目录
MGRE综合实验
分析:
网段划分:R1-R5 :15.0.0.0 私有网段:R1 :192.168.1.0
R2-R5 :25.0.0.0 R2 :192.168.2.0
R3-R5 :25.0.0.0 R3 :192.168.3.0
R3-R5 :25.0.0.0 R4 :192.168.4.0
R1 - R5 -R2 -R3 192.168.5.0 R1- R4 192.168.6.0
基本配置
R1
<Huawei>sys
<Huawei>system-view
[Huawei]sys
[Huawei]sysname R1
[R1]int s 4/0/0
[R1-Serial4/0/0]
[R1-Serial4/0/0]ip add
[R1-Serial4/0/0]ip address 15.0.0.1 24
[R1-Serial4/0/0]int g 0/0/0
[R1-GigabitEthernet0/0/0] ip
[R1-GigabitEthernet0/0/0]ip ad
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0/0]
Sep 18 2022 11:11:19-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R1-GigabitEthernet0/0/0]
R2
<R2>ys
<R2>sys
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]int s
[R2]int Serial 4/0/0
[R2-Serial4/0/0]ip add
[R2-Serial4/0/0]ip address 25.0.0.1 24
[R2-Serial4/0/0]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip add
[R2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
Sep 18 2022 11:15:13-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R2-GigabitEthernet0/0/0]
R3
<R3>sys
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]int s
[R3]int Serial 4/0/0
[R3-Serial4/0/0]ip add
[R3-Serial4/0/0]ip address 35.0.0.1 24
[R3-Serial4/0/0]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip add
[R3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
Sep 18 2022 11:17:13-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R3-GigabitEthernet0/0/0]
R4
<R4>sys
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip ad
[R4-GigabitEthernet0/0/0]ip address 45.0.0.1 24
Sep 18 2022 11:19:00-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R4-GigabitEthernet0/0/0]int g 0/0/1
[R4-GigabitEthernet0/0/1]ip
[R4-GigabitEthernet0/0/1]ip ad
[R4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
Sep 18 2022 11:19:27-08:00 R4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R4-GigabitEthernet0/0/1]
R5
<R5>sys
<R5>system-view
Enter system view, return user view with Ctrl+Z.
[R5]int s
[R5]int Serial 3/0/0
[R5-Serial3/0/0]ip ad
[R5-Serial3/0/0]ip address 15.0.0.2 24
[R5-Serial3/0/0]
Sep 18 2022 11:20:40-08:00 R5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP
IPCP on the interface Serial3/0/0 has entered the UP state.
[R5-Serial3/0/0]int s 4/0/0
[R5-Serial4/0/0]ip address 35.0.0.2 24
Sep 18 2022 11:21:53-08:00 R5 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the DOWN state.
[R5-Serial4/0/0]
Sep 18 2022 11:21:53-08:00 R5 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the UP state.
[R5-Serial4/0/0]int s 3/0/1
[R5-Serial3/0/1]ip add
[R5-Serial3/0/1]ip address 25.0.0.2 24
[R5-Serial3/0/1]
Sep 18 2022 11:22:43-08:00 R5 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PPP
IPCP on the interface Serial3/0/1 has entered the UP state.
[R5-Serial3/0/1]int g 0/0/0
[R5-GigabitEthernet0/0/0]ip add
[R5-GigabitEthernet0/0/0]ip address 45.0.0.2 24
Sep 18 2022 11:23:05-08:00 R5 %%01IFNET/4/LINK_STATE(l)[5]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R5-GigabitEthernet0/0/0]
边界路由配置缺省
R1
[R1]ip ro
[R1]ip route-s
[R1]ip route-static 0.0.0.0 0 15.0.0.2
[R1]
R2
[R2]ip ro
[R2]ip route-sy
[R2]ip route-s
[R2]ip route-static 0.0.0.0 0 25.0.0.2
[R2]
R3
[R3]
[R3]ip ro
[R3]ip route-s
[R3]ip route-static 0.0.0.0 0 35.0.0.2
[R3]
R4
[R4]ip ro
[R4]ip route-s
[R4]ip route-static 0.0.0.0 0 45.0.0.2
[R4]
测试公网
[R1]ping 25.0.0.1
PING 25.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 25.0.0.1: bytes=56 Sequence=1 ttl=254 time=60 ms
Reply from 25.0.0.1: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 25.0.0.1: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 25.0.0.1: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 25.0.0.1: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 25.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/36/60 ms
[R1]ping 35.0.0.1
PING 35.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 35.0.0.1: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 35.0.0.1: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 35.0.0.1: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 35.0.0.1: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 35.0.0.1: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 35.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/32/40 ms
R1和R5之间使用PPP的PAP认证,R5为主认证方
R1
查询封装协议
[R1]dis
[R1]display in
[R1]display info-center
[R1]display interface se
[R1]display interface Serial 4/0/0
Serial4/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2022-09-18 11:20:40 UTC-08:00
Description:HUAWEI, AR Series, Serial4/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 15.0.0.1/24
Link layer protocol is PPP
LCP opened, IPCP opened
Last physical up time : 2022-09-18 10:43:38 UTC-08:00
Last physical down time : 2022-09-18 10:43:32 UTC-08:00
Current system time: 2022-09-18 11:35:03-08:00
Physical layer is synchronous, Virtualbaudrate is 64000 bps
Interface is DTE, Cable type is V11, Clock mode is TC
Last 300 seconds input rate 10 bytes/sec 80 bits/sec 0 packets/sec
Last 300 seconds output rate 5 bytes/sec 40 bits/sec 0 packets/sec
Input: 654 packets, 21656 bytes
Broadcast: 0, Multicast: 0
Errors: 0, Runts: 0
Giants: 0, CRC: 0
Alignments: 0, Overruns: 0
Dribbles: 0, Aborts: 0
No Buffers: 0, Frame Error: 0
Output: 654 packets, 8672 bytes
Total Error: 0, Overruns: 0
Collisions: 0, Deferred: 0
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
发现协议本身为PPP协议所以不需要更改
去R5申请一个用户名认证
[R5]aaa
[R5-aaa]loc
[R5-aaa]local-user ?
STRING<1-64> User name, in form of 'user@domain'. Can use wildcard '*',
while displaying and modifying, such as *@isp,user@*,*@*.Can
not include invalid character / \ : * ? " < > | @ '
wrong-password Use wrong password to authenticate
[R5-aaa]local-user joker
^
Error:Incomplete command found at '^' position.
[R5-aaa]local-user joker ?
access-limit Set access limit of user(s)
ftp-directory Set user(s) FTP directory permitted
idle-timeout Set the timeout period for terminal user(s)
password Set password
privilege Set admin user(s) level
service-type Service types for authorized user(s)
state Activate/Block the user(s)
user-group User group
[R5-aaa]local-user joker pa
[R5-aaa]local-user joker password ?
cipher User password with cipher text
[R5-aaa]local-user joker password ci
[R5-aaa]local-user joker password cipher 123456
Info: Add a new user.
选择协议类型
[R5-aaa]
[R5-aaa]loca
[R5-aaa]local-user jo
[R5-aaa]local-user joker se
[R5-aaa]local-user joker service-type ?
8021x 802.1x user
bind Bind authentication user
ftp FTP user
http Http user
ppp PPP user
ssh SSH user
sslvpn Sslvpn user
telnet Telnet user
terminal Terminal user
web Web authentication user
x25-pad X25-pad user
[R5-aaa]local-user joker service-type ppp
[R5-aaa]
选择认证方式
[R5]int
[R5]interface s
[R5]interface Serial 3/0/0
[R5-Serial3/0/0]ppp a
[R5-Serial3/0/0]ppp authentication-mode ?
chap Enable CHAP authentication
pap Enable PAP authentication
[R5-Serial3/0/0]ppp authentication-mode pap
[R5-Serial3/0/0]
R1找R5
[R1]int s
[R1]int Serial 4/0/0
[R1-Serial4/0/0]ppp
^
Error:Incomplete command found at '^' position.
[R1-Serial4/0/0]ppp ?
authentication-mode Specify PPP authentication-mode
chap Specify CHAP parameters
ipcp Specify IPCP parameters
mp Multilink PPP
pap Specify PAP parameters
timer Specify timer
[R1-Serial4/0/0]ppp pap ?
local-user Specify user name
[R1-Serial4/0/0]ppp pap loc
[R1-Serial4/0/0]ppp pap local-user joker ?
password Specify user password
[R1-Serial4/0/0]ppp pap local-user joker pas
[R1-Serial4/0/0]ppp pap local-user joker password 123456
^
Error: Unrecognized command found at '^' position.
[R1-Serial4/0/0]ppp pap local-user joker password cip
[R1-Serial4/0/0]ppp pap local-user joker password cipher ?
STRING<1-32>/<24-56> The UNENCRYPTED/ENCRYPTED password string
[R1-Serial4/0/0]ppp pap local-user joker password cipher 123456
[R1-Serial4/0/0]
测试
[R1-Serial4/0/0]undo shu
[R1-Serial4/0/0]undo shutdown
Info: Interface Serial4/0/0 is not shutdown.
[R1-Serial4/0/0]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial4/0/0 15.0.0.1/24 up up
Serial4/0/1 unassigned down down
[R1-Serial4/0/0]ping 15.0.0.2
PING 15.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 15.0.0.2: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 15.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 15.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/40 ms
[R1-Serial4/0/0]
R2与R5之间使用PPP的chap认证,R5为主认证方
开启认证
[R5]int s 3/0/0
[R5-Serial3/0/0]int s
[R5-Serial3/0/0]int s 3/0/01
[R5-Serial3/0/1]
[R5-Serial3/0/1]int s 3/0/1
[R5-Serial3/0/1]ppp a
[R5-Serial3/0/1]ppp authentication-mode ?
chap Enable CHAP authentication
pap Enable PAP authentication
[R5-Serial3/0/1]ppp authentication-mode cha
[R5-Serial3/0/1]ppp authentication-mode chap
[R5-Serial3/0/1]
R2中提交用户名与密码
[R2]int
[R2]interface s
[R2]interface Serial 4/0/0
[R2-Serial4/0/0]ppp
[R2-Serial4/0/0]ppp ?
authentication-mode Specify PPP authentication-mode
chap Specify CHAP parameters
ipcp Specify IPCP parameters
mp Multilink PPP
pap Specify PAP parameters
timer Specify timer
[R2-Serial4/0/0]ppp cha
[R2-Serial4/0/0]ppp chap ?
password Specify user password
user Specify user name
[R2-Serial4/0/0]ppp chap pad
[R2-Serial4/0/0]ppp chap pas
[R2-Serial4/0/0]ppp chap user
[R2-Serial4/0/0]ppp chap user joker1 ?
<cr> Please press ENTER to execute command
[R2-Serial4/0/0]ppp chap user joker1
[R2-Serial4/0/0]ppp chap pas
[R2-Serial4/0/0]ppp chap password ci
[R2-Serial4/0/0]ppp chap password cipher 123456
[R2-Serial4/0/0]
测试
[R2-Serial4/0/0]un
[R2-Serial4/0/0]undo sh
[R2-Serial4/0/0]undo shutdown
Info: Interface Serial4/0/0 is not shutdown.
[R2-Serial4/0/0]ping 25.0.0.2
PING 25.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 25.0.0.2: bytes=56 Sequence=1 ttl=255 time=10 ms
Reply from 25.0.0.2: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 25.0.0.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 25.0.0.2: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 25.0.0.2: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 25.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/22/40 ms
R3与R5之间使用HDLC封装
R3中选择HDLC协议
[R3]int s
[R3]int Serial 4/0/0
[R3-Serial4/0/0]link
[R3-Serial4/0/0]link-protocol ?
fr Select FR as line protocol
hdlc Enable HDLC protocol
lapb LAPB(X.25 level 2 protocol)
ppp Point-to-Point protocol
sdlc SDLC(Synchronous Data Line Control) protocol
x25 X.25 protocol
[R3-Serial4/0/0]link-protocol hdl
[R3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
Sep 18 2022 11:54:08-08:00 R3 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed
the configuration that will change the encapsulation protocol of the link and th
en selected Y.
[R3-Serial4/0/0]
[R3-Serial4/0/0]
Sep 18 2022 11:54:08-08:00 R3 %%01PPP/4/PHYSICALDOWN(l)[1]:On the interface Seri
al4/0/0, PPP link was closed because the status of the physical layer was Down.
[R3-Serial4/0/0]
Sep 18 2022 11:54:08-08:00 R3 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP
on the interface Serial4/0/0 has entered the DOWN state.
[R3-Serial4/0/0]
Sep 18 2022 11:54:08-08:00 R3 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PPP
IPCP on the interface Serial4/0/0 has entered the DOWN state.
[R3-Serial4/0/0]
Sep 18 2022 11:54:08-08:00 R3 %%01IFPDT/4/IF_STATE(l)[4]:Interface Serial4/0/0 h
as turned into DOWN state.
[R3-Serial4/0/0]
Sep 18 2022 11:54:08-08:00 R3 %%01RM/4/IPV4_DEFT_RT_CHG(l)[5]:IPV4 default Route
is changed. (ChangeType=Delete, InstanceId=0, Protocol=Static, ExitIf=Unknown,
Nexthop=35.0.0.2, Neighbour=0.0.0.0, Preference=1006632960, Label=NULL, Metric=0
)
[R3-Serial4/0/0]
Sep 18 2022 11:54:08-08:00 R3 %%01IFPDT/4/IF_STATE(l)[6]:Interface Serial4/0/0 h
as turned into UP state.
[R3-Serial4/0/0]
Sep 18 2022 11:54:08-08:00 R3 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol IP
on the interface Serial4/0/0 has entered the UP state.
[R3-Serial4/0/0]
测试:ping不通原因:使用的封装协议不同
[R3-Serial4/0/0]q
[R3]ping 35.0.0.2
PING 35.0.0.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 35.0.0.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
更改R5 4/0/0 接口协议并测试
[R5]
[R5]int s
[R5]int Serial 4/0/0
[R5-Serial4/0/0]lin
[R5-Serial4/0/0]link-protocol ?
fr Select FR as line protocol
hdlc Enable HDLC protocol
lapb LAPB(X.25 level 2 protocol)
ppp Point-to-Point protocol
sdlc SDLC(Synchronous Data Line Control) protocol
x25 X.25 protocol
[R5-Serial4/0/0]link-protocol hdl
[R5-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
Sep 18 2022 11:57:36-08:00 R5 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed
the configuration that will change the encapsulation protocol of the link and th
en selected Y.
[R5-Serial4/0/0]
[R5-Serial4/0/0]
Sep 18 2022 11:57:36-08:00 R5 %%01IFPDT/4/IF_STATE(l)[1]:Interface Serial4/0/0 h
as turned into DOWN state.
[R5-Serial4/0/0]
Sep 18 2022 11:57:37-08:00 R5 %%01IFPDT/4/IF_STATE(l)[2]:Interface Serial4/0/0 h
as turned into UP state.
[R5-Serial4/0/0]
Sep 18 2022 11:57:37-08:00 R5 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP
on the interface Serial4/0/0 has entered the UP state.
[R5-Serial4/0/0]
R3]ping 35.0.0.2
PING 35.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 35.0.0.2: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 35.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 35.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 35.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 35.0.0.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 35.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
R1/R2/R3构建一个MGRE环境,R1为中心站点
R1配置
创建隧道接口
[R1]int
[R1]interface t
[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]
[R1-Tunnel0/0/0]
[R1-Tunnel0/0/0]ip add
[R1-Tunnel0/0/0]ip address 192.168.5.1 24
[R1-Tunnel0/0/0]
定义封装类型
[R1-Tunnel0/0/0]tu
[R1-Tunnel0/0/0]tunnel-protocol ?
gre Generic Routing Encapsulation
ipsec IPSEC Encapsulation
ipv4-ipv6 IP over IPv6 encapsulation
ipv6-ipv4 IPv6 over IP encapsulation
mpls MPLS Encapsulation
none Null Encapsulation
[R1-Tunnel0/0/0]tunnel-protocol gre
[R1-Tunnel0/0/0]tunnel-protocol gre ?
p2mp Point to multi-point GRE mode
<cr> Please press ENTER to execute command
[R1-Tunnel0/0/0]tunnel-protocol gre p2
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]
告诉封装内容
[R1-Tunnel0/0/0]so
[R1-Tunnel0/0/0]source 15.0.0.1
Sep 18 2022 12:02:41-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R1-Tunnel0/0/0]
[R1-Tunnel0/0/0]
定义目标IP地址(动态可变化借助nhrp域)
[R1-Tunnel0/0/0]nh
[R1-Tunnel0/0/0]nhrp ne
[R1-Tunnel0/0/0]nhrp network-id 100
[R1-Tunnel0/0/0]
开启伪广播
[R1-Tunnel0/0/0]nhr
[R1-Tunnel0/0/0]nhrp en
[R1-Tunnel0/0/0]nhrp entry mu
[R1-Tunnel0/0/0]nhrp entry multicast dy
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]
R2配置
<R2>sys
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]int
[R2]interface tu
[R2]interface Tunnel 0/0/0
[R2-Tunnel0/0/0]ip add
[R2-Tunnel0/0/0]ip address 192.168.5.2 24
[R2-Tunnel0/0/0]
[R2-Tunnel0/0/0]tunne
[R2-Tunnel0/0/0]tunnel-protocol g
[R2-Tunnel0/0/0]tunnel-protocol gre p
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]
[R2-Tunnel0/0/0]
[R2-Tunnel0/0/0]sou
[R2-Tunnel0/0/0]source ?
GigabitEthernet GigabitEthernet interface
NULL NULL interface
Serial Serial interface
Tunnel Tunnel interface
X.X.X.X IP address
vpn-instance Specify the vpn instance of the source
[R2-Tunnel0/0/0]source se
[R2-Tunnel0/0/0]source Serial 4/0/0
Sep 18 2022 12:07:37-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R2-Tunnel0/0/0]
向中心站点汇报
[R2-Tunnel0/0/0]nh
[R2-Tunnel0/0/0]nhrp ne
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp
[R2-Tunnel0/0/0]nhrp en
[R2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 re
[R2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
[R2-Tunnel0/0/0]
R3配置
<R3>sys
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip add
[R3-Tunnel0/0/0]ip address 192.168.5.3 24
[R3-Tunnel0/0/0]t
[R3-Tunnel0/0/0]tcp
[R3-Tunnel0/0/0]tu
[R3-Tunnel0/0/0]tunnel-protocol g
[R3-Tunnel0/0/0]tunnel-protocol gre p
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]sou
[R3-Tunnel0/0/0]source s
[R3-Tunnel0/0/0]source Serial 4/0/0
Sep 18 2022 12:11:14-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R3-Tunnel0/0/0]nhr
[R3-Tunnel0/0/0]nhrp ne
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nh
[R3-Tunnel0/0/0]nhrp e
[R3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 p
[R3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 r
[R3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
[R3-Tunnel0/0/0]
测试汇报
[R1-Tunnel0/0/0]display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.5.2 32 25.0.0.1 192.168.5.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:02:57
Expire time : 01:57:03
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.5.3 32 35.0.0.1 192.168.5.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:00:33
Expire time : 01:59:27
Number of nhrp peers: 2
[R1-Tunnel0/0/0]
R1、R4间为点到点的GRE
R1配置
创建隧道接口
[R1]int t 0/0/1
[R1-Tunnel0/0/1]ip ad
[R1-Tunnel0/0/1]ip address 192.168.6.1 24
定义封装内容
[R1-Tunnel0/0/1]tu
[R1-Tunnel0/0/1]tunnel-protocol g
[R1-Tunnel0/0/1]tunnel-protocol gre
[R1-Tunnel0/0/1]sou
[R1-Tunnel0/0/1]source ?
GigabitEthernet GigabitEthernet interface
NULL NULL interface
Serial Serial interface
Tunnel Tunnel interface
X.X.X.X IP address
[R1-Tunnel0/0/1]source 15.0.0.1
添加目标ID
[R1-Tunnel0/0/1]de
[R1-Tunnel0/0/1]destination 45.0.0.1
Sep 18 2022 12:14:34-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface Tunnel0/0/1 has entered the UP state.
[R1-Tunnel0/0/1]
[R1-Tunnel0/0/1]
R4配置
[R4]int t 0/0/0
[R4-Tunnel0/0/0]ip add
[R4-Tunnel0/0/0]ip address 192.168.6.2 24
[R4-Tunnel0/0/0]
[R4-Tunnel0/0/0]tu
[R4-Tunnel0/0/0]tunnel-protocol g
[R4-Tunnel0/0/0]tunnel-protocol gre
[R4-Tunnel0/0/0]
[R4-Tunnel0/0/0]so
[R4-Tunnel0/0/0]source 45.0.0.1
[R4-Tunnel0/0/0]
[R4-Tunnel0/0/0]de
[R4-Tunnel0/0/0]description
[R4-Tunnel0/0/0]destination 15.0.0.1
Sep 18 2022 12:18:06-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[R4-Tunnel0/0/0]
[R4-Tunnel0/0/0]
整个私有网络基于RIP全网可达
R1配置
[R1]ri
[R1]rip
[R1-rip-1]v
选择版本
[R1-rip-1]version
[R1-rip-1]version 2
宣告网段
[R1-rip-1]net
[R1-rip-1]network 192.168.1.0
[R1-rip-1]ne
[R1-rip-1]network 192.168.5.0
[R1-rip-1]ne
[R1-rip-1]network 192.168.6.0
[R1-rip-1]
R2配置
<R2>sys
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]ri
[R2]rip
[R2-rip-1]v
[R2-rip-1]version 2
[R2-rip-1]ne
[R2-rip-1]network 192.168.5.0
[R2-rip-1]ne
[R2-rip-1]network 192.168.2.0
[R2-rip-1]
R3配置
<R3>sys
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]ri
[R3]rip
[R3-rip-1]v
[R3-rip-1]version 2
[R3-rip-1] ne
[R3-rip-1]network 192.168.3.0
[R3-rip-1]net
[R3-rip-1]network 192.168.5.0
[R3-rip-1]
R4配置
[R4]ri
[R4]rip
[R4-rip-1]v
[R4-rip-1]version 2
[R4-rip-1]ne
[R4-rip-1]network 192.168.4.0
[R4-rip-1]ne
[R4-rip-1]network 192.168.6.0
[R4-rip-1]
测试
[R1]display ip routing-table po
[R1]display ip routing-table pr
[R1]display ip routing-table protocol r
[R1]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 3 Routes : 3
RIP routing table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.2.0/24 RIP 100 1 D 192.168.5.2 Tunnel0/0/0
192.168.3.0/24 RIP 100 1 D 192.168.5.3 Tunnel0/0/0
192.168.4.0/24 RIP 100 1 D 192.168.6.2 Tunnel0/0/1
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R1]
[R2]display ip ro
[R2]display ip routing-table p
[R2]display ip routing-table protocol ?
bgp Border Gateway Protocol (BGP) routes
direct Direct routes
isis IS-IS routing protocol defined by ISO
ospf Open Shortest Path First (OSPF) routes
rip Routing Information Protocol (RIP) routes
static Static routes
unr User network routes
[R2]display ip routing-table protocol ri
[R2]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 3 Routes : 3
RIP routing table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
192.168.4.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.6.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R2]
水平分割机制使得R2和R3网段信息缺失,MGRE中出现问题
解决方法:进入对应隧道接口,关闭水平分割
<R1>
<R1>sys
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]int t 0/0/0
[R1-Tunnel0/0/0]und
[R1-Tunnel0/0/0]undo ri
[R1-Tunnel0/0/0]undo rips
[R1-Tunnel0/0/0]undo rip s
[R1-Tunnel0/0/0]undo rip summary-address
[R1-Tunnel0/0/0]undo rip split-horizon
[R1-Tunnel0/0/0]
重新测试
[R3]dis
[R3]display ip r
[R3]display ip rd-filter
[R3]display ip routing-table pr
[R3]display ip routing-table protocol r
[R3]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 4 Routes : 4
RIP routing table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
192.168.2.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.4.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.6.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R3]
<R2>sys
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]dis
[R2]display ip
[R2]display ip r
[R2]display ip routing-table pr
[R2]display ip routing-table protocol ?
bgp Border Gateway Protocol (BGP) routes
direct Direct routes
isis IS-IS routing protocol defined by ISO
ospf Open Shortest Path First (OSPF) routes
rip Routing Information Protocol (RIP) routes
static Static routes
unr User network routes
[R2]display ip routing-table protocol ri
[R2]display ip routing-table protocol rip ?
inactive Inactive route information
verbose Verbose information of routing table
| Matching output
<cr> Please press ENTER to execute command
[R2]display ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 4 Routes : 4
RIP routing table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
192.168.3.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.4.0/24 RIP 100 2 D 192.168.5.1 Tunnel0/0/0
192.168.6.0/24 RIP 100 1 D 192.168.5.1 Tunnel0/0/0
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R2]
所有PC设置私有IP为源IP。可以访问R5环回
PC1配置
PC2配置
PC3配置
PC4配置
做地址转换
R1配置
<R1>
<R1>sys
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]int t 0/0/0
[R1-Tunnel0/0/0]und
[R1-Tunnel0/0/0]undo ri
[R1-Tunnel0/0/0]undo rips
[R1-Tunnel0/0/0]undo rip s
[R1-Tunnel0/0/0]undo rip summary-address
[R1-Tunnel0/0/0]undo rip split-horizon
[R1-Tunnel0/0/0]
<R1>
<R1>sys
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]acl
[R1]acl 2000
[R1-acl-basic-2000]rul
[R1-acl-basic-2000]rule pe
[R1-acl-basic-2000]rule permit so
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]
[R1-acl-basic-2000]
[R1-acl-basic-2000]q
[R1]int
[R1]interface se
[R1]interface Serial 4/0/0
[R1-Serial4/0/0]na
[R1-Serial4/0/0]nat ou
[R1-Serial4/0/0]nat outbound ?
INTEGER<2000-3999> Apply basic or advanced ACL
[R1-Serial4/0/0]nat outbound 2000
[R1-Serial4/0/0]
R2配置
[R2]
<R2>
<R2>sys
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]acl
[R2]acl 2000
[R2-acl-basic-2000]r
[R2-acl-basic-2000]reset
[R2-acl-basic-2000]return
[R2-acl-basic-2000]rule pr
[R2-acl-basic-2000]rule p
[R2-acl-basic-2000]rule permit so
[R2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R2-acl-basic-2000]
[R2-acl-basic-2000]
[R2-acl-basic-2000]q
[R2]int
[R2]interface s
[R2]interface Serial 4/0/0
[R2-Serial4/0/0]na
[R2-Serial4/0/0]nat o
[R2-Serial4/0/0]nat outbound 2000
[R2-Serial4/0/0]
R3配置
[R3]
<R3>
<R3>
<R3>
<R3>sys
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]acl
[R3]acl 2000
[R3-acl-basic-2000]ru
[R3-acl-basic-2000]rule pe
[R3-acl-basic-2000]rule permit so
[R3-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R3-acl-basic-2000]
[R3-acl-basic-2000]q
[R3]nu
[R3]na
[R3]nat o
[R3]nat overlap-address 2000
^
Error: Wrong parameter found at '^' position.
[R3]int s
[R3]int Serial 4/0/0
[R3-Serial4/0/0]na
[R3-Serial4/0/0]nat o
[R3-Serial4/0/0]nat outbound 2000
[R3-Serial4/0/0]
R4配置
<R4>
<R4>sys
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]c
[R4]system-vi
^
Error: Unrecognized command found at '^' position.
[R4]ac
[R4]acl 2000
[R4-acl-basic-2000]ru
[R4-acl-basic-2000]rule ?
INTEGER<0-4294967294> ID of ACL rule
deny Specify matched packet deny
permit Specify matched packet permit
[R4-acl-basic-2000]rule pe
[R4-acl-basic-2000]rule permit ?
fragment Check fragment packet
none-first-fragment Check the subsequence fragment packet
source Specify source address
time-range Specify a special time
vpn-instance Specify a VPN-Instance
<cr> Please press ENTER to execute command
[R4-acl-basic-2000]rule permit so
[R4-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R4-acl-basic-2000]q
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]na
[R4-GigabitEthernet0/0/0]nat ?
outbound Specify net address translation
server Specify NAT server
static Specify static NAT
[R4-GigabitEthernet0/0/0]nat ou
[R4-GigabitEthernet0/0/0]nat outbound ?
INTEGER<2000-3999> Apply basic or advanced ACL
[R4-GigabitEthernet0/0/0]nat outbound 2000
[R4-GigabitEthernet0/0/0]
测试