本文档详细描述了一个网络配置的实践案例,包括网段划分、IP地址配置、缺省路由设定、PPP认证(PAP与CHAP)、HDLC封装、MGRE隧道搭建、点到点GRE隧道建立以及RIP路由协议的配置。通过这些步骤,实现了网络设备间的安全连接与通信。
1. 网段划分
如图:
2. IP地址配置:
[r1-Serial4/0/0]ip address 15.0.0.1 24
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 2
[r2-Serial4/0/0]ip address 25.0.0.1 24
[r2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[r3-Serial4/0/0]ip address 35.0.0.1 24
[r3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[r4-GigabitEthernet0/0/0]ip address 45.0.0.1 24
[r4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[isp-Serial3/0/0]ip address 15.0.0.2 24
[isp-Serial3/0/1]ip address 25.0.0.2 24
[isp-Serial4/0/0]ip address 35.0.0.2 24
[isp-GigabitEthernet0/0/0]ip address 45.0.0.2 24
3.缺省路由
[r1]ip route-static 0.0.0.0 0 15.0.0.2
[r2]ip route-static 0.0.0.0 0 25.0.0.0
[r3]ip route-static 0.0.0.0 0 35.0.0.2
[r4]ip route-static 0.0.0.0 0 45.0.0.0
测试公网:
可通
[r1]ping 25.0.0.1
PING 25.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 25.0.0.1: bytes=56 Sequence=1 ttl=254 time=70 ms
Reply from 25.0.0.1: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 25.0.0.1: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 25.0.0.1: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 25.0.0.1: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 25.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/70 ms
4. r1和r5使用ppp的pap认证,r5为主认证方
华为默认协议为ppp协议,无需更改
用户名:[isp-aaa]local-user bba password cipher 123456
协议类型选择ppp:[isp-aaa]local-user bba service-type ppp
认证方式选择pap:[isp-Serial3/0/0]ppp authentication-mode pap
r1与r5建立联系:[r1-Serial4/0/0]ppp pap local-user bba password cipher 123456
5. r2与r5使用ppp的chap认证,r5为主认证方
认证:sp-Serial3/0/1]ppp authentication-mode chap
联系:[r2-Serial4/0/0]ppp chap password cipher 123456
6. r3和r5之间使用HDLC封装
更改两接口的封装方式
[isp-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[r3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
7.r1 r2 r3 构建MGRE环境,r1为中心
r1中心站带你配置:
隧道接口:[r1-Tunnel0/0/0]ip address 192.168.5.1 24
封装类型选择gre:[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
封装内容:[r1-Tunnel0/0/0]source 15.0.0.1
目标ip:[r1-Tunnel0/0/0]nhrp network-id 100
伪广播:[r1-Tunnel0/0/0]nhrp entry multicast dynamic
r2配置:
隧道接口:[r2-Tunnel0/0/0]ip address 192.168.5.2 24
封装类型:[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
通过接口方式连接:[r2-Tunnel0/0/0]source Serial 4/0/0
汇报路径:[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
r3同r2
8. r1与r4为点到点的gre
[r1-Tunnel0/0/1]ip address 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 15.0.0.1
[r1-Tunnel0/0/1]destination 45.0.0.1
[r4-Tunnel0/0/0]ip address 192.168.6.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.1
[r4-Tunnel0/0/0]destination 15.0.0.1
9.rip全网可达:
版本:[r1-rip-1]version 2
网段宣告:
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 192.168.5.0
[r1-rip-1]network 192.168.6.0
r2 r3 r4同r1
10. pc设置
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-Serial4/0/0]nat outbound 2000
234同1
617
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
