先配置ip
2 配置r1 r2 r3 r4的缺省路由指向r5
r1和r5之间使用ppp的pap认证:
先查看r1和r5的接口类型:
[r1]display interface Serial 4/0/0
[isp]display interface Serial3/0/0
认证方pap配置:
[isp]aaa
[isp-aaa]local-user admin password cipher 123456
[isp-aaa]local-user admin service-type ppp [isp]int s3/0/0
[isp-Serial3/0/0]ppp authentication-mode pap [isp-Serial3/0/0]
被认证方:
[r1-Serial4/0/0]ppp pap local-user admin password cipher 123456
r2和r5使用ppp的chap认证:
认证方:
[r2-aaa]local-user admin password cipher 123456
[r2-aaa]local-useradmin service-type ppp
[r2]int s4/0/0
[r2-Serial4/0/0]ppp authentication-mode chap
被认证方:
[isp-Serial3/0/1]ppp chap user admin [isp-Serial3/0/1]ppp chap
password cipher 123456
注意:这里认证方与被认证方做反了,见谅
r3和r5之间使用hdlc进行封装:
查看r3接口的封装类型
[r3]display interface s4/0/0
此时r3是ppp认证,需要将其改为hdlc认证:
[r3-Serial4/0/0]link-protocol hdlc
r1r2r3构建一个mgre环境,其中r1为中心站点
中心配置:
[r1-Tunnel0/0/0]ip address 192.168.5.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source15.0.0.1
[r1-Tunnel0/0/0]nhrp network-id 100
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 开启中心站点的伪广播
分支站点的配置:
r2:
[r2-Tunnel0/0/0]ip address 192.168.5.3 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp [r2-Tunnel0/0/0]source s4/0/0
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry192.168.5.1 15.0.0.1 register
r3:
[r3-Tunnel0/0/0]ip address 192.168.5.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1register
r1r4构建点到点的gre环境:
[r1]interface t0/0/1
[r1-Tunnel0/0/1]ip address 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 15.0.0.1
[r1-Tunnel0/0/1]description 45.0.0.1
[r4]int t0/0/1
[r4-Tunnel0/0/1]ip address 192.168.6.2 24
[r4-Tunnel0/0/1]tunnel-protocol gre
[r4-Tunnel0/0/1]source 45.0.0.1
[r4-Tunnel0/0/1]description 15.0.0.1
基于全网可达
使用rip协议:
[r1]rip
[r1-rip-1]v 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 192.168.5.0
[r1-rip-1]network 192.168.6.0
(r2,r3,r4同理)
rip的水平分割会导致,分站点只能收到中心站点的路由信息,不能收到其他分站点的路由信息,所以需要关闭rip的水平分割:
[r1-Tunnel0/0/0]undo rip split-horizon
所有pc设置私有IP为源ip,可以访问r5的环回
配置nat:
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-Serial4/0/0]nat outbound 2000