MGRE基本配置

实验需求：

实验拓扑：

实验分析：R2为ISP，只能配置ip地址，R1-R2 为HDLC封装，R2-R3为PPP封装，PAP认证，R2为主认证方；R2-R4为PPP封装，CHAP认证，R2为主认证方；R1,R2,R3构建MGRE环境,仅R1的ip地址固定，内网使用RIP获取路由，所有PC可以互相访问，并且可以访问R2的环回

实验配置：

R1:

[r1]int g0/0/1

[r1-GigabitEthernet0/0/1]int g0/0/0

[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24

[r1-GigabitEthernet0/0/0]int s4/0/0

[r1-Serial4/0/0]ip add 12.1.1.1 24

[r1]ip route-static 0.0.0.0 0 12.1.1.2

[r1]int s4/0/0

[r1-Serial4/0/0]link-protocol hdlc

[r1]int Tunnel 0/0/0

[r1-Tunnel0/0/0]ip add 10.1.1.1 24

[r1-Tunnel0/0/0]tunnel-protocol gre p2mp

[r1-Tunnel0/0/0]source 12.1.1.1

[r1-Tunnel0/0/0]nhrp entry multicast dynamic

[r1-Tunnel0/0/0]nhrp network-id 100

[r1]rip 1

[r1-rip-1]ver 2

[r1-rip-1]network 192.168.1.0

[r1-rip-1]network 10.0.0.0

[r1]int Tunnel 0/0/0

[r1-Tunnel0/0/0]undo rip split-horizon

[r1]acl 2000

[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[r1-acl-basic-2000]q

[r1]int s4/0/0

[r1-Serial4/0/0]nat outbound 2000

R2:

[ISP]int s4/0/0  

[rISP-Serial4/0/0]ip add 12.1.1.2 24

[ISP-Serial4/0/0]int s4/0/1

[ISP-Serial4/0/1]ip add 23.1.1.1 24

[ISP-Serial4/0/1]int s3/0/0

[ISP-Serial3/0/0]ip add 24.1.1.1 24

[ISP-Serial3/0/0]q

[ISP]int LoopBack 0

[ISP-LoopBack0]ip add 22.1.1.1 24

[ISP]int s4/0/0

[ISP-Serial4/0/0]link-protocol hdlc

[ISP]aaa

[ISP-aaa]local-user wl privilege level 15 password cipher 123456

[ISP-aaa]local-user wl service-type ppp

[ISP-aaa]int s4/0/1

[ISP-Serial4/0/1]ppp authentication-mode  pap

[ISP]aaa

[ISP-aaa]local-user hh privilege level 15 password cipher 123456

[ISP-aaa]local-user hh service-type ppp

[ISP-aaa]q

[ISP]int s3/0/0

[ISP-Serial3/0/0]ppp authentication-mode chap

R3:

[r3]int s4/0/0

[r3-Serial4/0/0]ip add 23.1.1.2 24

[r3-Serial4/0/0]int g0/0/0

[r3-GigabitEthernet0/0/0]ip add 192.168.2.1 24

[r3]ip route-static 0.0.0.0 0 23.1.1.1

[r3]int s4/0/0

[r3-Serial4/0/0]ppp pap local-user wl password cipher 123456

[r3]int Tunnel 0/0/0

[r3-Tunnel0/0/0]ip add 10.1.1.2 24

[r3-Tunnel0/0/0]tunnel-protocol gre p2mp          

[r3-Tunnel0/0/0]source Serial 4/0/0

[r3-Tunnel0/0/0]nhrp network-id 100

[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register

[r3]rip 1

[r3-rip-1]version 2

[r3-rip-1]network 10.0.0.0

[r3-rip-1]network 192.168.2.0

[r3]acl 2000

[r3-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255

[r3-acl-basic-2000]q

[r3]int s4/0/0

[r3-Serial4/0/0]nat outbound 2000

R4:

[r4]int s4/0/0

[r4-Serial4/0/0]ip add 24.1.1.2 24

[r4-Serial4/0/0]int g0/0/0

[r4-GigabitEthernet0/0/0]ip add 192.168.3.1 24

[r4]ip route-static 0.0.0.0 0 24.1.1.1

[r4]int s4/0/0

[r4-Serial4/0/0]ppp chap password cipher 123456

[r4-Serial4/0/0]ppp chap user hh

[r4]int Tunnel 0/0/0

[r4-Tunnel0/0/0]ip add 10.1.1.3 24

[r4-Tunnel0/0/0]tunnel-protocol gre p2mp

[r4-Tunnel0/0/0]source Serial 4/0/0

[r4-Tunnel0/0/0]nhrp network-id 100

[r4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register

[r4]rip 1

[r4-rip-1]ver 2

[r4-rip-1]network 192.168.3.0

[r4-rip-1]network 10.0.0.0

[r4]acl 2000

[r4-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255

[r4-acl-basic-2000]q

[r4]int s4/0/0

[r4-Serial4/0/0]nat outbound 2000

实验验证：