暑假第一次作业

第一步：给R1,R2,R3,R4配IP

$R1-GigabitEthernet0/0/0$ ip address 192.168.1.1 24

$R1-Serial4/0/0$ ip address 15.0.0.1 24

$R2-GigabitEthernet0/0/0$ ip address 192.168.2.1 24

$R2-Serial4/0/0$ ip address 25.0.0.1 24

$R3-GigabitEthernet0/0/0$ ip address 192.168.3.1 24

$R3-Serial4/0/0$ ip address 35.0.0.1 24

$R4-GigabitEthernet0/0/0$ ip address 192.168.4.1 24

第二步：认证配置

给R1和R5间使用PPP的PAP认证;

ISP设密码

$ISP-aaa$ local-user huawei password cipher 123456

定义服务对象：

$ISP-aaa$ local-user huawei service-type ppp

$ISP-Serial3/0/0$ ppp authentication-mode pap、

重新协商链路：

$R1-Serial4/0/0$ shutdown

$R1-Serial4/0/0$ undo shutdown

协议层面（protocol）是down就密码和账号就建立成功了

s 40/0/0认证成功

补全认证

$R1-Serial4/0/0$ ppp pap local-user huawei password cipher 12345

$R1-Serial4/0/0$ shutdown

$R1-Serial4/0/0$ undo shutdown

s 4/0/0 都up，认证成功。

R2与R5之间使用PPP的chap认证，R5为主认证方：

$R2-Serial4/0/0$ ppp chap user huawei 创建账号

$R2-Serial4/0/0$ ppp chap password cipher 123456 设密码

$R1-Serial4/0/0$ shutdown

$R1-Serial4/0/0$ undo shutdown 认证

都up,认证成功

R3与R5之间使用HDLC封装

$ISP-Serial4/0/0$ link-protocol hdlc

第三步：构建MGRE环境

配置静态路由

$R1$ ip route-static 0.0.0.0 0 15.0.0.2

$R2$ ip route-static 0.0.0.0 0 25.0.0.2

$R3$ ip route-static 0.0.0.0 0 35.0.0.2

$R4$ ip route-static 0.0.0.0 0 45.0.0.2

建立隧道

$R1$ int t0/0/0

$R1-Tunnel0/0/0$ ip address 192.168.5.1 24

$R1-Tunnel0/0/0$ tunnel-protocol gre p2mp

$R1-Tunnel0/0/0$ shutdown

$R1-Tunnel0/0/0$ source 15.0.0.1

$R1-Tunnel0/0/0$ nhrp network-id 100

$R2$ int t0/0/0

$R2-Tunnel0/0/0$ ip address 192.168.5.2 24

$R2-Tunnel0/0/0$ tunnel-protocol gre p2mp

$R2-Tunnel0/0/0$ shutdown

$R2-Tunnel0/0/0$ source s4/0/0

$R2-Tunnel0/0/0$ nhrp network-id 100

$R2-Tunnel0/0/0$ nhrp entry 192.168.5.1 15.0.0.1 register

$R3$ int t0/0/0

$R3-Tunnel0/0/0$ ip address 192.168.5.3 24

$R3-Tunnel0/0/0$ tunnel-protocol gre p2mp

$R3-Tunnel0/0/0$ shutdown

$R3-Tunnel0/0/0$ source s4/0/0

$R3-Tunnel0/0/0$ nhrp network-id 100

$R3-Tunnel0/0/0$ nhrp entry 192.168.5.1 15.0.0.1 register

$R1-Tunnel0/0/0$ int t0/0/1

$R1-Tunnel0/0/1$ ip address 192.168.6.1 24

$R1-Tunnel0/0/1$ tunnel-protocol gre

$R1-Tunnel0/0/1$ shutdown

$R1-Tunnel0/0/1$ source 15.0.0.1

$R1-Tunnel0/0/1$ description 45.0.0.1

$R4$ int t0/0/0

$R4-Tunnel0/0/0$ ip address 192.168.6.2 24

$R4-Tunnel0/0/0$ tunnel-protocol gre

$R4-Tunnel0/0/0$ shutdown

$R4-Tunnel0/0/0$ source 45.0.0.1

$R4-Tunnel0/0/0$ description 15.0.0.1

第四步：rip全网可达

$R1$ rip

$R1-rip-1$ version 2

$R1-rip-1$ ne 192.168.1.0

$R1-rip-1$ ne 192.168.5.0

$R1-rip-1$ ne 192.168.6.0

$R2$ rip

$R2-rip-1$ version 2

$R2-rip-1$ network 192.168.5.0

$R2-rip-1$ network 192.168.2.0

$R3$ rip

$R3-rip-1$ verify-source

$R3-rip-1$ version 2

$R3-rip-1$ network 192.168.3.0

$R3-rip-1$ network 192.168.5.0

$R4$ rip

$R4-rip-1$ version 2

$R4-rip-1$ network 192.168.4.0

$R1-Tunnel0/0/0$ nhrp entry multicast dynamic

$R1-Tunnel0/0/0$ undo rip split-horizon

第五步：可访问R5环回

$R1$ acl 2000

$R1-acl-basic-2000$ rule 5 permit source 192.168.1.0 0.0.0.255

$R1$ int s4/0/0

$R1-Serial4/0/0$ nat out

$R1-Serial4/0/0$ nat outbound 2000