一.拓扑
二、实验需求
1、R5为ISP,只能进行IP地址配置,其所有地址均配为公有IP地址;
2、R1和R5间使用PPP的PAP认证,R5为主认证方;
R2与R5之间使用ppp的CHAP认证,R5为主认证方; R3与R5之间使用HDLC封装;
3、R1、R2、R3构建一个MGRE环境,R1为中心站点,R1、R4间为点到点的GRE;
4、整个私有网络基本RIP全网可达;
5、所有Pc设置私有IP为源IP,可以访问R5环回。
三.实验配置
1.ip地址
R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]int s 4/0/0
[R1-Serial4/0/0]ip address 15.1.1.1 24R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[R2-GigabitEthernet0/0/0]int s 4/0/0
[R2-Serial4/0/0]ip address 25.1.1.2 24R3
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip ad 192.168.3.3 24
[R3-GigabitEthernet0/0/0]int s 4/0/0
[R3-Serial4/0/0]ip address 35.1.1.3 24R4
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip ad 192.168.4.4 24
[R4-GigabitEthernet0/0/0]int g 0/0/1
[R4-GigabitEthernet0/0/1]ip ad 45.1.1.4 24R5
[R5]int s 4/0/1
[R5-Serial4/0/1]ip address 15.1.1.5 24
[R5-Serial4/0/1]int s 4/0/0
[R5-Serial4/0/0]ip address 35.1.1.5 24
[R5-Serial4/0/0]int s 3/0/1
[R5-Serial3/0/1]ip address 25.1.1.5 24
[R5]int g 0/0/0
[R5-GigabitEthernet0/0/0]ip address 45.1.1.5 24
[R5]int LoopBack 0
[R5-LoopBack0]ip address 5.5.5.5 24
2.全网通
[R1]ip route-static 0.0.0.0 0 15.1.1.5
[R2]ip route-static 0.0.0.0 0 25.1.1.5
[R3]ip route-static 0.0.0.0 0 35.1.1.5
[R4]ip route-static 0.0.0.0 0 45.1.1.5
R1和R5间使用PPP的PAP认证,R5为主认证方
R5
[R5]aaa
[R5-aaa]local-user ABC password cipher 12345
Info: Add a new user.
[R5-aaa]local-user ABC service-type ppp
[R5-aaa]int s 4/0/1
[R5-Serial4/0/1]ppp authentication-mode papR1
[R1]int s 4/0/0
[R1-Serial4/0/0]ppp pap local-user ABC password cipher 12345R2与R5之间使用ppp的CHAP认证,R5为主认证方
R5
[R5]aaa
[R5-aaa]local-user bbb password cipher 12345
[R5-aaa]local-user aaa service-type ppp
[R5-aaa]int s3/0/1
[R5-Serial3/0/1]ppp authentication-mode chap
R2
[R2]int s4/0/0
[R2-Serial4/0/0]ppp chap user bbb
[R2-Serial4/0/0]ppp chap password cipher bbb12345R3与R5之间使用HDLC封装
R5
[R5]int s4/0/0
[R5-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:yR3
[R3]int s4/0/0
[R3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:yR1、R2、R3构建一个MGRE环境,R1为中心站点,R1、R4间为点到点的GRE
R1
[R1]int Tunnel 0/0/1
[R1-Tunnel0/0/1]ip address 10.1.1.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre
[R1-Tunnel0/0/1]source 15.1.1.1
[R1-Tunnel0/0/1]destination 45.1.1.4[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 20.1.1.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 15.1.1.1
[R1-Tunnel0/0/0]nhrp network-id 100
R2
[R2]int Tunnel 0/0/0
[R2-Tunnel0/0/0]ip address 20.1.1.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source Serial 4/0/0
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 20.1.1.1 15.1.1.1 registerR3
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 20.1.1.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source Serial 4/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 20.1.1.1 15.1.1.1 registerR4
[R4]int t0/0/1
[R4-Tunnel0/0/1]ip add 10.1.1.4 24
[R4-Tunnel0/0/1]tunnel-protocol gre
[R4-Tunnel0/0/1]source 45.1.1.4
[R4-Tunnel0/0/1]destination 15.1.1.1
配置RIP
R1
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]undo summary
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 20.0.0.0
[R1-rip-1]network 10.0.0.0
[R1-Tunnel0/0/1]undo rip split-horizonR2
[R2]rip 1
[R2-rip-1]version 2
[R2-rip-1]undo summary
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 20.0.0.2
[R2-Tunnel0/0/1]undo rip split-horizonR3
[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]undo summary
[R3-rip-1]network 192.168.3.0
[R3-rip-1]network 20.0.0.0
[R3-Tunnel0/0/1]undo rip split-horizonR4
[R4]rip 1
[R4-rip-1]version 2
[R4-rip-1]undo summary
[R4-rip-1]network 192.168.4.0
[R4-rip-1]network 10.0.0.0
[R4-Tunnel0/0/1]undo rip split-horizon配置NAT
R1
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]int s4/0/0
[R1-Serial4/0/0]nat outbound 2000R2
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]int s4/0/0
[R2-Serial4/0/0]nat outbound 2000R3
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R3-acl-basic-2000]int s4/0/0
[R3-Serial4/0/0]nat outbound 2000R4
[R4]acl 2000
[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]int g0/0/1
[R4-GigabitEthernet0/0/0]nat outbound 2000
)
——关于指针(逐渐清晰版))
教程)
)
