,环回
//R1的接口和静态地址
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ip address 1.0.0.1 30
[R1-Serial1/0/0]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
//R2的接口和静态地址
[R2]interface Serial 2/0/0
[R2-Serial2/0/0]ip address 2.0.0.1 30
[R2-Serial2/0/0]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
//R3的接口和静态地址
[R3]interface Serial 3/0/0
[R3-Serial3/0/0]ip address 3.0.0.1 30
[R3-Serial3/0/0]int g0/0/0
[R3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
//R4的接口和静态地址
[R4]interface g0/0/0
[R4-GigabitEthernet0/0/0]ip address 4.0.0.1 24
[R4]interface g0/0/1
[R4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
//ISP的接口和环回
[R5]interface Serial 1/0/0
[R5-Serial1/0/0]ip address 1.0.0.2 30
[R5-Serial1/0/0]interface Serial 2/0/0
[R5-Serial2/0/0]ip address 2.0.0.2 30
[R5-Serial2/0/0]interface Serial 3/0/0
[R5-Serial3/0/0]ip address 3.0.0.2 30
[R5-Serial3/0/0]interface G0/0/0
[R5-GigabitEthernet0/0/0]ip address 4.0.0.2 30
[R5]interface l 0
[R5-LoopBack0]ip address 123.123.123.0 24检查配置:
//R1
[R1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial1/0/0 1.0.0.1/30 up up
Serial1/0/1 unassigned down down
//R2
[R2]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.2.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial2/0/0 2.0.0.1/30 up up
Serial2/0/1 unassigned down down
//R3
[R3]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.3.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial3/0/0 3.0.0.1/30 up up
Serial3/0/1 unassigned down down
//R4
[R4]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 4.0.0.1/24 up up
GigabitEthernet0/0/1 192.168.4.1/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
//ISP
[R5]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 5
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 5
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 4.0.0.2/30 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial1/0/0 1.0.0.2/30 up up
Serial1/0/1 unassigned down down
Serial2/0/0 2.0.0.2/30 up up
Serial2/0/1 unassigned down down
Serial3/0/0 3.0.0.2/30 up up
Serial3/0/1 unassigned down down②配置R1和R5的RAP验证:
//配置方设置 用户lxb 密码123456(密文)
[R5]aaa
[R5-aaa]local-user lxb password cipher 123456
Info: Add a new user.
[R5-aaa]interface Serial 1/0/0
[R5-Serial1/0/0]ppp authentication-mode pap
//检查
[R5-Serial1/0/0]display this
[V200R003C00]
#
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode pap
ip address 1.0.0.2 255.255.255.252
#
return
//认证方R1配置
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ppp pap local-user lxb password cipher 123456③配置R2和R5的CHAP验证:
//之前设置的aaa认证,在R2接口上设置为CHAP认证
[R5-Serial1/0/0]interface Serial 2/0/0
[R5-Serial2/0/0]ppp authentication-mode chap
//检查
[R5-Serial2/0/0]display this
[V200R003C00]
#
interface Serial2/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 2.0.0.2 255.255.255.252
#
return
//认证方R2设置
[R2]interface Serial 2/0/0
[R2-Serial2/0/0]ppp chap user lxb
[R2-Serial2/0/0]ppp chap password cipher 123456
//检查
[R2-Serial2/0/0]display this
[V200R003C00]
#
interface Serial2/0/0
link-protocol ppp
ppp chap user lxb
ppp chap password cipher %$%$zy7D5B2U7(O!>{J~gxB+,#,N%$%$
ip address 2.0.0.1 255.255.255.252
#
return④R3和R5为HDLC协议:
//R3接口上配置HDLC
[R3]interface Serial 3/0/0
[R3-Serial3/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
//检查
[R3-Serial3/0/0]display this
[V200R003C00]
#
interface Serial3/0/0
link-protocol hdlc
ip address 3.0.0.1 255.255.255.252
#
return
//R5对应接口配置hdlc
[R5-Serial2/0/0]interface Serial 3/0/0
[R5-Serial3/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
//检查
[R5-Serial3/0/0]display this
[V200R003C00]
#
interface Serial3/0/0
link-protocol hdlc
ip address 3.0.0.2 255.255.255.252
#
return
⑤配置MGRE:
在做MGRM之前,需要保证公网连接成功:
//对应接口写上到ISP的缺省
[R1]ip route-static 0.0.0.0 0 1.0.0.2
[R2]ip route-static 0.0.0.0 0 2.0.0.2
[R3]ip route-static 0.0.0.0 0 3.0.0.2
[R4]ip route-static 0.0.0.0 0 4.0.0.2
//用R1的公网去pingR3的公网
[R1]ping 3.0.0.2
PING 3.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 3.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 3.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 3.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 3.0.0.2: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 3.0.0.2: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 3.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/24/50 ms
//联通配置:
//MGRE我设置的管道为192.168.5.0/24网段
//R1为中心,使用NHRP为100
//配置R1的为NHRP的HCL
[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 192.168.5.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 1.0.0.1
[R1-Tunnel0/0/0]nhrp network-id 100
[R1-Tunnel0/0/0]q
[R1]interface Tunnel 0/0/0
//检查
[R1-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.5.1 255.255.255.0
tunnel-protocol gre p2mp
source 1.0.0.1
nhrp network-id 100
#
return
//配置R2
[R2]interface Tunnel 0/0/0
[R2-Tunnel0/0/0]ip address 192.168.5.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source Serial 2/0/0
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 192.168.5.1 1.0.0.1 register
//检查
[R2-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.5.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial2/0/0
nhrp network-id 100
nhrp entry 192.168.5.1 1.0.0.1 register
#
return
//配置R3的DHRP
[R3]interface t0/0/0
[R3-Tunnel0/0/0]ip address 192.168.5.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source Serial 3/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 192.168.5.1 1.0.0.1 register
//检查
[R3-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 192.168.5.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial3/0/0
nhrp network-id 100
nhrp entry 192.168.5.1 1.0.0.1 register
#
return
//此时检查R1的NHRP ,此时已经学习完毕
[R1]display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.5.2 32 2.0.0.1 192.168.5.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:02:09
Expire time : 01:57:51
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.5.3 32 3.0.0.1 192.168.5.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:00:39
Expire time : 01:59:21
Number of nhrp peers: 2
⑥配置GRE:
//GRE我管道设置为192.168.6.0/24 ,使用T0/0/1
//配置R1的GRE技术
[R1]interface t0/0/1
[R1-Tunnel0/0/1]ip address 192.168.6.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre
[R1-Tunnel0/0/1]source 1.0.0.1
[R1-Tunnel0/0/1]destination 4.0.0.1
//检查
[R1-Tunnel0/0/1]display this
[V200R003C00]
#
interface Tunnel0/0/1
destination 4.0.0.1
ip address 192.168.6.1 255.255.255.0
tunnel-protocol gre
source 1.0.0.1
#
return
//配置R4的GRE技术
[R4]interface t0/0/1
[R4-Tunnel0/0/1]ip address 192.168.6.2 24
[R4-Tunnel0/0/1]tunnel-protocol gre
[R4-Tunnel0/0/1]source 4.0.0.1
[R4-Tunnel0/0/1]destination 1.0.0.1
[R4-Tunnel0/0/1]display this
[V200R003C00]
#
interface Tunnel0/0/1
destination 1.0.0.1
ip address 192.168.6.2 255.255.255.0
tunnel-protocol gre
source 4.0.0.1
#
return
//此时需要配置一个静态路由
[R1]ip route-static 192.168.4.0 24 192.168.6.2
[R4]ip route-static 192.168.1.0 24 192.168.6.1⑦配置RIP:
//宣告,不能宣告公网地址
//R1
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 192.168.5.0
[R1-rip-1]network 192.168.6.0
//检查
[R1-rip-1]display this
[V200R003C00]
#
rip 1
version 2
network 192.168.1.0
network 192.168.5.0
network 192.168.6.0
#
return
//R2
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 192.168.5.0
//检查
[R2-rip-1]display this
[V200R003C00]
#
rip 1
version 2
network 192.168.2.0
network 192.168.5.0
#
return
//R3
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]network 192.168.3.0
[R3-rip-1]network 192.168.5.0
//检查
[R3-rip-1]display this
[V200R003C00]
#
rip 1
version 2
network 192.168.3.0
network 192.168.5.0
#
return
//R4
[R4]rip
[R4-rip-1]version 2
[R4-rip-1]network 192.168.4.0
[R4-rip-1]network 192.168.6.0
//检查
[R4-rip-1]display this
[V200R003C00]
#
rip 1
version 2
network 192.168.4.0
network 192.168.6.0
#
return
//此时R1可以刷出到R2-R4的路由表,而R2-R4之间无法互相刷出RIP路由
//需要设置伪广播技术
[R1]interface t0/0/0
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
//此时还是没有办法刷出RIP,需要关闭RIP的水平分割
[R1-Tunnel0/0/0]undo rip split-horizon
//此时R2可以学到RIP信息
<R2>display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 3 Routes : 3
RIP routing table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
192.168.3.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.6.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
//尝试互相ping
[R1]ping 192.168.3.1
PING 192.168.3.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 192.168.3.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 192.168.3.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.3.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 192.168.3.1: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 192.168.3.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/30 ms
[R1]ping 192.168.2.1
PING 192.168.2.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=255 time=40 ms
--- 192.168.2.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/32/40 ms⑧设置NAT技术:
//设置NAT技术
//R1
[R1]acl 2000
[R1-acl-basic-2000]rule permit source any
[R1-acl-basic-2000]interface Serial 1/0/0
[R1-Serial1/0/0]nat outbound 2000
//R2
[R2]acl 2000
[R2-acl-basic-2000]rule permit source any
[R2]interface Serial 2/0/0
[R2-Serial2/0/0]nat outbound 2000
//R2
[R3]acl 2000
[R3-acl-basic-2000]rule permit source any
[R3]interface Serial 3/0/0
[R3-Serial3/0/0]nat outbound 2000
//R4
[R4]acl 2000
[R4-acl-basic-2000]rule permit source any
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]nat outbound 2000
检查:
//使用R3的电脑去pingISP的环回
PC>ping 123.123.123.1
Ping 123.123.123.1: 32 data bytes, Press Ctrl_C to break
From 123.123.123.1: bytes=32 seq=1 ttl=254 time=16 ms
From 123.123.123.1: bytes=32 seq=2 ttl=254 time<1 ms
From 123.123.123.1: bytes=32 seq=3 ttl=254 time=31 ms
From 123.123.123.1: bytes=32 seq=4 ttl=254 time=31 ms
From 123.123.123.1: bytes=32 seq=5 ttl=254 time=16 ms
--- 123.123.123.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 0/18/31 ms需求分析:
①R3和R5之间的协议为HDLC
[R5]display interface Serial 3/0/0
Serial3/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2022-01-09 17:37:36 UTC-08:00
Description:HUAWEI, AR Series, Serial3/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 3.0.0.2/30
Link layer protocol is nonstandard HDLC #修改成功
Last physical up time : 2022-01-09 17:37:36 UTC-08:00
Last physical down time : 2022-01-09 17:37:35 UTC-08:00
Current system time: 2022-01-09 19:56:22-08:00
Physical layer is synchronous, Virtualbaudrate is 64000 bps
Interface is DTE, Cable type is V11, Clock mode is TC
Last 300 seconds input rate 7 bytes/sec 56 bits/sec 0 packets/sec
Last 300 seconds output rate 5 bytes/sec 40 bits/sec 0 packets/sec
②私网可达
<R4>ping 192.168.2.1
PING 192.168.2.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=254 time=50 ms
Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 192.168.2.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/42/50 ms
③ISP访问 (R2)
PC>ping 123.123.123.1
Ping 123.123.123.1: 32 data bytes, Press Ctrl_C to break
From 123.123.123.1: bytes=32 seq=1 ttl=254 time=16 ms
From 123.123.123.1: bytes=32 seq=2 ttl=254 time<1 ms
From 123.123.123.1: bytes=32 seq=3 ttl=254 time=31 ms
From 123.123.123.1: bytes=32 seq=4 ttl=254 time=31 ms
From 123.123.123.1: bytes=32 seq=5 ttl=254 time=16 ms
--- 123.123.123.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 0/18/31 ms
问题:
在配置GRE时,产生了配置问题,使得协议不启动,而接口启动
[R4-Tunnel0/0/1]description
[R4-Tunnel0/0/1]destination
此时本地路由表也没有T0/0/1这个网段的信息
在网络连通的情况下
发现是看错了!!!已修改
199
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
