实验要求及拓扑图如下:
网段划分完后的拓扑图如下:
配置各个路由器接口IP
R1
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]ip address 15.0.0.1 24
[r1-Serial4/0/0]q
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[r1-GigabitEthernet0/0/0]q
[r1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial4/0/0 15.0.0.1/24 up up
Serial4/0/1 unassigned down down
R2
[r2]interface Serial 4/0/0
[r2-Serial4/0/0]ip address 25.0.0.2 24
[r2-Serial4/0/0]q
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[r2-GigabitEthernet0/0/0]q
[r2]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.2.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial4/0/0 25.0.0.2/24 up up
Serial4/0/1 unassigned down down
R3
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]ip address 35.0.0.2 24
[r3-Serial4/0/0]q
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[r3-GigabitEthernet0/0/0]q
[r3]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.3.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial4/0/0 35.0.0.2/24 up up
Serial4/0/1 unassigned down down
R4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 45.0.0.2 24
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[r4-GigabitEthernet0/0/1]q
[r4]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 45.0.0.2/24 up up
GigabitEthernet0/0/1 192.168.4.1/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
[r5]interface Serial 3/0/0
[r5-Serial3/0/0]ip address 15.0.0.2 24
[r5-Serial3/0/0]q
[r5]interface Serial 3/0/1
[r5-Serial3/0/1]ip address 25.0.0.1 24
[r5-Serial3/0/1]q
[r5]interface Serial 4/0/0
[r5-Serial4/0/0]ip address 35.0.0.1 24
[r5-Serial4/0/0]q
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ip address 45.0.0.1 24
[r5-GigabitEthernet0/0/0]q
[r5]interface loopback 0
[r5-LoopBack0]ip address 5.5.5.5 24
[r5-LoopBack0]q
[r5]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 45.0.0.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 5.5.5.5/24 up up(s)
NULL0 unassigned up up(s)
Serial3/0/0 15.0.0.2/24 up up
Serial3/0/1 25.0.0.1/24 up up
Serial4/0/0 35.0.0.1/24 up up
Serial4/0/1 unassigned down down
R1~R4路由配置缺省
[r1]ip route-static 0.0.0.0 0 15.0.0.2
[r2]ip route-static 0.0.0.0 0 25.0.0.1
[r3]ip route-static 0.0.0.0 0 35.0.0.1
[r4]ip route-static 0.0.0.0 0 45.0.0.1
R1和R5间使用PPP的PAP认证,R5为主认证方
R5配置认证类型及认证信息(主认证方)
[r5]aaa
[r5-aaa]local-user admin password cipher 123456
[r5-aaa]local-user admin service-type ppp
[r5-aaa]q
[r5]interface Serial 3/0/0
[r5-Serial3/0/0]ppp authentication-mode pap
[r5-Serial3/0/0]q
R1配置登录认证(被认证方)
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]ppp pap local-user admin password cipher 123456
[r1-Serial4/0/0]q
R2于R5之间使用PPP的chap认证,R5为主认证方
R5指定认证类型
[r5]interface Serial 3/0/1
[r5-Serial3/0/1]ppp authentication-mode chap
[r5-Serial3/0/1]q
R2配置登录认证
[r2]interface Serial 4/0/0
[r2-Serial4/0/0]ppp chap password cipher 123456
R3于R5之间使用HDLC封装
R3修改为HDLC
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
R5也修改为HDLC
[r5]interface Serial 4/0/0
[r5-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
R1/R2/R3构建一个MGRE环境,R1为中心站点
R1~R3创建tunnel接口配置IP
[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 192.168.5.1 24
[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]ip address 192.168.5.2 24
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip address 192.168.5.3 24
R1选择隧道类型、配置源IP、再根据nhrp建立一个域、开启伪广播
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 15.0.0.1
[r1-Tunnel0/0/0]nhrp network
[r1-Tunnel0/0/0]nhrp network-id 100
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
R2
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source Serial 4/0/0
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
R3
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial 4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
R1、R4间为点到点的GRE
R1
[r1]int t 0/0/1
[r1-Tunnel0/0/1]ip add 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 15.0.0.1
[r1-Tunnel0/0/1]destination 45.0.0.1
R4
[r4]int t 0/0/0
[r4-Tunnel0/0/0]ip add 192.168.6.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.1
[r4-Tunnel0/0/0]destination 15.0.0.1
整个私有网络基于RIP全网可达
R1
[r1]rip
[r1-rip-1]v 2
[r1-rip-1]network 1.0.0.0
[r1-rip-1]network 192.168.6.0
[r1-rip-1]network 192.168.5.0
[r1]int t 0/0/0
[r1-Tunnel0/0/0]undo rip split-horizon
R2
[r2]rip
[r2-rip-1] v 2
[r2-rip-1]network 2.0.0.0
[r2-rip-1]network 192.168.5.0
R3
[r3]rip
[r3-rip-1]v 2
[r3-rip-1]network 3.0.0.0
[r3-rip-1]network 192.168.5.0
R4
[r4]rip
[r4-rip-1]v 2
[r4-rip-1]network 4.0.0.0
[r4-rip-1]network 192.168.6.0
所有pc设置私有Ip为源IP,可以访问R5环回
R1
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 1.0.0.0 0.255.255.255
[r1-acl-basic-2000]int s 4/0/0
[r1-Serial4/0/0]nat outbound 2000
R2
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 2.0.0.0 0.255.255.255
[r2-acl-basic-2000]int s 4/0/0
[r2-Serial4/0/0]nat outbound 2000
R3
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 3.0.0.0 0.255.255.255
[r3-acl-basic-2000]int s 4/0/0
[r3-Serial4/0/0]nat outbound 2000
R4
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 4.0.0.0 0.255.255.255
[r4-acl-basic-2000]int g 0/0/0
[r4-Serial4/0/0]nat outbound 2000