写在前面:
错误:应该先改接口类型,在配IP,否则即使起了认证,也是无效的
1.实验拓扑
2.实验要求
1)R1-R3各拥有一个环回并为私有地址,R4为ISP设备,只能进行公有IP地址配置,不能进行其他任何配置
2)R1-R3之间为MGRE环境,仅R1为固定IP地址,使用rip实现私网的全网可达
3)R2与R4间PAP认证,R4为主认证方,R3与R4间CHAP认证,R4为主认证方
3.实验分析
1)地址分配,本实验对地址没有要求,配置合理IP即可
2)写路由,即R1-R3对R4缺省路由
3)进行点对点网络的配置和认证
4)配置MGRE,并在网络内起rip协议(需关闭主站点的水平分割)
4.实验过程
1)IP地址划分及配置
R1上的IP配置及端口类型
[r1-LoopBack1]dis th
[V200R003C00]
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.0
#
[r1-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol hdlc
ip address 14.1.1.2 255.255.255.0
#
R2上的IP配置
[r2-LoopBack1]dis th
[V200R003C00]
#
interface LoopBack1
ip address 192.168.2.1 255.255.255.0
#
[r2-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
ip address 24.1.1.2 255.255.255.0
#
R3上的IP配置
[r3-LoopBack1]dis th
[V200R003C00]
#
interface LoopBack1
ip address 192.168.3.1 255.255.255.0
#
[r3-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
ip address 34.1.1.2 255.255.255.0
#
ISP上的各个接口IP配置
[isp-Serial3/0/0]dis th
[V200R003C00]
#
interface Serial3/0/0
link-protocol hdlc
ip address 14.1.1.1 255.255.255.0
#
[isp-Serial3/0/1]dis th
[V200R003C00]
#
interface Serial3/0/1
link-protocol ppp
ip address 24.1.1.1 255.255.255.0
#
[isp-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
ip address 34.1.1.1 255.255.255.0
#
2)路由
[r1]ip route-static 0.0.0.0 0 14.1.1.1
[r2]ip route-static 0.0.0.0 0 24.1.1.1
[r3]ip route-static 0.0.0.0 0 34.1.1.1
3)点对点网络之间的认证
R2与R4之间的PAP认证
[isp-Serial3/0/1]dis th
[V200R003C00]
#
interface Serial3/0/1
link-protocol ppp
ppp authentication-mode pap
ip address 24.1.1.1 255.255.255.0
#
[r2-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
ppp pap local-user yt password cipher %$%$&',i*8yq"(ptMUC|J7.6,%z#%$%$
ip address 24.1.1.2 255.255.255.0
#
R3与R4之间的CHAP认证
[isp-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 34.1.1.1 255.255.255.0
#
[r3-Serial4/0/0]dis th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
ppp chap user yt1
ppp chap password cipher %$%$E^r)LBN>h~LnA]"J*Hd~,'gq%$%$
ip address 34.1.1.2 255.255.255.0
#
4)配置MGRE
主站点R1上的配置
[r1-Tunnel0/0/0]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.1.1.1 255.255.255.0
tunnel-protocol gre p2mp
source 14.1.1.2
nhrp entry multicast dynamic
nhrp network-id 100
#
分支站点R2上的配置
[r2-Tunnel0/0/0]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.1.1.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 10.1.1.1 14.1.1.2 register
#
分支站点R3上的配置
[r3-Tunnel0/0/0]dis th
[V200R003C00]
#
interface Tunnel0/0/0
ip address 10.1.1.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 10.1.1.1 14.1.1.2 register
#
4)在MGRE内起rip协议
R1
[r1]dis current-configuration
#
rip 1
version 2
network 192.168.1.0
network 10.0.0.0
#
R2
[r2]dis current-configuration
#
rip 1
version 2
network 192.168.1.0
network 10.0.0.0
#
R3
[r3]dis current-configuration
#
rip 1
version 2
network 192.168.1.0
network 10.0.0.0
#
在R1上关闭水平分割
[r1-Tunnel0/0/0]undo rip split-horizon
5.测试
R2可ping通R3内网
<r2>ping 192.168.3.1
PING 192.168.3.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=254 time=50 ms
Reply from 192.168.3.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 192.168.3.1: bytes=56 Sequence=3 ttl=255 time=50 ms
Reply from 192.168.3.1: bytes=56 Sequence=4 ttl=255 time=50 ms
Reply from 192.168.3.1: bytes=56 Sequence=5 ttl=255 time=40 ms
6.实验总结
1)整个实验配置的模块不多,但不够熟悉
2)开始没有搞清楚Tunnel接口IP和真实IP
3)在MGRE中起任何协议,宣告的都是虚拟IP,与实际IP无关
4)速度太慢
`