注:要求中有串行协议所以用到串口连接,所以需要加串口
要求:
1、R5为ISP,只能进行IP地址配置;其所有地址均配有公有IP地址
2、R1和R5之间使用PPP的PAP认证,R5为主认证方;
R2与R5之间使用PPP的CHAP认证,R5为主认证方;
R3与R5之间使用HDLC封装
3、R1/R2/R3构建一个MGRE环境,R1为中心站点;R1、R4间为点到点的GRE。
4、整个私有网络基于RIP全网可达
5、所有PC设置私有IP为源IP,可以访问R5环回
配置
IP配置 :
【R1】
[r1]int s4/0/0
[r1-Serial4/0/0]ip address 15.0.0.1 24
[r1-Serial4/0/0]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
【R2】
[r2]int S4/0/0
[r2-Serial4/0/0]ip address 25.0.0.1 24
[r2-Serial4/0/0]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.2.2 24
【R3】
[r3]int s4/0/0
[r3-Serial4/0/0]ip address 35.0.0.1 24
[r3-Serial4/0/0]int g0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.3.3 24
【R4】
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip address 45.0.0.1 24
[r4-GigabitEthernet0/0/0]int g0/0/1
[r4-GigabitEthernet0/0/1]ip address 192.168.4.4 24
【R5】
[r5]int s3/0/0
[r5-Serial3/0/0]ip address 15.0.0.2 24
[r5-Serial3/0/0]int s3/0/1
[r5-Serial3/0/1]ip address 25.0.0.2 24
[r5-Serial3/0/1]int s4/0/0
[r5-Serial4/0/0]ip address 35.0.0.2 24
[r5-Serial4/0/0]int g0/0/0
[r5-GigabitEthernet0/0/0]ip address 45.0.0.2 24
[r5]int l0
[r5-LoopBack0]ip address 5.5.5.5 24
路由:
【缺省配置】
[r1]ip route-static 0.0.0.0 0 15.0.0.2
[r2]ip route-static 0.0.0.0 0 25.0.0.2
[r3]ip route-static 0.0.0.0 0 35.0.0.2
[r4]ip route-static 0.0.0.0 0 45.0.0.2
认证:
【华为默认认证为ppp】
【R1和R5之间pap认证】
【认证方】
[r5]aaa
[r5-aaa]local-user admin password cipher 123456
[r5-aaa]local-user admin service-type ppp
[r5-aaa]int s3/0/0
[r5-Serial3/0/0]ppp authentication-mode pap
【被认证方】
[r1]int s4/0/0
[r1-Serial4/0/0]ppp pap local-user admin password cipher 123456
【验证】
[r1-Serial4/0/0]shutdown
[r1-Serial4/0/0]undo shutdown
[r1-Serial4/0/0]ping 15.0.0.2
PING 15.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 15.0.0.2: bytes=56 Sequence=1 ttl=255 time=140 ms
Reply from 15.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 15.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 15.0.0.2: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 15.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms
【R2和R5之间chap认证】
【主认证】
[r5]int s3/0/1
[r5-Serial3/0/1]ppp authentication-mode chap
【被认证】
[r2]int s4/0/0
[r2-Serial4/0/0]ppp chap ?
password Specify user password 【注意这里提示后面跟两行】
user Specify user name
[r2-Serial4/0/0]ppp chap user admin
[r2-Serial4/0/0]ppp chap password cipher 123456
【验证同上】
【R3和R5之间使用hdlc封装】
[r3]int s4/0/0
[r3-Serial4/0/0]link-protocol ?
fr Select FR as line protocol
hdlc Enable HDLC protocol
lapb LAPB(X.25 level 2 protocol)
ppp Point-to-Point protocol
sdlc SDLC(Synchronous Data Line Control) protocol
x25 X.25 protocol
[r3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
【验证R3这边的口封装协议】
[r3]display interface Serial4/0/0
Serial4/0/0 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, AR Series, Serial4/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 35.0.0.1/24
Link layer protocol is nonstandard HDLC 【在这】
Last physical up time : 2022-04-09 19:02:44 UTC-08:00
Last physical down time : 2022-04-09 19:02:43 UTC-08:00
Current system time: 2022-04-09 19:12:22-08:00
Physical layer is synchronous, Virtualbaudrate is 64000 bps
Interface is DTE, Cable type is V11, Clock mode is TC
Last 300 seconds input rate 5 bytes/sec 40 bits/sec 0 packets/sec
Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec
Input: 1042 packets, 33792 bytes
Broadcast: 0, Multicast: 0
Errors: 0, Runts: 0
Giants: 0, CRC: 0
Alignments: 0, Overruns: 0
Dribbles: 0, Aborts: 0
No Buffers: 0, Frame Error: 0
Output: 1025 packets, 12902 bytes
【R5】
[r5]int s4/0/0
[r5-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
【验证】
[r5-Serial4/0/0]ping 35.0.0.1
PING 35.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 35.0.0.1: bytes=56 Sequence=1 ttl=255 time=250 ms
Reply from 35.0.0.1: bytes=56 Sequence=2 ttl=255 time=50 ms
Reply from 35.0.0.1: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 35.0.0.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 35.0.0.1: bytes=56 Sequence=5 ttl=255 time=50 ms
3、R1/R2/R3构建一个MGRE环境,R1为中心站点;
[r1]int t0/0/0
[r1-Tunnel0/0/0]ip address 192.168.5.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp 【选择封装类型】
[r1-Tunnel0/0/0]source 15.0.0.1【中心ip】
[r1-Tunnel0/0/0]nhrp network-id 100
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 【伪广播】
[r2]int t0/0/0
[r2-Tunnel0/0/0]ip address 192.168.5.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source s4/0/0
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
[r3]int t0/0/0
[r3-Tunnel0/0/0]ip address 192.168.5.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source s4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
【验证】
[r1]display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.5.2 32 25.0.0.1 192.168.5.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:22:42
Expire time : 01:37:18
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.5.3 32 35.0.0.1 192.168.5.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:01:16
Expire time : 01:58:44
Number of nhrp peers: 2
R1、R4间为点到点的GRE。
[r1]int t0/0/1
[r1-Tunnel0/0/1]ip address 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 15.0.0.1
[r1-Tunnel0/0/1]description 45.0.0.1
[r4]int t0/0/0
[r4-Tunnel0/0/0]ip address 192.168.6.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.1
[r4-Tunnel0/0/0]description 15.0.0.1
【复习】:现在还通不了,要写条静态,目标IP写刚刚配好的虚的就行
4、整个私有网络基于RIP全网可达
【全宣告即可】
[r1]rip
[r1-rip-1]v 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 192.168.5.0
[r1-rip-1]network 192.168.6.0
【要注意rip的水平分割,这里关掉】
[r1-tunnel0/0/0]undo rip split-horizon
5、所有PC设置私有IP为源IP,可以访问R5环回
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000