华为MGRE

目录

题目要求：​

 实验内容

配置ISP路由上的接口ip与分装认证

配置R1、R3、R4路由接口ip及封装认证

构建MGRE环境

内网使用rip自动获取路由

访问PC2的环回 --使用nat

---

题目要求：

 实验内容

配置ISP路由上的接口ip与分装认证

<Huawei>system-view 
[Huawei]sysname r2
[r2]interface Serial 4/0/0    
[r2-Serial4/0/0]ip add 12.1.1.2 24
[r2-Serial4/0/0]link-protocol hdlc 
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[r2-Serial4/0/0]q 
[r2]interface Serial 4/0/1
[r2-Serial4/0/1]ip add 32.1.1.2 24
[r2-Serial4/0/1]ppp authentication-mode pap
[r2-Serial4/0/1]q
[r2]aaa
[r2-aaa]local-user huawei privilege level 15 password cipher 123456
[r2-aaa]local-user qq privilege level 15 password cipher 654321
[r2]aaa
[r2-aaa]local-user huawei service-type ppp
[r2-aaa]local-user qq service-type ppp
[r2-aaa]q  
[r2]interface Serial 3/0/0
[r2-Serial3/0/0]ip add 42.1.1.2 24
[r2-Serial3/0/0]ppp authentication-mode chap

环回接口
[r2-LoopBack0]ip address 2.2.2.2 24

配置R1、R3、R4路由接口ip及封装认证

<Huawei>sys
[Huawei]sysname r1
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/1]q
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]ip add 12.1.1.1 24
[r1-Serial4/0/0]link-protocol hdlc 
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y

<Huawei>system-view 
[Huawei]sysname r3
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 192.168.2.1 24
[r3-GigabitEthernet0/0/0]q  
[r3]interface Serial 4/0/0  
[r3-Serial4/0/0]ppp pap local-user huawei password cipher 123456

<Huawei>system-view 
[Huawei]sysname r4  
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[r4-Serial4/0/0]ppp chap user qq
[r4-Serial4/0/0]ppp chap password cipher 654321

构建MGRE环境

R1
[r1]interface Tunnel 0/0/0                                创建tunnel接口        
[r1-Tunnel0/0/0]ip address 10.1.1.1 24                配置接口ip
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp                修改接口模式为多点模式
[r1-Tunnel0/0/0]source 12.1.1.1                                定义公有的源ip地址（物理接口真实ip）
[r1-Tunnel0/0/0]nhrp entry multicast dynamic           本地成为NHRP中心，进行伪广播
[r1-Tunnel0/0/0]nhrp network-id 100                        默认为0号，该网段内所有节点tunnel接口必须为相同域
 

R2
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip address 10.1.1.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp        
[r3-Tunnel0/0/0]source Serial 4/0/0                假设分支站点ip地址不固定
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register         分支需要到中心站点注册

R4
[r4]interface Tunnel 0/0/0
[r4-Tunnel0/0/0]ip address 10.1.1.3 24
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp              
[r4-Tunnel0/0/0]source Serial 4/0/0 
[r4-Tunnel0/0/0]nhrp network-id 100
[r4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register 

查看分支站点注册结果：
[r1-Tunnel0/0/0]display nhrp peer all

内网使用rip自动获取路由

R1
[r1]rip  1
[r1-rip-1]ver 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 10.0.0.0

R3
[r3]rip
[r3-rip-1]ver 2
[r3-rip-1]network 192.168.2.0
[r3-rip-1]network 10.0.0.0

R4
[r4]rip
[r4-rip-1]ver 2
[r4-rip-1]network 192.168.3.0
[r4-rip-1]network 10.0.0.0

关闭rip水平分隔
[r1-Tunnel0/0/0]undo rip split-horizon                关闭水平分隔后，R3、R4路由器可以通过R1路由器相互得到对应的路由，这样就达到了全网可达

查看R3的rip路由表

校验：
 

访问PC2的环回 --使用nat

R1
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000

R3
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r3-acl-basic-2000]int s4/0/0     
[r3-Serial4/0/0]nat outbound 2000

R4
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[r4-acl-basic-2000]int s4/0/0
[r4-Serial4/0/0]nat outbound 2000

校验：