实验要求
- R5为ISP,只能进行IP地址配置,其所有地址均配为公有IP地址;
- R1和R5间使用PPP的PAP认证,Rs为主认证方;
R1和R5间使用ppp的CHAP认证,Rs为主认证方
R3和R5间使用HDLC封装;
3,R1.R2,R3构建一个MGRE环境,R1为中心站点,R1、R4间为点到点的GRE
4,整个私有网络基于RIP 全网可达;
5、所有Pc设置私有IP为源IP,可以访问R5环回。
实验思路
1、配置IP地址
2、私网通,公网通---配置静态路由协议,测试公网通
3、配置R1-R5的ppp的pap认证,R5为主认证方
4、R2与R5之间使用ppp的CHAP认证,R5为主认证方;
5、R3与R5之间使用HDLC封装;
6、配置GRE VPN
7、配置MGRE VPN
(1)配置NHRP协议,构建公共隧道
(2)配置NHRP 协议使分支机构将自己的隧道地址和公网地址发给总部
(3)配置RIPV2,传递两端的私网路由,实现总部和分部,分部和分部之间的互通
(4)在中心站点上开启伪广播功能
(5)关闭中心和分支站点的RIP的水平分割机制
R1]INT g 0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
R1]int s 4/0/0
[R1-Serial4/0/0]ip add 15.1.1.1 24
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.2.254 24
[R2]int s 4/0/0
[R2-Serial4/0/0]ip add 25.1.1.2 24
[R3]int s 4/0/0
[R3-Serial4/0/0]ip add 35.1.1.3 24
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.3.254 24
[R4-GigabitEthernet0/0/0]int g 0/0/1
[R4-GigabitEthernet0/0/1]ip add 192.168.4.254 24
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip add 45.1.1.4 24
[R5-GigabitEthernet0/0/0]int l0
[R5-LoopBack0]ip add 5.5.5.5 24
[R5-Serial4/0/0]int g 0/0/0
[R5-GigabitEthernet0/0/0]ip add 45.1.1.5 24
[R5-Serial3/0/1]int s 4/0/0
[R5-Serial4/0/0]ip add 35.1.1.5 24
[R5-Serial4/0/1]int s 3/0/1
[R5-Serial3/0/1]ip add 25.1.1.5 24
[R5]int s 4/0/1
[R5-Serial4/0/1]ip add 15.1.1.5 24
(2)[R1]ip route-static 0.0.0.0 0 15.1.1.5
[R2]ip route-static 0.0.0.0 0 25.1.1.5
[R3]ip route-static 0.0.0.0 0 35.1.1.5
[R4]ip route-static 0.0.0.0 0 45.1.1.5
(3)[R5-aaa]local-user 111 password cipher 123456 privilege level 15
[R5-aaa]local-user 111 service-type ppp
[R5-Serial4/0/1]ppp authentication-mode pap
[R1-Serial4/0/0]ppp pap local-user 111 password cipher 123456
(4)[R5-Serial3/0/1]ppp authentication-mode chap
[R2]int s 4/0/0
[R2-Serial4/0/0]ppp chap user 111
[R2-Serial4/0/0]ppp chap password cipher 123456
(5)
[R5-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[R3]int s 4/0/0
[R3-Serial4/0/0]link
[R3-Serial4/0/0]link-protocol h
[R3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
(6)
R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip add 10.1.1.1 24
R1-Tunnel0/0/0]tunnel-protocol gre
[R1-Tunnel0/0/0]source 15.1.1.1
R1-Tunnel0/0/0]description 45.1.1.4
[R1-Tunnel0/0/0]destination 45.1.1.4
4]int Tunnel 0/0/0
[R4-Tunnel0/0/0]ip add 10.1.1.4 24
[R4-Tunnel0/0/0]tunn
[R4-Tunnel0/0/0]tunnel-protocol gre
[R4-Tunnel0/0/0]source 45.1.1.4
[R4-Tunnel0/0/0]destination 15.1.1.1
(7)[R1]int Tunnel 0/0/1
[R1-Tunnel0/0/1]ip add 10.1.2.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre p2mp
[R1-Tunnel0/0/1]source 15.1.1.1
[R1-Tunnel0/0/1]nhrp network-id 100
R2-Tunnel0/0/1]ip add 10.1.2.2 24
[R2-Tunnel0/0/1]tunnel-protocol gre p2mp
[R2-Tunnel0/0/1]source Serial 4/0/0
[R2-Tunnel0/0/1]nhrp network-id 100
[R2-Tunnel0/0/1]nhrp entry 10.1.2.1 15.1.1.1 register
[R3-Tunnel0/0/1]ip add 10.1.2.3 24
[R3-Tunnel0/0/1]tunnel-protocol gre p2mp
[R3-Tunnel0/0/1]source Serial 4/0/0
[R3-Tunnel0/0/1]nhrp network-id 100
[R3-Tunnel0/0/1]nhrp entry 10.1.2.1 15.1.1.1 register
R1]rip 1
[R1-rip-1]v 2
[R1-rip-1]undo summary
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 10.0.0.0
[R2]rip 1
[R2-rip-1]v 2
[R2-rip-1]undo summary
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 10.0.0.0
[R3]rip 1
[R3-rip-1]v 2
[R3-rip-1]undo summary
[R3-rip-1]network 192.168.3.0
[R3-rip-1]network 10.0.0.0
[R4]rip 1
[R4-rip-1]v 2
[R4-rip-1]undo summary
[R4-rip-1]network 192.168.4.0
[R4-rip-1]network 10.0.0.0
[R2]dis ip routing-table protocol rip
[R1-Tunnel0/0/1]nhrp entry multicast dynamic
[R1-Tunnel0/0/1]undo rip split-horizon
[R2-Tunnel0/0/1] undo rip split-horizon
[R3-Tunnel0/0/1]undo rip split-horizon
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-Serial4/0/0]nat outbound 2000
[R2]acl 2000
[R2-acl-basic-2000]rule pe
[R2-acl-basic-2000]rule permit sou
[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]int s 4/0/0
[R2-Serial4/0/0]nat out
[R2-Serial4/0/0]nat outbound 2000
[R3]acl 2000
[R3-acl-basic-2000]rule pe
[R3-acl-basic-2000]rule permit sou
[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R3-acl-basic-2000]q
[R3]int s 4/0/0
[R3-Serial4/0/0]out
[R3-Serial4/0/0]nat ot
[R3-Serial4/0/0]nat out
[R3-Serial4/0/0]nat outbound 2000
[R4]acl 2000
[R4-acl-basic-2000]rule per
[R4-acl-basic-2000]rule permit sou
[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]q
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]nat out 2000
[R4-GigabitEthernet0/0/0]nat out
[R4-GigabitEthernet0/0/0]nat outbound 2000
)