实验拓扑如上。
第一步:
配置相应的IP地址:
PC1:
PC2:
PC3:
PC4:
R1:
R2:
R3:
R4:
R5:
第二步:
R1和R5做PPP的PAP验证
R5为主验证方
[R5]aaa
[R5-aaa]local-user lingyou password cipher lingyou520
[R5-aaa]local-user lingyou service-type ppp
[R5-Serial4/0/1]ppp authentication-mode pap
R1为被验证方
[R1-Serial4/0/0]ppp pap local-user lingyou password cipher lingyou520
然后在R1的接口中刷shutdown和undo shutdown 重启接口,来刷新接口
ping一下验证:
第三步:
R2和R5用PPP的CHAP认证
R5为主认证方
[R5-Serial3/0/1]ppp authentication-mode chap
R2为被验证方:
[R2-Serial4/0/0]ppp chap user lingyou
[R2-Serial4/0/0]ppp chap password cipher lingyou520
然后在R2的接口中刷shutdown和undo shutdown 重启接口,来刷新接口
ping一下验证:
第四步:
R3和R5之间用HDLC封装
[R3-Serial4/0/0]link-protocol hdlc
[R5-Serial4/0/0]link-protocol hdlc
输入 [R5]display ip interface brief 检查
ping一下验证:
第五步:
使网络可以全网通
[R1]ip route-static 0.0.0.0 0 15.1.1.5 //静态的缺省路由
[R2]ip route-static 0.0.0.0 0 25.1.1.5
[R3]ip route-static 0.0.0.0 0 35.1.1.5
[R4]ip route-static 0.0.0.0 0 45.1.1.5
验证是否全网通:
第六步:
R1、2R、R3构建一个MGRE环境,R1为中心站点
R1:
[R1]int Tunnel 0/0/0 //创建隧道
[R1-Tunnel0/0/0]ip address 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp //指定隧道要使用的协议为GRE,而且点到多点
[R1-Tunnel0/0/0]source 15.1.1.1 //源地址
[R1-Tunnel0/0/0]nhrp network-id 1
R2:
[R2-Tunnel0/0/0]ip address 10.1.1.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source Serial 4/0/0 //由于私网地址会更变,所以不能指定源地址,要指定接口
[R2-Tunnel0/0/0]nhrp network-id 1
[R2-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register //向中心站点报备,自己的地址信息
R3:
[R3-Tunnel0/0/0]ip address 10.1.1.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source Serial 4/0/0
[R3-Tunnel0/0/0]nhrp network-id 1
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register
第七步:
R1和R4用点到点的GRE
R1:
[R1]int Tunnel 0/0/1
[R1-Tunnel0/0/1]ip address 10.1.2.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre //指定隧道要使用的协议为GRE,点到点
[R1-Tunnel0/0/1]source 15.1.1.1
[R1-Tunnel0/0/1]description 45.1.1.4 //私网的目标地址
R4:
[R4]int t0/0/1
[R4-Tunnel0/0/1]ip address 10.1.2.4 24
[R4-Tunnel0/0/1]tunnel-protocol gre
[R4-Tunnel0/0/1]source 45.1.1.4
[R4-Tunnel0/0/1]description 15.1.1.1 //公网的目标地址
第八步:
整个私网基本RIP全网可达
R1:
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0 //宣告接口地址
[R1-rip-1]network 10.0.0.0 //宣告隧道地址,宣告的时候要主类宣告 10.1.1.0/24和10.1.2.0/24 都在10.0.0.0
R2:
[R2]rip 1
[R2-rip-1]v 2
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 10.0.0.0
R3:
[R3]rip 1
[R3-rip-1]v 2
[R3-rip-1]network 192.168.3.0
[R3-rip-1]network 10.0.0.0
R4:
[R4]rip 1
[R4-rip-1]v 2
[R4-rip-1]network 192.168.4.0
[R4-rip-1]network 10.0.0.0
RIP宣告GRE可以都学到路由,但是MGRE不能学完,所以要开启伪广播
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]undo rip split-horizon //关闭水平分割,防止形成环路
[R2-Tunnel0/0/0]undo rip split-horizon
[R3-Tunnel0/0/0]undo rip split-horizon
查询:
第八步:
将说有PC设置为私有IP为源IP
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-Serial4/0/0]nat outbound 2000
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-Serial4/0/0]nat outbound 2000
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R3-Serial4/0/0]nat outbound 2000
[R4]acl 2000
[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[R4-GigabitEthernet0/0/0]nat outbound 2000
实验结束.