MGRE实验_nat配置的验证-CSDN博客

1.R2为ISP,其上只能配置IP地址
2.R1-R2之间为HDLC封装
3. R2- R3之间为PPP封装，pap认证，R2为主认证方
4.R2-R4之间为PPP封装，chap认证，R2为主认证方
5.R1、R3、R4构建MGRE环境，仅R1 IP地址固定
6.内网使用RIP获取路由，所有PC可以互相访问，并且可访问R2的环回。

分析

1、首先要达到公网全网可达，还需要在R1，R3，R4配置缺省路由，下一跳为R2

2、R1、R3、R4构建MGRE环境，需要在同一网段

3、ppp认证，可以在不同网段

4、要ping通环回，还需要做NAT

建立拓扑结构图

配置

1.配置IP地址

R1

<Huawei>sys
[Huawei]sysn r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.2 24
[r1-GigabitEthernet0/0/0]int s4/0/0
[r1-Serial4/0/0]ip add 12.1.1.1 24

R2

<Huawei>sys
[Huawei]sysn ISP
[ISP]int int s4/0/0
[ISP-Serial4/0/0]ip add 12.1.1.2 24

[ISP-Serial4/0/0]int s3/0/0

[ISP-Serial3/0/0]ip add 12.1.2.1 24

[ISP-Serial3/0/0]int s3/0/1

[ISP-Serial3/0/1]ip add 12.1.3.1 24

[ISP-Serial3/0/1]q

[ISP]int LoopBack 0
[ISP-LoopBack0]ip add 200.1.1.1 24 //回环地址

R3

<Huawei>sys
[Huawei]sysn r3
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 192.168.1.2 24
[r3-GigabitEthernet0/0/1]int s4/0/0
[r3-Serial4/0/0]ip add 12.1.5.2 24

R4

<Huawei>sys
[Huawei]sysn r4
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 192.168.2.2 24
[r4-GigabitEthernet0/0/1]int s4/0/0
[r4-Serial4/0/0]ip add 12.1.4.2 24

PC1

PC2

PC3

2.HDLC配置

R1
[r1]int s4/0/0
[r1-Serial4/0/0]link-protocol hdlc

R2

[ISP]int s4/0/0
[ISP-Serial4/0/0]link-protocol hdlc

3.PAP配置

R2

<ISP>sys
[ISP]aaa
[ISP-aaa]local-user abc privilege level 15 password cipher 123456

[ISP-aaa]local-user abc service-type ppp
[ISP-aaa]q
[ISP]int s3/0/0
[ISP-Serial3/0/0]ppp authentication-mode pap

R4

[r4]interface s4/0/0
[r4-Serial4/0/0]ppp pap local-user abc password cipher 123456

4.CHAP配置

R2

[ISP-Serial3/0/1]q
[ISP]aaa
[ISP-aaa]local-user abcc privilege level 15 password cipher 654321

[ISP-aaa]local-user abcc service-type ppp
[ISP-aaa]q
[ISP]int s3/0/1
[ISP-Serial3/0/1]ppp authentication-mode chap

R3

[r3]int s4/0/0

[r3-Serial4/0/0]ppp chap password cipher 654321

[r3-Serial4/0/0]ppp chap user abcc

5.配置缺省路由

R1

[r1]ip route-static 0.0.0.0 0 12.1.1.2

R3

[r3]ip route-static 0.0.0.0 0 12.1.3.1

R4

[r4]ip route-static 0.0.0.0 0 12.1.2.1

6.MGRE配置

R1

[r1]int Tunnel 0/0/0 //创建tunnel口
[r1-Tunnel0/0/0]ip add 25.1.1.1 24 //配置接口ip地址
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp // 先修改接口模式为多点GRE
[r1-Tunnel0/0/0]source 12.1.1.1 公有的源IP地址
[r1-Tunnel0/0/0]nhrp entry multicast dynamic // 本地成为NHRP中心，同时可以进行伪广播
[r1-Tunnel0/0/0]nhrp network-id 100 // 默认为0号，该网段内所有节点tunnel接口必须为相同域

[r1-Tunnel0/0/0]undo rip split-horizon //因为R4，R3向R1共享路由信息时，会水平分割，比如r4告诉了自己的路由信息，r1没法再通过改接口告诉自己的路由，所以需要关闭水平分割

R3

[r3]int Tunnel 0/0/0
[r3-Tunnel0/0/0]ip add 25.1.1.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source s4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 25.1.1.1 12.1.1.1 register //注册

R4

[r4]int Tunnel 0/0/0
[r4-Tunnel0/0/0]ip add 25.1.1.3 24
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp
[r4-Tunnel0/0/0]source s4/0/0
[r4-Tunnel0/0/0]nhrp network-id 100
[r4-Tunnel0/0/0]nhrp entry 25.1.1.1 12.1.1.1 register

7.RIP配置

R1

[r1-Tunnel0/0/0]rip
[r1-rip-1]version 2
[r1-rip-1]network 25.0.0.0

[r1-rip-1]network 192.168.1.0

R3

<r3>sys
[r3]rip
[r3-rip-1]version 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 25.0.0.0

R4

[r4-Tunnel0/0/0]rip
[r4-rip-1]version 2
[r4-rip-1]network 192.168.2.0
[r4-rip-1]network 25.0.0.0

8.NAT配置

R1

[r1]acl 2000
[r1-acl-basic-2000]rule permit source any
[r1-acl-basic-2000]int s4/0/0
[r1-Serial4/0/0]nat outbound 2000

R3

[r3]acl 2000
[r3-acl-basic-2000]rule permit source any
[r3-acl-basic-2000]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000

R4

[r4]acl 2000
[r4-acl-basic-2000]rule permit source any
[r4-acl-basic-2000]int s4/0/0
[r4-Serial4/0/0]nat outbound 2000