7.19广域网综合实验

需求

1.R2为ISP，其上只能配置IP地址
2.R1-R2之间为HDLC封装
3.R2-R3之间为PPP封装,pap认证,R2为主认证方
4.R2-R4之间为PPP封装，chap认证，R2为主认证方
5.R1、R3、R4构建MGRE环境,仅R1IP地址固定
6.内网使用RIP获取路由，所有Pc可以互相访问，并且可访问R2的环回。

拓扑

 

 

分析

R1、R2、R3、R4、之间用串线连接

因为R2是ISP，所以到R2上的路径需要手写缺省

R1与R2之间改为HDLC封装

R2与R3之间进行pap认证，设R2为主认证方

R2与R4之间进行chap认证，设R2为主认证方

R1、R3、R4之间构建要MGRE，需要配置3个隧道接口

因为仅R1的ip固定，所以将R1设为中心。

使用rip获取内网路由，注意在R1的隧道接口上取消rip的水平分割。

在R1,R3,R4上配置nat使3台PC可以访问到R2上的环回

配置

1. 配置ip(包括pc的ip，路由器接口ip，路由器环回ip)

AR1

AR2

AR3

AR4

PC1

PC2

PC3

 2. 给R1,R3,R4写缺省路由

[R1]ip route-static 0.0.0.0 0 12.1.1.2

[R3]ip route-static 0.0.0.0 0 23.1.1.1

[R4]ip route-static 0.0.0.0 0 23.1.1.1

3. 配置NAT

R1

[R1]nat
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int s 4/0/0
[R1-Serial4/0/0]nat outbound 2000

AR3

[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R3-acl-basic-2000]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000

AR4

[R4]acl 2000
[R4-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R4-acl-basic-2000]int s 4/0/0
[R4-Serial4/0/0]nat outbound 2000

3. 修改封装和认证

R1与R2修改为HDLC封装

[R1]int s 4/0/0
[R1-Serial4/0/0]link-protocol hdlc

[R2]int s 4/0/0
[R2-Serial4/0/0]link-protocol hdlc 

R2与R3做pap认证，R2为主认证方

[R2]aaa
[R2-aaa]local-user yuan privilege level 15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user yuan service-type ppp
[R2-aaa]q
[R2]int s 3/0/0 
[R2-Serial3/0/0]ppp authentication-mode pap 

[R3]int s 4/0/00
[R3-Serial4/0/0]ppp pap  local-user yuan password cipher 123456

R2与R4做chap认证，R2为主认证方     
[R2]aaa
[R2-aaa]local-user yuan privilege level 15 password cipher 123456
[R2-aaa]local-user yuan service-type ppp 
[R2-aaa]q
[R2]int s 3/0/1
[R2-Serial3/0/1]ppp authentication-mode chap 

[R4]int s 4/0/0
[R4-Serial4/0/0]ppp chap password cipher 123456
[R4-Serial4/0/0]ppp chap user yuan 

4. 创建隧道接口并搭建MGRE环境

R1的配置，并设置为MGRE环境的中心站点

[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R1-Tunnel0/0/0]source 12.1.1.1
Jul 19 2022 18:20:07-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[R1-Tunnel0/0/0]nhrp entry multicast dynamic 
[R1-Tunnel0/0/0]nhrp network-id 100

R3、R4两个分支站点的配置

[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.2 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R3-Tunnel0/0/0]source Serial 4/0/0
Jul 19 2022 18:22:20-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register

[R4]interface Tunnel 0/0/0
[R4-Tunnel0/0/0]ip address 10.1.1.3 24
[R4-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R4-Tunnel0/0/0]source Serial 4/0/0
Jul 19 2022 18:24:30-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[R4-Tunnel0/0/0]nhrp network-id 100
[R4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register

配置完成后

  

5. R1、R3、R4上配置rip获取路由

[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 10.0.0.0

[R3]rip 1
[R3-rip-1]v 2
[R3-rip-1]network 192.168.2.0 
[R3-rip-1]network 10.0.0.0

[R4]rip
[R4-rip-1]version 2
[R4-rip-1]network 192.168.3.0             
[R4-rip-1]network 10.0.0.0

6. 删除R1上隧道接口的水平分割

[R1]int Tunnel 0/0/0 
[R1-Tunnel0/0/0]undo rip split-horizon 

配置完后的rip路由表

 

验证

PC之间互相访问

 

 

PC 访问 R2的环回