目录
题目要求:
实验内容
配置ISP路由上的接口ip与分装认证
<Huawei>system-view
[Huawei]sysname r2
[r2]interface Serial 4/0/0
[r2-Serial4/0/0]ip add 12.1.1.2 24
[r2-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[r2-Serial4/0/0]q
[r2]interface Serial 4/0/1
[r2-Serial4/0/1]ip add 32.1.1.2 24
[r2-Serial4/0/1]ppp authentication-mode pap
[r2-Serial4/0/1]q
[r2]aaa
[r2-aaa]local-user huawei privilege level 15 password cipher 123456
[r2-aaa]local-user qq privilege level 15 password cipher 654321
[r2]aaa
[r2-aaa]local-user huawei service-type ppp
[r2-aaa]local-user qq service-type ppp
[r2-aaa]q
[r2]interface Serial 3/0/0
[r2-Serial3/0/0]ip add 42.1.1.2 24
[r2-Serial3/0/0]ppp authentication-mode chap
环回接口
[r2-LoopBack0]ip address 2.2.2.2 24
配置R1、R3、R4路由接口ip及封装认证
<Huawei>sys
[Huawei]sysname r1
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/1]q
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]ip add 12.1.1.1 24
[r1-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
<Huawei>system-view
[Huawei]sysname r3
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 192.168.2.1 24
[r3-GigabitEthernet0/0/0]q
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]ppp pap local-user huawei password cipher 123456
<Huawei>system-view
[Huawei]sysname r4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[r4-Serial4/0/0]ppp chap user qq
[r4-Serial4/0/0]ppp chap password cipher 654321
构建MGRE环境
R1
[r1]interface Tunnel 0/0/0 创建tunnel接口
[r1-Tunnel0/0/0]ip address 10.1.1.1 24 配置接口ip
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp 修改接口模式为多点模式
[r1-Tunnel0/0/0]source 12.1.1.1 定义公有的源ip地址(物理接口真实ip)
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 本地成为NHRP中心,进行伪广播
[r1-Tunnel0/0/0]nhrp network-id 100 默认为0号,该网段内所有节点tunnel接口必须为相同域
R2
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip address 10.1.1.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial 4/0/0 假设分支站点ip地址不固定
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register 分支需要到中心站点注册
R4
[r4]interface Tunnel 0/0/0
[r4-Tunnel0/0/0]ip address 10.1.1.3 24
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp
[r4-Tunnel0/0/0]source Serial 4/0/0
[r4-Tunnel0/0/0]nhrp network-id 100
[r4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
查看分支站点注册结果:
[r1-Tunnel0/0/0]display nhrp peer all
内网使用rip自动获取路由
R1
[r1]rip 1
[r1-rip-1]ver 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 10.0.0.0
R3
[r3]rip
[r3-rip-1]ver 2
[r3-rip-1]network 192.168.2.0
[r3-rip-1]network 10.0.0.0
R4
[r4]rip
[r4-rip-1]ver 2
[r4-rip-1]network 192.168.3.0
[r4-rip-1]network 10.0.0.0
关闭rip水平分隔
[r1-Tunnel0/0/0]undo rip split-horizon 关闭水平分隔后,R3、R4路由器可以通过R1路由器相互得到对应的路由,这样就达到了全网可达
查看R3的rip路由表
校验:
访问PC2的环回 --使用nat
R1
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000
R3
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r3-acl-basic-2000]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000
R4
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[r4-acl-basic-2000]int s4/0/0
[r4-Serial4/0/0]nat outbound 2000
校验: