实验拓展图如下:
1.R3为ISP,只能进行IP地址配置,其所有地址均为公有IP地址
IP地址规划
[R1]interface Ethernet 0/0/0
[R1-Ethernet0/0/0]ip add 192.168.1.2 24
[R1-Ethernet0/0/0]int s 4/0/0
[R1-Serial4/0/0]ip add 1.1.0.1 24[R4]interface Ethernet 0/0/0
[R4-Ethernet0/0/0]ip add 192.168.2.2 24
[R4-Ethernet0/0/0]int s 4/0/0
[R4-Serial4/0/0]ip add 2.2.0.1 24
[R5]int Ethernet 0/0/0
[R5-Ethernet0/0/0]ip add 192.168.3.2 24
[R5-Ethernet0/0/0]int s 4/0/0
[R5-Serial4/0/0]ip add 3.3.0.1 24
[R2]int Ethernet 0/0/0
[R2-Ethernet0/0/0]ip add 192.168.4.2 24
[R2-Ethernet0/0/0]int g0/0/1
[R2-Ethernet0/0/1]ip add 4.4.0.1 24
[ISP]int Ethernet 0/0/0
[ISP-Ethernet0/0/0]ip add 4.4.0.2 24
[ISP-Ethernet0/0/0]int s 3/0/0
[ISP-Serial3/0/0]ip add 1.1.0.2 24
[ISP-Serial3/0/0]int s 3/0/1
[ISP-Serial3/0/1]ip add 2.2.0.2 24
[ISP-Serial3/0/1]int s 4/0/0
[ISP-Serial4/0/0]ip add 3.3.0.2 24[ISP]interface loopback1
[ISP-LoopBack1]ip add 5.5.5.1 24配置缺省路由
[R1]ip route-static 0.0.0.0 0 1.1.0.2
[R2]ip route-static 0.0.0.0 0 2.2.0.2
[R3]ip route-static 0.0.0.0 0 3.3.0.2
[R4]ip route-static 0.0.0.0 0 4.4.0.2
2.R1和R3之间使用ppp的pAP认址,R3为主认证方;R4与R3之间使用ppp的chap认证,R3为主认证方;R5与R3之间使用HDLC封装。
[ISP]aaa
[ISP-aaa]local-user admin password cipher 012345
[ISP-aaa]local-user admin service-type ppp
[ISP-aaa]int s 3/0/0
[ISP-Serial3/0/0]ppp authentication-mode pap
[r1-Serial4/0/0]ppp pap local-user admin password cipher 012345
[ISP-Serial3/0/0]shutdown
[ISP-Serial3/0/0]undo shutdown
[ISP-Serial3/0/0]ping 2.2.0.2
(使用ping命令可以ping说明认证成功)
[ISP]aaa
[ISP-aaa]local-user admin password cipher 12345
[ISP-aaa]local-user admin service-type ppp
[ISP-aaa]q
[ISP]int s 3/0/1
[ISP-Serial3/0/1]ppp authentication-mode chap
[R4-Serial4/0/0]ppp chap user admin
[R4-Serial4/0/0]ppp chap password cipher 12345[R5-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[ISP-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
3.R1/R4/R5构建一个MGRE环境,R1为中心站点;R1、R2间为点到点的GRE。
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip add 192.168.5.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 1.1.0.1
[R1-Tunnel0/0/0]nhrp network-id 100
[R4]int Tunnel 0/0/0
[R4-Tunnel0/0/0]ip add 192.168.5.2 24
[R4-Tunnel0/0/0]tunnel-protocol gre p2mp
[R4-Tunnel0/0/0]nhrp network-id 100
[R4-Tunnel0/0/0]nhrp entry 192.168.5.1 1.1.0.1R3与R1R4一样的命令操作
[r1]int Tunnel 0/0/1
[r1-Tunnel0/0/1]ip add 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 1.1.0.1
[r1-Tunnel0/0/1]description 4.4.0.1
4.整个私有网络基于RIP全网可达
[R1]rip
[R1-rip-1]v 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 192.168.5.0
[R1-rip-1]network 192.168.6.0R2R4R5与R1一样的命令操作
5.所有Pc设置私有Ip为源卫,可以访问R3环回
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int s 4/0/0
[R1-Serial4/0/0]nat outbound 2000
[R1-Serial4/0/0]
R5 R2与R1操作相同,就可以访问R3环回