××× 综合实验（GRE *** ，EASY ***）

 

 

 

 

 

实验要求：

1、  使用GRE *** 实现R1 R2 R3 之间互访！

2、  R1 R2 R3 的逻辑接口地址分别为 192.168.1.1   192.168.2.2     192.168.3.3

3、  使用EASY *** 使虚拟PC能够访问R1 R2 R3 中任意一台！（我访问R1）

r1#show run

!

hostname r1

!

aaa new-model

aaa authentication login mylogin local

aaa authorization network mynet local

 

no ip domain lookup

username 123 password 0 123

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco address 193.1.1.1

crypto isakmp key cisco address 194.1.1.1

!

crypto isakmp client configuration group mygroup

 key cisco

 dns 192.168.1.2

 domain cisco

 pool mypool

 acl list

!

!

crypto ipsec transform-set set esp-3des esp-sha-hmac

 mode transport

!

crypto dynamic-map dymap 1

 set transform-set set

 reverse-route

!

!

crypto map map client authentication list mylogin

crypto map map isakmp authorization list mynet

crypto map map client configuration address respond

crypto map map 10 ipsec-isakmp

 set peer 193.1.1.1

 set transform-set set

 match address list2

crypto map map 20 ipsec-isakmp

 set peer 194.1.1.1

 set transform-set set

 match address list3

crypto map map 30 ipsec-isakmp dynamic dymap

!

interface Loopback0

 ip address 192.168.1.1 255.255.255.0

!

interface Tunnel0

 ip address 10.10.12.1 255.255.255.0

 tunnel source Serial1/2

 tunnel destination 193.1.1.1

!

interface Tunnel1

 ip address 10.10.13.1 255.255.255.0

 tunnel source Serial1/2

 tunnel destination 194.1.1.1

!

interface Serial1/2

 ip address 192.1.1.1 255.255.255.0

 serial restart-delay 0

 crypto map map

!

router eigrp 10

 network 10.0.0.0

 network 192.168.1.0

 no auto-summary

!

ip local pool mypool 172.16.1.1 172.16.1.100

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial1/2

!

!

ip http server

no ip http secure-server

!

ip access-list extended list

 permit ip 192.168.1.0 0.0.0.255 any

ip access-list extended list2

 permit ip host 192.1.1.1 host 193.1.1.1

ip access-list extended list3

 permit ip host 192.1.1.1 host 194.1.1.1

 

R1路由表：

r1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

 

     172.16.0.0/32 is subnetted, 1 subnets

S       172.16.1.1 [1/0] via 195.1.1.2

     10.0.0.0/24 is subnetted, 2 subnets

C       10.10.12.0 is directly connected, Tunnel0

C       10.10.13.0 is directly connected, Tunnel1

C    192.1.1.0/24 is directly connected, Serial1/2

C    192.168.1.0/24 is directly connected, Loopback0

D    192.168.2.0/24 [90/297372416] via 10.10.12.2, 00:29:27, Tunnel0

D    192.168.3.0/24 [90/297372416] via 10.10.13.3, 00:17:23, Tunnel1

S*   0.0.0.0/0 is directly connected, Serial1/2

 

 

 

R2测试结果：

r2#ping

Protocol [ip]:

Target IP address: 192.168.1.1

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.2.2

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/45/72 ms

r2#ping 192.168.3.3 sour 192.168.2.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/60 ms

r2配置文件：

r2#show run

hostname r2

!

no ip domain lookup

!

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco address 192.1.1.1

!

!

crypto ipsec transform-set set esp-3des esp-sha-hmac

 mode transport

!

crypto map map 10 ipsec-isakmp

 set peer 192.1.1.1

 set transform-set set

 match address list2

interface Loopback0

 ip address 192.168.2.2 255.255.255.0

!

interface Tunnel0

 ip address 10.10.12.2 255.255.255.0

 tunnel source Serial1/2

 tunnel destination 192.1.1.1

!

interface Serial1/2

 ip address 193.1.1.1 255.255.255.0

 serial restart-delay 0

 crypto map map

!

router eigrp 10

 network 10.0.0.0

 network 192.168.2.0

 no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial1/2

ip access-list extended list2

 permit ip host 193.1.1.1 host 192.1.1.1

!

R2路由表：

r2#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

 

     10.0.0.0/24 is subnetted, 2 subnets

C       10.10.12.0 is directly connected, Tunnel0

D       10.10.13.0 [90/310044416] via 10.10.12.1, 00:30:34, Tunnel0

C    193.1.1.0/24 is directly connected, Serial1/2

D    192.168.1.0/24 [90/297372416] via 10.10.12.1, 00:30:34, Tunnel0

C    192.168.2.0/24 is directly connected, Loopback0

D    192.168.3.0/24 [90/310172416] via 10.10.12.1, 00:18:25, Tunnel0

S*   0.0.0.0/0 is directly connected, Serial1/2

 

 

 

 

 

R3配置文件：

r3# ping 192.168.1.1 sour 192.168.3.3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.3.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/24 ms

r3# ping 192.168.2.2 sour 192.168.3.3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:

Packet sent with a source address of 192.168.3.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/34/92 ms

r3#show run

Building configuration...

 

Current configuration : 1824 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname r3

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

!

!

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

archive

 log config

  hidekeys

!

!

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco address 192.1.1.1

!

!

crypto ipsec transform-set set esp-3des esp-sha-hmac

 mode transport

!

crypto map map 20 ipsec-isakmp

 set peer 192.1.1.1

 set transform-set set

 match address list3

!

!

!

!

!

!

!

interface Loopback0

 ip address 192.168.3.3 255.255.255.0

!

interface Tunnel0

 ip address 10.10.13.3 255.255.255.0

 tunnel source Serial1/2

 tunnel destination 192.1.1.1

!

interface Serial1/2

 ip address 194.1.1.1 255.255.255.0

 serial restart-delay 0

 crypto map map

!

router eigrp 10

 network 10.0.0.0

 network 192.168.3.0

 no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial1/2

!

!

ip http server

no ip http secure-server

!

ip access-list extended list3

 permit ip host 194.1.1.1 host 192.1.1.1

r3#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

 

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

 

     10.0.0.0/24 is subnetted, 2 subnets

D       10.10.12.0 [90/310044416] via 10.10.13.1, 00:18:53, Tunnel0

C       10.10.13.0 is directly connected, Tunnel0

D    192.168.1.0/24 [90/297372416] via 10.10.13.1, 00:18:53, Tunnel0

D    192.168.2.0/24 [90/310172416] via 10.10.13.1, 00:18:53, Tunnel0

C    194.1.1.0/24 is directly connected, Serial1/2

C    192.168.3.0/24 is directly connected, Loopback0

S*   0.0.0.0/0 is directly connected, Serial1/2

 

 

R5配置文件：

r5#show run

hostname r5

no ip domain-lookup

interface FastEthernet0/0

 ip address 195.1.1.1 255.255.255.0

 duplex auto

 speed auto

!

interface Serial1/0

 ip address 192.1.1.2 255.255.255.0

 serial restart-delay 0

!

interface Serial1/1

 ip address 193.1.1.2 255.255.255.0

 serial restart-delay 0

!

interface Serial1/2

 ip address 194.1.1.2 255.255.255.0

 serial restart-delay 0

!

虚拟机桥接PC测试结果：

 

 

转载于:https://blog.51cto.com/crystals/290145