GME 和MGRE综合实验

一、实验拓扑

二、实验要求

1、R5为ISP，只能进行I地址配置，其所有地址均配为公有I地址;

2、R1和R5间使用PPP的PAP认证，R5为主认证方

R2与R5之间使用ppp的cHAP认证，R5为主认证方;

R3与R5之间使用HDLC封装;

3、R1、R2、R3构建一个MGRE环境，R1为中心站点，R1、R4间为点到点的GRE;

4、整个私有网络基本RIP全网可达;

5、所有Pc设置私有IP为源IP，可以访问5环回

三、实验思路

1、配置IP地址

2、配置PAP、CHAP、HDLC封装

3、配置MGRE、GRE

4、配置RIP协议

5、配置NAT

测试和验证

四、实验步骤

1、IP地址配置

R1\]int g 0/0/0 \[R1-GigabitEthernet0/0/0\]ip add 192.168.1.1 24 \[R1\]int Serial 4/0/0 \[R1-Serial4/0/0\]ip add 15.1.1.1 24 \[R2\]int g0/0/0 \[R2-GigabitEthernet0/0/0\]ip add 192.168.2.2 24 \[R2\]int Serial 4/0/0 \[R2-Serial4/0/0\]ip add 25.1.1.2 24 \[R3\]int g 0/0/0 \[R3-GigabitEthernet0/0/0\]ip add 192.168.3.3 24 \[R3\]int Serial 4/0/0 \[R3-Serial4/0/0\]ip add 35.1.1.3 24 \[R4\]int g 0/0/0 \[R4-GigabitEthernet0/0/0\]ip add 45.1.1.4 24 \[R4-GigabitEthernet0/0/0\]int g 0/0/1 \[R4-GigabitEthernet0/0/1\]ip add 192.168.4.4 24 \[R5\]int Serial 4/0/1 \[R5-Serial4/0/1\]ip add 15.1.1.5 24 \[R5-Serial4/0/1\]int g 0/0/0 \[R5-GigabitEthernet0/0/0\]ip add 45.1.1.5 24 \[R5\]int Serial 3/0/1 \[R5-Serial3/0/1\]ip add 25.1.1.5 24 \[R5\]int Serial 4/0/0 \[R5-Serial4/0/0\]ip add 35.1.1.5 24 ### （2）配置静态ip \[R1\]ip route-static 0.0.0.0 0 15.1.1.5 \[R2\]ip route-static 0.0.0.0 0 25.1.1.5 \[R3\]ip route-static 0.0.0.0 0 35.1.1.5 \[R4\]ip route-static 0.0.0.0 0 45.1.1.5 ### **3、PPP认证（配置PAP、CHAP、HDLC封装）** #### （1）R1 R5 PAP R5为主认证方 \[R5\]aaa \[R5-aaa\]local-user xxx password cipher xxx111 \[R5-aaa\]int s4/0/1 \[R5-Serial4/0/1\]ppp authentication-mode pap \[R1\]int s 4/0/0 \[R1-Serial4/0/0\]ppp pap local-user xxx password cipher xxx111 #### （2）R2 R5 CHAP R5为主认证方 \[R5\]aaa \[R5-aaa\]local-user sss password cipher sss222 \[R5-aaa\]local-user sss service-type ppp \[R5-aaa\]int s3/0/1 \[R5-Serial3/0/1\]ppp authentication-mode chap \[R2\]int s 4/0/0 \[R2-Serial4/0/0\]ppp chap user sss \[R2-Serial4/0/0\]ppp chap password cipher sss222 #### （3）R3 R5 HDLC \[R5\]aaa \[R5-aaa\]local-user xsq password cipher xsq789 \[R5-aaa\]local-user xsq service-type ppp \[R5\]int Serial 4/0/0 \[R5-Serial4/0/0\]ppp authentication-mode chap \[R5-Serial4/0/0\]link-protocol hdlc \[R3\]int Serial 4/0/0 \[R3-Serial4/0/0\]ppp pap local-user xsq password cipher xsq789 \[R3-Serial4/0/0\]ppp authentication-mode chap \[R3-Serial4/0/0\]link-protocol hdlc ![](https://i-blog.csdnimg.cn/direct/afd6469320c6443f8ae31725dfc7a3e6.png) ![](https://i-blog.csdnimg.cn/direct/949b607ae6dc4a67959ef866f1e1e21a.png) 全网通![](https://i-blog.csdnimg.cn/direct/634ad74b8ee049ab8bdcdbaafa6307af.png)![](https://i-blog.csdnimg.cn/direct/e6278ba4797e4e829648ba8b03f7eeff.png) ### 4、配置MGRE、GRE 构建隧道 #### （1）R2、R3构建一个MGRE环境，R1为中心站点 \[R1\]int Tunnel 0/0/0 \[R1-Tunnel0/0/0\]ip add 10.1.2.1 24 \[R1-Tunnel0/0/0\]tunnel-protocol gre p2mp \[R1-Tunnel0/0/0\]source 15.1.1.1 \[R1-Tunnel0/0/0\]nhrp network-id 100 \[R2\]int Tunnel 0/0/0 \[R2-Tunnel0/0/0\]ip add 10.1.2.2 24 \[R2-Tunnel0/0/0\]tunnel-protocol gre p2mp \[R2-Tunnel0/0/0\]source Serial 4/0/0 \[R2-Tunnel0/0/0\]nhrp network-id 100 \[R2-Tunnel0/0/0\]nhrp entry 10.1.2.1 15.1.1.1 register \[R3\]int Tunnel 0/0/0 \[R3-Tunnel0/0/0\]ip add 10.1.2.3 24 \[R3-Tunnel0/0/0\]tunnel-protocol gre p2mp \[R3-Tunnel0/0/0\]source Serial 4/0/0 \[R3-Tunnel0/0/0\]nhrp entry 10.1.2.1 15.1.1.1 register #### （2）R1、R4间为点到点的GRE \[R1\]int Tunnel 0/0/1 \[R1-Tunnel0/0/1\]ip add 10.1.1.1 24 \[R1-Tunnel0/0/1\]tunnel-protocol gre \[R1-Tunnel0/0/1\]source 15.1.1.1 \[R1-Tunnel0/0/1\]destination 45.1.1.4 \[R4\]int Tunnel 0/0/1 \[R4-Tunnel0/0/1\]ip add 10.1.1.2 24 \[R4-Tunnel0/0/1\]tunnel-protocol gre \[R4-Tunnel0/0/1\]source 45.1.1.4 \[R4-Tunnel0/0/1\]destination 15.1.1.1 ### 4、配置RIP协议 \[R1\]rip 1 \[R1-rip-1\]version 2 \[R1-rip-1\]undo summary \[R1-rip-1\]network 192.168.1.0 \[R1-rip-1\]network 10.0.0.0 \[R2\]rip 1 \[R2-rip-1\]version 2 \[R2-rip-1\]undo summary \[R2-rip-1\]network 192.168.2.0 \[R2-rip-1\]network 10.0.0.0 \[R3\]rip 1 \[R3-rip-1\]version 2 \[R3-rip-1\]undo summary \[R3-rip-1\]network 192.168.3.0 \[R3-rip-1\]network 10.0.0.0 \[R4\]rip 1 \[R4-rip-1\]version 2 \[R4-rip-1\]undo summary \[R4-rip-1\]network 192.168.4.0 \[R4-rip-1\]network 10.0.0.0 ### 查看rip表![](https://i-blog.csdnimg.cn/direct/51603a622a8646b287e5b17540d89b31.png) ![](https://i-blog.csdnimg.cn/direct/848ae948144a4673ada7094c0664c2ce.png) ### **5、配置NAT** \[R1\]acl 2000 \[R1-acl-basic-2000\]rule 5 permit source 192.168.1.0 0.0.0.255 \[R1-acl-basic-2000\]q \[R1\]int Serial 4/0/0 \[R1-Serial4/0/0\]nat outbound 2000 \[R2\]acl 2000 \[R2-acl-basic-2000\]rule 5 permit source 192.168.2.0 0.0.0.255 \[R2-acl-basic-2000\]int s 4/0/0 \[R2-Serial4/0/0\]nat outbound 2000 \[R3\]acl 2000 \[R3-acl-basic-2000\]rule 5 permit source 192.168.3.0 0.0.0.255 \[R3-acl-basic-2000\]int s4/0/0 \[R3-Serial4/0/0\]nat outbound 2000 \[R4\]acl 2000 \[R4-acl-basic-2000\]rule 5 permit source 192.168.4.0 0.0.0.255 \[R4-acl-basic-2000\]int g 0/0/0 \[R4-GigabitEthernet0/0/0\]nat outbound 2000 6、测试![](https://i-blog.csdnimg.cn/direct/443894b9104145ed924b7f5548e2b0ab.png)![](https://i-blog.csdnimg.cn/direct/d795cab8eb074b29b771dde6e2619838.png)![](https://i-blog.csdnimg.cn/direct/17b75ccfa43f4bbc844326faf5a50863.png)![](https://i-blog.csdnimg.cn/direct/fce0282a3f3a4b4e96389db379ddcc30.png)