一、实验拓扑
二、实验需求
1.R5为ISP,只能进行IP地址配置,其所有地址均配为公有IP地址;
2.R1和R5间使用PPP的PAP认证,R5为主认证方;
R2与R5之间使用ppp的CHAP认证,R5为主认证方;
R3与R5之间使用HDLC封装:
3.R1、R2、R3构建一个HGRE环境,R1为中心站点,R1、R4间为点到点的GRE;
4.整个私有网络基本RIP全网可达;
5.所有PC设置私有IP为源IP,可以访问RS环回,达到全网通。
三、实验思路
1.配IP地址以及环回
2.私网通(缺省路由)
3.进行R1的pap认证,R2的chap认证
4.R3和R5之间使用HDLC封装,更改串线协议
5.搭建MGRE环境,在R1上创建中心站点,开启伪广播,其他路由器当作分支站点,加入R1中心域,配置Tunnel接口的隧道协议为GRE、配置Tunnel的源地址,目的地址。
6、R1~R4配置rip v 2
7、R1~R4做nat
四、实验步骤
<r1>sys
Enter system view, return user view with Ctrl+Z.
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
Mar 29 2024 16:48:57-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]int s4/0/0
[r1-Serial4/0/0]ip add 15.1.1.1 24
[r1-Serial4/0/0]q
<r1>sys
Enter system view, return user view with Ctrl+Z.
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.2.254 24
Mar 29 2024 16:50:42-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]int s4/0/0
[r1-Serial4/0/0]ip add 25.1.1.2 24
[r1-Serial4/0/0]
<r3>sys
Enter system view, return user view with Ctrl+Z.
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 192.168.3.254 24
Mar 29 2024 16:52:22-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r3-GigabitEthernet0/0/0]int ser 4/0/0
[r3-Serial4/0/0]ip add 35.1.1.3 24
[r3-Serial4/0/0]
<r4>sys
Enter system view, return user view with Ctrl+Z.
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 45.1.1.4 24
[r4-GigabitEthernet0/0/0]
Mar 29 2024 16:54:31-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r4-GigabitEthernet0/0/0]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 192.168.4.254 24
Mar 29 2024 16:54:55-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r4-GigabitEthernet0/0/1]
[isp]int s4/0/1
[isp-Serial4/0/1]ip add 15.1.1.5 24
[isp-Serial4/0/1]
Mar 29 2024 18:44:25-08:00 isp %%01IFNET/4/LINK_STATE(l)[14]:The line protocol P
PP IPCP on the interface Serial4/0/1 has entered the UP state.
[isp-Serial4/0/1]int s3/0/1
[isp-Serial3/0/1]ip add 25.1.1.5 24
[isp-Serial3/0/1]
Mar 29 2024 18:44:48-08:00 isp %%01IFNET/4/LINK_STATE(l)[15]:The line protocol P
PP IPCP on the interface Serial3/0/1 has entered the UP state.
[isp-Serial3/0/1]int s4/0/0
[isp-Serial4/0/0]ip add 35.1.1.5 24
[isp-Serial4/0/0]
Mar 29 2024 18:45:14-08:00 isp %%01IFNET/4/LINK_STATE(l)[16]:The line protocol P
PP IPCP on the interface Serial4/0/0 has entered the UP state.
[isp-Serial4/0/0]int g0/0/0
[isp-GigabitEthernet0/0/0]ip add 45.1.1.5 24
Mar 29 2024 18:45:34-08:00 isp %%01IFNET/4/LINK_STATE(l)[17]:The line protocol I
P on the interface GigabitEthernet0/0/0 has entered the UP state.
[isp-GigabitEthernet0/0/0]
[isp-GigabitEthernet0/0/0]int l0
[isp-LoopBack0]ip add 5.5.5.5 24
[isp-LoopBack0]
[r1]ip route-static 0.0.0.0 0 15.1.1.5
[r1]
[r2]ip route-static 0.0.0.0 0 25.1.1.5
[r3]ip route-static 0.0.0.0 0 35.1.1.5
[r3]
[r4]ip route-static 0.0.0.0 0 45.1.1.5
[r1]ping 35.1.1.3
PING 35.1.1.3: 56 data bytes, press CTRL_C to break
Reply from 35.1.1.3: bytes=56 Sequence=1 ttl=254 time=160 ms
Reply from 35.1.1.3: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 35.1.1.3: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 35.1.1.3: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 35.1.1.3: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 35.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/54/160 ms
r1与r5间使用PPP的PAP认证
[isp]aaa
[isp-aaa]local u
[isp-aaa]loc
[isp-aaa]local-user r1 pass
[isp-aaa]local-user r1 password c
[isp-aaa]local-user r1 password cipher r1234
Info: Add a new user.
[isp-aaa]loc
[isp-aaa]local-user
[isp-aaa]local-user r
[isp-aaa]local-user r1 ser
[isp-aaa]local-user r1 service-type ppp
[isp-aaa]q
[isp]int ser4/0/1
[isp-Serial4/0/1]ppp au
[isp-Serial4/0/1]ppp authentication-mode p
[isp-Serial4/0/1]ppp authentication-mode pap
[isp-Serial4/0/1]
<r1>sys
Enter system view, return user view with Ctrl+Z.
[r1]int s4/0/0
[r1-Serial4/0/0]ppp pap l
[r1-Serial4/0/0]ppp pap local-user r1 p
[r1-Serial4/0/0]ppp pap local-user r1 password c
[r1-Serial4/0/0]ppp pap local-user r1 password cipher r1234
[r1-Serial4/0/0]
R2与R5之间使用ppp的CHAP认证
[isp]aaa
[isp-aaa]loc
[isp-aaa]local-user r2 pass
[isp-aaa]local-user r2 password c
[isp-aaa]local-user r2 password cipher r2345
Info: Add a new user.
[isp-aaa]loca
[isp-aaa]local-user r
[isp-aaa]local-user r1
[isp-aaa]local-user r2 se
[isp-aaa]local-user r2 service-type ppp
[isp-aaa]q
[isp]int se3/0/1
[isp-Serial3/0/1]ppp au
[isp-Serial3/0/1]ppp authentication-mode c
[isp-Serial3/0/1]ppp authentication-mode chap
[isp-Serial3/0/1]
<r2>sys
Enter system view, return user view with Ctrl+Z.
[r2]int ser4/0/0
[r2-Serial4/0/0]ppp ch
[r2-Serial4/0/0]ppp chap u
[r2-Serial4/0/0]ppp chap user r2
[r2-Serial4/0/0]ppp chap pas
[r2-Serial4/0/0]ppp chap password c
[r2-Serial4/0/0]ppp chap password cipher r2345
[r2-Serial4/0/0]
R3与R5之间使用HDLC封装
[isp-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
Mar 29 2024 19:17:43-08:00 isp %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed
the configuration that will change the encapsulation protocol of the link and t
hen selected Y.
[r3]int s4/0/0
[r3-Serial4/0/0]link
[r3-Serial4/0/0]link-protocol h
[r3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
构建HGRE环境
[r1]int t0/0/0
[r1-Tunnel0/0/0]ip add 10.1.2.1 24
[r1-Tunnel0/0/0]tun
[r1-Tunnel0/0/0]tunnel-protocol g
[r1-Tunnel0/0/0]tunnel-protocol gre p
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]so
[r1-Tunnel0/0/0]source 15.1.1.1
Mar 29 2024 20:23:34-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[r1-Tunnel0/0/0]
[r1-Tunnel0/0/0]nh
[r1-Tunnel0/0/0]nhrp n
[r1-Tunnel0/0/0]nhrp network-id 100
[r1-Tunnel0/0/0]
[r2]in t0/0/0
[r2-Tunnel0/0/0]ip add 10.1.2.2 24
[r2-Tunnel0/0/0]tu
[r2-Tunnel0/0/0]tunnel-protocol g
[r2-Tunnel0/0/0]tunnel-protocol gre p
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]so
[r2-Tunnel0/0/0]source ser
[r2-Tunnel0/0/0]source Serial 4/0/0
Mar 29 2024 20:25:34-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/0 has entered the UP state.
[r2-Tunnel0/0/0]
[r2-Tunnel0/0/0]nh
[r2-Tunnel0/0/0]nhrp n
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]
[r3]int t0/0/0
[r3-Tunnel0/0/0]ip add 10.1.2.3 24
[r3-Tunnel0/0/0]tu
[r3-Tunnel0/0/0]tunnel-protocol g
[r3-Tunnel0/0/0]tunnel-protocol gre p
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]s
[r3-Tunnel0/0/0]so
[r3-Tunnel0/0/0]source s
[r3-Tunnel0/0/0]source Serial 4/0/0
[r3-Tunnel0/0/0]nh
[r3-Tunnel0/0/0]nhrp n
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]
[r1]int t0/0/1
[r1-Tunnel0/0/1]ip
[r1-Tunnel0/0/1]ip add 10.1.1.1 24
[r1-Tunnel0/0/1]t
[r1-Tunnel0/0/1]test-aaa
[r1-Tunnel0/0/1]tun
[r1-Tunnel0/0/1]tunnel-protocol g
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]s
[r1-Tunnel0/0/1]seo
[r1-Tunnel0/0/1]so
[r1-Tunnel0/0/1]source 15.1.1.1
[r1-Tunnel0/0/1]dest
[r1-Tunnel0/0/1]destination 45.1.1.1
Mar 29 2024 20:32:26-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/1 has entered the UP state.
<r4>sys
Enter system view, return user view with Ctrl+Z.
[r4]int t0/0/1
[r4-Tunnel0/0/1]ip add 10.1.1.4 24
[r4-Tunnel0/0/1]t
[r4-Tunnel0/0/1]tcun
[r4-Tunnel0/0/1]tu
[r4-Tunnel0/0/1]tunnel-protocol g
[r4-Tunnel0/0/1]tunnel-protocol gre
[r4-Tunnel0/0/1]s
[r4-Tunnel0/0/1]so
[r4-Tunnel0/0/1]source 45.1.1.1
[r4-Tunnel0/0/1]dest
[r4-Tunnel0/0/1]destination 15.1.1.1
Mar 29 2024 20:35:00-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/1 has entered the UP state.
[r4-Tunnel0/0/1]
整个私有网络基本RIP全网可达
[r1]rip 1
[r1-rip-1]v 2
[r1-rip-1]und
[r1-rip-1]undo su
[r1-rip-1]undo summary
[r1-rip-1]net
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 10.0.0.0
[r1-rip-1]
r2,r3,r4同理
[r2]rip 1
[r2-rip-1]v 2
[r2-rip-1]undo s
[r2-rip-1]undo sum
[r2-rip-1]undo summary
[r2-rip-1]net
[r2-rip-1]network 192.168.2.0
[r2-rip-1]net
[r2-rip-1]network 10.0.0.0
[r2-rip-1]
[r3]rip 1
[r3-rip-1]v 2
[r3-rip-1]unn
[r3-rip-1]un
[r3-rip-1]undo sum
[r3-rip-1]undo summary
[r3-rip-1]net
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 10.0.0.0
[r3-rip-1]
[r4]rip 1
[r4-rip-1]v 2
[r4-rip-1]un
[r4-rip-1]undo sum
[r4-rip-1]undo summary
[r4-rip-1]ne
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 10.0.0.0
[r1]int t0/0/0
[r1-Tunnel0/0/0]nh
[r1-Tunnel0/0/0]nhrp en
[r1-Tunnel0/0/0]nhrp entry mu
[r1-Tunnel0/0/0]nhrp entry multicast d
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
[r1-Tunnel0/0/0]
[r2-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register
[r2-Tunnel0/0/0]
[r3-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register
[r3-Tunnel0/0/0]
[r1-Tunnel0/0/0]undo r
[r1-Tunnel0/0/0]undo rip sp
[r1-Tunnel0/0/0]undo rip split-horizon
[r1-Tunnel0/0/0]
[r2]int t0/0/0
[r2-Tunnel0/0/0]und
[r2-Tunnel0/0/0]undo rip sp
[r2-Tunnel0/0/0]undo rip split-horizon
[r2-Tunnel0/0/0]
[r3]int t0/0/0
[r3-Tunnel0/0/0]undo rip
[r3-Tunnel0/0/0]undo rip sp
[r3-Tunnel0/0/0]undo rip split-horizon
[r3-Tunnel0/0/0]
所有PC设置私有IP为源IP,可以访问RS环回,达到全网通
[r1]ac
[r1]acl 2
[r1]acl 20
[r1]acl 2000
[r1-acl-basic-2000]rul
[r1-acl-basic-2000]rule per
[r1-acl-basic-2000]rule permit s
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int s4/0/0
[r1-Serial4/0/0]nat o
[r1-Serial4/0/0]nat outbound 2000
[r1-Serial4/0/0]
[r2]acl 2000
[r2-acl-basic-2000]rul
[r2-acl-basic-2000]rule per
[r2-acl-basic-2000]rule permit s
[r2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]int s4/0/0
[r2-Serial4/0/0]nat
[r2-Serial4/0/0]nat o
[r2-Serial4/0/0]nat outbound 2000
[r2-Serial4/0/0]
[r3]acl 2000
[r3-acl-basic-2000]ru
[r3-acl-basic-2000]rule per
[r3-acl-basic-2000]rule permit s
[r3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[r3-acl-basic-2000]q
[r3]int s4/0/0
[r3-Serial4/0/0]nat
[r3-Serial4/0/0]nat ou
[r3-Serial4/0/0]nat outbound 2000
[r3-Serial4/0/0]
[r4]acl 2000
[r4-acl-basic-2000]rul
[r4-acl-basic-2000]rule per
[r4-acl-basic-2000]rule permit s
[r4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[r4-acl-basic-2000]
[r4-acl-basic-2000]int g0/0/0
[r4-GigabitEthernet0/0/0]na
[r4-GigabitEthernet0/0/0]nat o
[r4-GigabitEthernet0/0/0]nat outbound 2000
[r4-GigabitEthernet0/0/0]