文章目录
一、实验拓扑
二、实验需求
1、R5为ISP,只能进行IP地址配置,其所有地址均为公有IP地址;
2、R1和R5间使用ppp的PAP认证,R5为主认证方;
R2与R5之间使用ppp的chap认证,R5为主认证方;
R3与R5之间使用HDLC封装;
3、R1、R2、R3构建一个MGRE环境,R1为中心站点,R1、R4间为点到点的GRE;
4、整个私有网络基本RIP全网可达;
5、所有PC设置私有IP为源IP,可以访问R5环回
三、实验思路
1、配置IP地址
2、配置R1与R5间使用ppp的PAP认证
3、配置R2与R5间使用ppp的chap认证
4、配置R3与R5之间使用HDLC封装
5、配置R1、R2、R3构建一个MGRE环境
6、配置R1、R4间为点到点的GRE环境
7、配置RIP动态路由实现全网可达
8、使PC可以访问R5环回
四、实验步骤
1、配置IP地址
IP地址分配如拓扑图所示
[R1-GigabitEthernet0/0/0]ip address 192.168.1.2 24
[R1-Serial4/0/0]ip address 15.1.1.1 24
[R1]ip route-static 0.0.0.0 0 15.1.1.5
[R2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[R2-Serial4/0/0]ip address 25.1.1.2 24
[R2]ip route-static 0.0.0.0 0 25.1.1.5
[R3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[R3-Serial4/0/0]ip address 35.1.1.3 24
[R3]ip route-static 0.0.0.0 0 35.1.1.5
[R4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[R4-GigabitEthernet0/0/0]ip address 45.1.1.4 24
[R4]ip route-static 0.0.0.0 0 45.1.1.5
[R5-GigabitEthernet0/0/0]ip address 45.1.1.5 24
[R5-Serial3/0/1]ip address 15.1.1.5 24
[R5-Serial3/0/0]ip address 25.1.1.5 24
[R5-Serial4/0/0]ip address 35.1.1.5 24
[R5-LoopBack0]ip address 5.5.5.1 24
2、R1与R5间的PAP认证
[R5]aaa
[R5-aaa]local-user AAA password cipher 123456 privilege level 15
[R5-aaa]local-user AAA service-type ppp
[R5-Serial3/0/1]ppp authentication-mode pap
[R1-Serial4/0/0]ppp pap local-user AAA password cipher 123456
通过shutdown和undo shutdown重启R1的S4/0/0接口进行测试
认证成功
3、R2与R5间的chap认证
[R5]aaa
[R5-aaa]local-user BBB password cipher 456789 privilege level 15
[R5-aaa]local-user BBB service-type ppp
[R5-Serial3/0/0]ppp authentication-mode chap
[R2-Serial4/0/0]ppp chap user BBB
[R2-Serial4/0/0]ppp chap password cipher 456789
通过重启接口进行测试
认证成功
4、R3与R5间使用HDLC封装
[R5-Serial4/0/0]link-protocol hdlc
[R3-Serial4/0/0]link-protocol hdlc
通过display this进行验证
5、VPN配置
R1、R2、R3构建一个MGRE环境
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 10.1.2.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 15.1.1.1
[R1-Tunnel0/0/0]nhrp network-id 100
[R2]int t0/0/0
[R2-Tunnel0/0/0]ip address 10.1.2.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source s4/0/0
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register
[R3]int t0/0/0
[R3-Tunnel0/0/0]ip address 10.1.2.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source s4/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register
通过dis nhrp peer all命令来检查R2和R3是否在R1上注册成功
注册成功
R1、R4构建点到点的GRE
[R1]int t0/0/1
[R1-Tunnel0/0/1]ip address 10.1.1.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre
[R1-Tunnel0/0/1]source 15.1.1.1
[R1-Tunnel0/0/1]destination 45.1.1.4
[R4]int t0/0/1
[R4-Tunnel0/0/1]ip address 10.1.1.2 24
[R4-Tunnel0/0/1]tunnel-protocol gre
[R4-Tunnel0/0/1]source 45.1.1.4
[R4-Tunnel0/0/1]destination 15.1.1.1
测试能否ping通
成功ping通
6、RIP配置
[R1]rip 1
[R1-rip-1]undo summary
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 10.0.0.0
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]undo rip split-horizon
[R2]rip 1
[R2-rip-1]undo summary
[R2-rip-1]version 2
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 10.0.0.0
[R3]rip 1
[R3-rip-1]undo summary
[R3-rip-1]version 2
[R3-rip-1]network 192.168.2.0
[R3-rip-1]network 10.0.0.0
[R4]rip 1
[R4-rip-1]undo summary
[R4-rip-1]version 2
[R4-rip-1]network 192.168.2.0
[R4-rip-1]network 10.0.0.0
检查路由表
测试全网可达
7、配置PC访问R5环回
[R5]ip route-static 0.0.0.0 0 15.1.1.1
[R5]ip route-static 0.0.0.0 0 25.1.1.2
[R5]ip route-static 0.0.0.0 0 35.1.1.3
[R5]ip route-static 0.0.0.0 0 45.1.1.4
测试PC访问R5环回
成功ping通