目录
要求
1.R2为ISP,其上只能配置IP地址
2.R1-R2之间为HDLC封装
3. R2- R3之间为PPP封装,pap认证,R2为主认证方
4.R2-R4之间为PPP封装,chap认证,R2为主认证方
5.R1、R3、R4构建MGRE环境,仅R1 IP地址固定
6.内网使用RIP获取路由,所有PC可以互相访问,并且可访问R2的环回。
分析
1、首先要达到公网全网可达,还需要在R1,R3,R4配置缺省路由,下一跳为R2
2、R1、R3、R4构建MGRE环境,需要在同一网段
3、ppp认证,可以在不同网段
4、要ping通环回,还需要做NAT
建立拓扑结构图
配置
1.配置IP地址
R1
<Huawei>sys
[Huawei]sysn r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.2 24
[r1-GigabitEthernet0/0/0]int s4/0/0
[r1-Serial4/0/0]ip add 12.1.1.1 24R2
<Huawei>sys
[Huawei]sysn ISP
[ISP]int int s4/0/0
[ISP-Serial4/0/0]ip add 12.1.1.2 24[ISP-Serial4/0/0]int s3/0/0
[ISP-Serial3/0/0]ip add 12.1.2.1 24
[ISP-Serial3/0/0]int s3/0/1
[ISP-Serial3/0/1]ip add 12.1.3.1 24
[ISP-Serial3/0/1]q
[ISP]int LoopBack 0
[ISP-LoopBack0]ip add 200.1.1.1 24 //回环地址R3
<Huawei>sys
[Huawei]sysn r3
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 192.168.1.2 24
[r3-GigabitEthernet0/0/1]int s4/0/0
[r3-Serial4/0/0]ip add 12.1.5.2 24R4
<Huawei>sys
[Huawei]sysn r4
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 192.168.2.2 24
[r4-GigabitEthernet0/0/1]int s4/0/0
[r4-Serial4/0/0]ip add 12.1.4.2 24PC1
PC2
PC3
2.HDLC配置
R1
[r1]int s4/0/0
[r1-Serial4/0/0]link-protocol hdlcR2
[ISP]int s4/0/0
[ISP-Serial4/0/0]link-protocol hdlc
3.PAP配置
R2
<ISP>sys
[ISP]aaa
[ISP-aaa]local-user abc privilege level 15 password cipher 123456[ISP-aaa]local-user abc service-type ppp
[ISP-aaa]q
[ISP]int s3/0/0
[ISP-Serial3/0/0]ppp authentication-mode papR4
[r4]interface s4/0/0
[r4-Serial4/0/0]ppp pap local-user abc password cipher 123456
4.CHAP配置
R2
[ISP-Serial3/0/1]q
[ISP]aaa
[ISP-aaa]local-user abcc privilege level 15 password cipher 654321[ISP-aaa]local-user abcc service-type ppp
[ISP-aaa]q
[ISP]int s3/0/1
[ISP-Serial3/0/1]ppp authentication-mode chapR3
[r3]int s4/0/0
[r3-Serial4/0/0]ppp chap password cipher 654321
[r3-Serial4/0/0]ppp chap user abcc
5.配置缺省路由
R1
[r1]ip route-static 0.0.0.0 0 12.1.1.2
R3
[r3]ip route-static 0.0.0.0 0 12.1.3.1
R4
[r4]ip route-static 0.0.0.0 0 12.1.2.1
6.MGRE配置
R1
[r1]int Tunnel 0/0/0 //创建tunnel口
[r1-Tunnel0/0/0]ip add 25.1.1.1 24 //配置接口ip地址
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp // 先修改接口模式为多点GRE
[r1-Tunnel0/0/0]source 12.1.1.1 公有的源IP地址
[r1-Tunnel0/0/0]nhrp entry multicast dynamic // 本地成为NHRP中心,同时可以进行伪广播
[r1-Tunnel0/0/0]nhrp network-id 100 // 默认为0号,该网段内所有节点tunnel接口必须为相同域[r1-Tunnel0/0/0]undo rip split-horizon //因为R4,R3向R1共享路由信息时,会水平分割,比如r4告诉了自己的路由信息,r1没法再通过改接口告诉自己的路由,所以需要关闭水平分割
R3
[r3]int Tunnel 0/0/0
[r3-Tunnel0/0/0]ip add 25.1.1.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source s4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 25.1.1.1 12.1.1.1 register //注册R4
[r4]int Tunnel 0/0/0
[r4-Tunnel0/0/0]ip add 25.1.1.3 24
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp
[r4-Tunnel0/0/0]source s4/0/0
[r4-Tunnel0/0/0]nhrp network-id 100
[r4-Tunnel0/0/0]nhrp entry 25.1.1.1 12.1.1.1 register
7.RIP配置
R1
[r1-Tunnel0/0/0]rip
[r1-rip-1]version 2
[r1-rip-1]network 25.0.0.0[r1-rip-1]network 192.168.1.0
R3
<r3>sys
[r3]rip
[r3-rip-1]version 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 25.0.0.0R4
[r4-Tunnel0/0/0]rip
[r4-rip-1]version 2
[r4-rip-1]network 192.168.2.0
[r4-rip-1]network 25.0.0.0
8.NAT配置
R1
[r1]acl 2000
[r1-acl-basic-2000]rule permit source any
[r1-acl-basic-2000]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000R3
[r3]acl 2000
[r3-acl-basic-2000]rule permit source any
[r3-acl-basic-2000]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000R4
[r4]acl 2000
[r4-acl-basic-2000]rule permit source any
[r4-acl-basic-2000]int s4/0/0
[r4-Serial4/0/0]nat outbound 2000
验证
R1的RIP路由信息
查看R1的分支注册结果
这里就拿pc1做展示,其他的也一样
pingP2
ping环回