需求
1.R2为ISP,其上只能配置IP地址
2.R1-R2之间为HDLC封装
3.R2-R3之间为PPP封装,pap认证,R2为主认证方
4.R2-R4之间为PPP封装,chap认证,R2为主认证方
5.R1、R3、R4构建MGRE环境,仅R1IP地址固定
6.内网使用RIP获取路由,所有Pc可以互相访问,并且可访问R2的环回。
拓扑
分析
R1、R2、R3、R4、之间用串线连接
因为R2是ISP,所以到R2上的路径需要手写缺省
R1与R2之间改为HDLC封装
R2与R3之间进行pap认证,设R2为主认证方
R2与R4之间进行chap认证,设R2为主认证方
R1、R3、R4之间构建要MGRE,需要配置3个隧道接口
因为仅R1的ip固定,所以将R1设为中心。
使用rip获取内网路由,注意在R1的隧道接口上取消rip的水平分割。
在R1,R3,R4上配置nat使3台PC可以访问到R2上的环回
配置
1. 配置ip(包括pc的ip,路由器接口ip,路由器环回ip)
AR1
AR2
AR3
AR4
PC1
PC2
PC3
2. 给R1,R3,R4写缺省路由
[R1]ip route-static 0.0.0.0 0 12.1.1.2
[R3]ip route-static 0.0.0.0 0 23.1.1.1
[R4]ip route-static 0.0.0.0 0 23.1.1.1
3. 配置NAT
R1
[R1]nat
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int s 4/0/0
[R1-Serial4/0/0]nat outbound 2000
AR3
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R3-acl-basic-2000]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000
AR4
[R4]acl 2000
[R4-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R4-acl-basic-2000]int s 4/0/0
[R4-Serial4/0/0]nat outbound 2000
3. 修改封装和认证
R1与R2修改为HDLC封装
[R1]int s 4/0/0
[R1-Serial4/0/0]link-protocol hdlc
[R2]int s 4/0/0
[R2-Serial4/0/0]link-protocol hdlc
R2与R3做pap认证,R2为主认证方
[R2]aaa
[R2-aaa]local-user yuan privilege level 15 password cipher 123456
Info: Add a new user.
[R2-aaa]local-user yuan service-type ppp
[R2-aaa]q
[R2]int s 3/0/0
[R2-Serial3/0/0]ppp authentication-mode pap
[R3]int s 4/0/00
[R3-Serial4/0/0]ppp pap local-user yuan password cipher 123456
R2与R4做chap认证,R2为主认证方
[R2]aaa
[R2-aaa]local-user yuan privilege level 15 password cipher 123456
[R2-aaa]local-user yuan service-type ppp
[R2-aaa]q
[R2]int s 3/0/1
[R2-Serial3/0/1]ppp authentication-mode chap
[R4]int s 4/0/0
[R4-Serial4/0/0]ppp chap password cipher 123456
[R4-Serial4/0/0]ppp chap user yuan
4. 创建隧道接口并搭建MGRE环境
R1的配置,并设置为MGRE环境的中心站点
[R1]interface Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 10.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 12.1.1.1
Jul 19 2022 18:20:07-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state.
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
R3、R4两个分支站点的配置
[R3]interface Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 10.1.1.2 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source Serial 4/0/0
Jul 19 2022 18:22:20-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state.
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
[R4]interface Tunnel 0/0/0
[R4-Tunnel0/0/0]ip address 10.1.1.3 24
[R4-Tunnel0/0/0]tunnel-protocol gre p2mp
[R4-Tunnel0/0/0]source Serial 4/0/0
Jul 19 2022 18:24:30-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state.
[R4-Tunnel0/0/0]nhrp network-id 100
[R4-Tunnel0/0/0]nhrp entry 10.1.1.1 12.1.1.1 register
配置完成后
5. R1、R3、R4上配置rip获取路由
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 10.0.0.0
[R3]rip 1
[R3-rip-1]v 2
[R3-rip-1]network 192.168.2.0
[R3-rip-1]network 10.0.0.0
[R4]rip
[R4-rip-1]version 2
[R4-rip-1]network 192.168.3.0
[R4-rip-1]network 10.0.0.0
6. 删除R1上隧道接口的水平分割
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]undo rip split-horizon
配置完后的rip路由表
验证
PC之间互相访问
PC 访问 R2的环回
170
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
