实验要求:
1.R2为isp,其上只能配置IP地址
2.R1-R2之间为HDLC封装
3.R2-R3之间为PPP封装,pap认证,R2为主认证方
4.R2-R4之间为ppp封装,chap认证,R2为主认证方
5.R1 ,R2,R3构建MGRE环境,仅R1 IP地址固定
6.内网使用RIP获取路由,所有pc可以互相访问,并且可以访问R2的环回。
实验步骤:
1.首先我们先根据要求画好拓扑图,并且分好地址网段等;
2.根据要求我们先对R1-R2 R2-R3 R2-R4 的顺序来进行配置
3. 接下来是具体的配置方法。以及个人对拓扑图的理解。
首先配置R1
interface Serial4/0/0
link-protocol hdlc 封装 HDLC
ip address 12.1.1.1 255.255.255.0
#
interface Serial4/0/1
link-protocol ppp PPP 封装
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0 创建tunnel口
ip address 10.1.1.1 255.255.255.0
tunnel-protocol gre p2mp
source 12.1.1.1 真实的接口
nhrp entry multicast dynamic
nhrp network-id 100 编号100
#
rip 1 用rip学习
version 2
network 192.168.0.0
network 10.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2 缺省路由
满足要求二:对其进行HDLC封装
接下来是R2
aaa 认证
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user zhanghang password cipher %$%$>vcxG"idqUGzJTW_PtV!9:<Y%$%$
local-user zhanghang privilege level 15
local-user zhanghang service-type ppp
local-user zhanghang2 password cipher %$%$g@~x*YIJa;~cJ+4-xU_:9<Fq%$%$
local-user zhanghang2 privilege level 15
local-user zhanghang2 service-type ppp
#
firewall zone Local
priority 15
#
interface Serial3/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 13.1.1.1 255.255.255.0
#
interface Serial3/0/1
link-protocol ppp
#
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode pap
ip address 14.1.1.1 255.255.255.0
#
interface Serial4/0/1
link-protocol hdlc
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 15.1.1.1 255.255.255.0
#
rip 1
version 2
#
ip route-static 0.0.0.0 0.0.0.0 14.1.1.2
ip route-static 0.0.0.0 0.0.0.0 13.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
注意R2的认证较多,要一个一个的进行;
R3:
acl number 2001
rule 5 permit source 192.168.0.0 0.0.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol ppp
ppp pap local-user zhanghang password cipher %$%$_`G77!f[XH|F-q70NTX2,"0a%$%$
ip address 14.1.1.2 255.255.255.0
nat outbound 2001
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 10.1.1.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 10.1.1.1 12.1.1.1 register
#
rip 1
version 2
network 192.168.0.0
network 10.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 14.1.1.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
如图:
R4:
acl number 2002
rule 5 permit source 192.168.0.0 0.0.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Serial4/0/0
link-protocol ppp
#
interface Serial4/0/1
link-protocol ppp
ppp chap user zhanghang2
ppp chap password cipher %$%$;JI";'NGvTMrMPVBpg|,,"tP%$%$
ip address 13.1.1.2 255.255.255.0
nat outbound 2002
#
interface GigabitEthernet0/0/0
ip address 192.168.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface Tunnel0/0/0
ip address 10.1.1.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/1
nhrp network-id 100
nhrp entry 10.1.1.1 12.1.1.1 register
#
rip 1
version 2
network 192.168.0.0
network 10.0.0.0
network 192.168.1.0
#
ip route-static 0.0.0.0 0.0.0.0 13.1.1.1
ip route-static 192.168.1.0 255.255.255.0 12.1.1.1
#
user-interface con 0
authentication-mode password
至此,配置已经全部完成,接下来就是验证实验
pc1 ping环回地址:
pc2 ping环回地址:
pc3 ping环回地址:
pc1 ping pc2 pc3如下图所示
总结:
总的来说这个实验是结合新学的知识来做,既有对以前知识的巩固,也有对新知识的熟悉,这是比较好的实验。
268
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
