实验步骤
第⼀步:IP地址规划
PC****地址
设备地址
第⼆步:配置IP地址
R1****配置
R1\]interface g0/0/0 \[R1-GigabitEthernet0/0/0\]ip address 192.168.1.1 24 \[R1\]interface s4/0/0 \[R1-Serial4/0/0\]ip address 15.1.1.1 24
R2****配置
R2\]interface g0/0/0 \[R2-GigabitEthernet0/0/0\]ip address 192.168.2.1 24 \[R2\]interface s4/0/0 \[R2-Serial4/0/0\]ip address 25.1.1.2 24
R3配置
R3\]interface g0/0/0 \[R3-GigabitEthernet0/0/0\]ip address 192.168.3.1 24 \[R3\]interface s4/0/0 \[R3-Serial4/0/0\]ip address 35.1.1.3 24
R4****配置
R4\]interface g0/0/0 \[R4-GigabitEthernet0/0/0\]ip address 45.1.1.4 24 \[R4\]interface g0/0/1 \[R4-GigabitEthernet0/0/1\]ip address 192.168.4.1 24
R5****配置
interface Serial3/0/0
ip address 35.1.1.5 255.255.255.0
interface Serial4/0/0
ip address 15.1.1.5 255.255.255.0
interface Serial4/0/1
ip address 25.1.1.5 255.255.255.0
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
第三步:配置缺省路由
R1\]ip route-static 0.0.0.0 0 15.1.1.5 \[R2\]ip route-static 0.0.0.0 0 25.1.1.5 \[R3\]ip route-static 0.0.0.0 0 35.1.1.5 \[R4\]ip route-static 0.0.0.0 0 45.1.1.5
**第四步:**NAT
R1\]acl 2000 \[R1-acl-basic-2000\]rule 1 permit source any \[R1-acl-basic-2000\]q \[R1\]inter s4/0/0 \[R1-Serial4/0/0\]nat outbound 2000
第五步:PAP认证
主认证⽅配置
R5\]aaa \[R5-aaa\]local-user huawei password cipher huawei \[R5-aaa\]local-user huawei service-type ppp \[R5\]interface s4/0/0 \[R5-Serial4/0/0\]ppp authentication-mode pap
被认证⽅配置
R1\]interface s4/0/0 \[R1-Serial4/0/0\]ppp pap local-user huawei password cipher huawei
第六步:CHAP认证
主认证⽅配置
R5\]aaa \[R5-aaa\]local-user huawei password cipher huawei \[R5-aaa\]local-user huawei service-type ppp \[R5\]interface s4/0/0 \[R5-Serial4/0/0\]ppp authentication-mode chap
被认证⽅配置
R2\]interface s4/0/0 \[R2-Serial4/0/0\]ppp chap user huawei \[R2-Serial4/0/0\]ppp chap password cipher huawei
第七步:HDLC封装
R3\]inter s4/0/0 \[R3-Serial4/0/0\]link-protocol hdlc \[R5\]interface s3/0/0 \[R5-Serial3/0/0\]link-protocol hdlc
第⼋步:R1R2R3构建MGRE环境
R1****配置
R1\]interface Tunnel 0/0/0 \[R1-Tunnel0/0/0\]ip address 10.1.1.1 24 \[R1-Tunnel0/0/0\]tunnel-protocol gre p2mp \[R1-Tunnel0/0/0\]source 15.1.1.1
R2****配置
R2\]interface Tunnel 0/0/0 \[R2-Tunnel0/0/0\]ip address 10.1.1.2 24 \[R2-Tunnel0/0/0\]tunnel-protocol gre p2mp \[R2-Tunnel0/0/0\]source s4/0/0 \[R2-Tunnel0/0/0\]nhrp entry 10.1.1.1 15.1.1.1 register \[R2-Tunnel0/0/0\]nhrp network-id 100
R3****配置
R3\]interface Tunnel 0/0/0 \[R3-Tunnel0/0/0\]ip address 10.1.1.3 24 \[R3-Tunnel0/0/0\]tunnel-protocol gre p2mp \[R3-Tunnel0/0/0\]source s4/0/0 \[R3-Tunnel0/0/0\]nhrp network-id 100 \[R3-Tunnel0/0/0\]nhrp entry 10.1.1.1 15.1.1.1 register
第九步:R1R4配置****GRE
R1****配置
R1\]interface Tunnel 0/0/1 \[R1-Tunnel0/0/1\]ip address 20.1.1.1 24 \[R1-Tunnel0/0/1\]tunnel-protocol gre \[R1-Tunnel0/0/1\]source 15.1.1.1 \[R1-Tunnel0/0/1\]destination 45.1.1.4
R4****配置
R4\]interface Tunnel 0/0/1 \[R4-Tunnel0/0/1\]ip address 20.1.1.2 24 \[R4-Tunnel0/0/1\]tunnel-protocol gre \[R4-Tunnel0/0/1\]source 45.1.1.4 \[R4-Tunnel0/0/1\]destination 15.1.1.1
第⼗步:书写RIP路由
MGRE环境下RIP****路由配置
R1****配置
R1\]rip 1 \[R1-rip-1\]version 2 \[R1-rip-1\]network 192.168.1.0 \[R1-rip-1\]network 10.0.0.0
注意:MGRE环境下RIP需要开启伪⼴播和关闭⽔平分割
R1\]interface Tunnel 0/0/0 \[R1-Tunnel0/0/0\]nhrp entry multicast dynamic // 开启伪⼴播 \[R1-Tunnel0/0/0\]undo rip split-horizon // 关闭⽔平分割
R2****配置
R2\]rip 1 \[R2-rip-1\]version 2 \[R2-rip-1\]network 192.168.2.0 \[R2-rip-1\]network 10.0.0.0
R3****配置
R3\]rip 1 \[R3-rip-1\]version 2 \[R3-rip-1\]network 192.168.3.0 \[R3-rip-1\]network 10.0.0.0
GRE****环境下配置
R1****配置
R1\]rip 1 \[R1-rip-1\]version 2 \[R1-rip-1\]network 20.0.0.0
R4****配置
R4\]rip 1 \[R4-rip-1\]version 2 \[R4-rip-1\]network 20.0.0.0 \[R4-rip-1\]network 192.168.4.0