目录
实验内容
实验要求
1、R5为ISP,只能进行IP地址配置,其所有地址均配为公有IP地址。
2、R1和R5间使用PPP的PAP认证,R5为主认证方;R2于R5之间使用PPP的CHAP认证,R5为主认证方;R3于R5之间使用HDLC封装。
3、R1/R2/R3构建一个MGRE环境,R1为中心站点;R1、R4间为点到点的GRE。
4、整个私有网络基于RIP全网可达。
5、所有PC设置私有IP为源IP,可以访问R5环回。
实验步骤
配置IP地址
PC1:192.168.1.2/24
PC2:192.168.2.2/24
PC3:192.168.3.2/24
PC4:192.168.4.2/24
R1-0/0/0接口:192.168.1.1/24、R1-4/0/0接口:15.0.0.1/24
R2-0/0/0接口:192.168.2.1/24、R2-4/0/0接口:25.0.0.1/24
R3-0/0/0接口:192.168.3.1/24、R2-4/0/0接口:35.0.0.1/24
R4-0/0/0接口:45.0.0.1/24、R4-0/0/1接口:192.168.4.1/24
ISP-3/0/0接口:15.0.0.2/24、ISP-3/0/1接口:25.0.0.2/24、
ISP-4/0/0接口:35.0.0.2/24、ISP-0/0/0接口:45.0.0.2/24
ISP环回接口:5.5.5.5/24
配置缺省路由信息
R1:
[r1]ip route-static 0.0.0.0 0 15.0.0.2
R2:
[r2]ip route-static 0.0.0.0 0 25.0.0.2
R3:
[r3]ip route-static 0.0.0.0 0 35.0.0.2
R4:
[r4]ip route-static 0.0.0.0 0 45.0.0.2
PAP认证
主认证方ISP:
[ISP]aaa
[ISP-aaa]loc
[ISP-aaa]local-user r1 password cipher 123456
Info: Add a new user.
[ISP-aaa]loc
[ISP-aaa]local-user r1 service-type ppp
[ISP-aaa]q
[ISP]
[ISP]int s3/0/0
[ISP-Serial3/0/0]ppp authentication-mode pap
被认证方R1:
[r1]int s 4/0/0
[r1-Serial4/0/0]ppp pap local-user r1 password cipher 123456
验证:
[r1]int s 4/0/0
[r1-Serial4/0/0]shutdown
[r1-Serial4/0/0]undo shutdown
[r1-Serial4/0/0]ping 15.0.0.2
PING 15.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 15.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 15.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 15.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 15.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/30/50 ms
CHAP认证
认证方ISP配置:
[ISP]aaa
[ISP-aaa]local-user r2 password cipher 123456
Info: Add a new user.
[ISP-aaa]local-user r2 password cipher 123456
[ISP-aaa]q
[ISP]
[ISP]int s 3/0/1
[ISP-Serial3/0/1]ppp authentication-mode chap
被认证方R2配置:
[r2]int s 4/0/0
[r2-Serial4/0/0]
[r2-Serial4/0/0]ppp chap user r2
[r2-Serial4/0/0]
[r2-Serial4/0/0]ppp chap password cipher 123456
验证:
[r2-Serial4/0/0]shutdown
[r2-Serial4/0/0]undo shutdown
[r2]ping 25.0.0.2
PING 25.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 25.0.0.2: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 25.0.0.2: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 25.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 25.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 25.0.0.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 25.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/32/40 ms
HDLC封装
R3配置:
[r3]int s 4/0/0
[r3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
ISP配置:
[ISP]int s 4/0/0
[ISP-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
验证:
[r3]ping 35.0.0.2
PING 35.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 35.0.0.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 35.0.0.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 35.0.0.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 35.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 35.0.0.2: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 35.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/18/30 ms
R1/R2/R3构建一个MGRE环境
中心站点R1:
[r1]int t 0/0/0 //创建0/0/0虚拟接口
[r1-Tunnel0/0/0]ip add 192.168.5.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp //选择GRE中的P2MP封装类型
[r1-Tunnel0/0/0]source 15.0.0.1 //定义源IP地址
[r1-Tunnel0/0/0]
[r1-Tunnel0/0/0]nhrp network-id 100 //创建一个域
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
分支站点R2:
[r2]int t 0/0/0
[r2-Tunnel0/0/0]ip add 192.168.5.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source Serial 4/0/0
[r2-Tunnel0/0/0]
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register //找中心站点注册
分支站点R3:
[r3]int t 0/0/0
[r3-Tunnel0/0/0]ip add 192.168.5.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial 4/0/0
[r3-Tunnel0/0/0]
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
R1、R4构建GRE环境
R1:
[r1]int t 0/0/1
[r1-Tunnel0/0/1]ip add 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 15.0.0.1
[r1-Tunnel0/0/1]destination 45.0.0.1 //定义目标IP地址
R4:
[r4]int t 0/0/1
[r4-Tunnel0/0/1]ip add 192.168.6.2 24
[r4-Tunnel0/0/1]tunnel-protocol gre
[r4-Tunnel0/0/1]source 45.0.0.1
[r4-Tunnel0/0/1]destination 15.0.0.1
开启RIP并宣告
R1:
[r1]rip
[r1-rip-1]v 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 192.168.5.0
[r1-rip-1]network 192.168.6.0
R2:
[r2]rip
[r2-rip-1]v 2
[r2-rip-1]network 192.168.2.0
[r2-rip-1]network 192.168.5.0
R3:
[r3]rip
[r3-rip-1]v 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 192.168.5.0
R4:
[r4]rip
[r4-rip-1]v 2
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 192.168.6.0
所有PC设备设置私有IP,并访问R5的环回
R1:
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int s 4/0/0
[r1-Serial4/0/0]nat outbound 2000