ppp协议和GRE

1.R5为ISP,只能进行IP地址配置;其所有的IP地址均为共有IP地址

2.R1和R5之间使用PPP的PAP认证,R5为主认证方

R2和R5之间使用PPP的chap认证,R5为主认证方

R3和R5之间使用HDLC封装

3.R1/R2/R3构建一个MGRE环境,R1为Hub;

R1/R4之间构建一个GRE环境

4.整个私有网络基于RIP全网可达

5.所有PC设置私有IP为源IP,可以访问R5环回

一 、配置IP地址

复制代码
R1:

[R1]int g 0/0/0

[R1-GigabitEthernet0/0/0]ip address 192.168.1.254 24

[R1]int s 1/0/0

[R1-Serial1/0/0]ip address 15.0.0.1 24



R2:

[R2]int g 0/0/0

[R2-GigabitEthernet0/0/0]ip address 192.168.2.254 24

[R2]int s 2/0/0

[R2-Serial2/0/0]ip address 25.0.0.2 24



R3:

[R3]int g 0/0/0

[R3-GigabitEthernet0/0/0]ip address 192.168.3.254 24

[R3]int s 3/0/0

[R3-Serial3/0/0]ip address 35.0.0.3 24



R4:

[R4]int g 0/0/1

[R4-GigabitEthernet0/0/1]ip address 192.168.4.254 24

[R4]int g 0/0/0

[R4-GigabitEthernet0/0/0]ip address 45.0.0.4 24



R5:

[R5]int s 1/0/0

[R5-Serial1/0/0]ip address 15.0.0.5 24

[R5]int s 2/0/0

[R5-Serial2/0/0]ip address 25.0.0.5 24

[R5]int s 3/0/0

[R5-Serial3/0/0]ip address 35.0.0.5 24

[R5]int g 0/0/0

[R5-GigabitEthernet0/0/0]ip address 45.0.0.5 24

[R5]int LoopBack 0

[R5-LoopBack0]ip address 5.5.5.5 32

二、 配置PAP,CHAP,HDLC封装

(1)R1和R5间使用PPP的PAP认证,R5为主认证方

复制代码
认证方 R5:

[R5]aaa

[R5-aaa]local-user hcip password cipher 123456

[R5-aaa]local-user hcip service-type ppp

[R5-Serial1/0/0]ppp authentication-mode pap



被认证方 R1:

[R1]int s 1/0/0

[R1-Serial1/0/0]ppp pap local-user hcip password cipher 123456

(2)R2与R5之间使用PPP的CHAP认证,R5为主认证方

复制代码
认证方R5:

[R5-aaa]

[R5-aaa]local-user huawei password cipher 654321

[R5-aaa]local-user huawei service-type ppp

[R5-Serial2/0/0]ppp authentication-mode chap



被认证方R2:

[R2-Serial2/0/0]ppp chap user huawei
[R2-Serial2/0/0]ppp chap password cipher 654321

(3)R3与R5之间使用HDLC封装

复制代码
R3:

[R3]int s 3/0/0

[R3-Serial3/0/0]link-protocol hdlc




R5:

[R5]int s 3/0/0

[R5-Serial3/0/0]link-protocol hdlc 

三、 配置MGRE,GRE

复制代码
[R1]ip route-static 0.0.0.0 0 15.0.0.5

[R2]ip route-static 0.0.0.0 0 25.0.0.5

[R3]ip route-static 0.0.0.0 0 35.0.0.5

[R4]ip route-static 0.0.0.0 0 45.0.0.5

(1)R1/R2/R3构建一个MGRE环境,R1为Hub

复制代码
Hub R1:

[R1]int Tunnel 0/0/0

[R1-Tunnel0/0/0]ip address 192.168.5.1 24

[R1-Tunnel0/0/0]tunnel-protocol gre p2mp

[R1-Tunnel0/0/0]source 15.0.0.1



Spoke R2:

[R2]int Tunnel 0/0/0

[R2-Tunnel0/0/0]ip add 192.168.5.2 24

[R2-Tunnel0/0/0]tunnel-protocol gre p2mp

[R2-Tunnel0/0/0]source Serial 2/0/0

[R2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register



Spoke R3:

[R3]int Tunnel 0/0/0

[R3-Tunnel0/0/0]ip address 192.168.5.3 24

[R3-Tunnel0/0/0]tunnel-protocol gre p2mp

[R3-Tunnel0/0/0]source Serial 3/0/0

[R3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register 

(2)R1/R4之间构建一个GRE环境

复制代码
R1:

[R1]int Tunnel 0/0/1

[R1-Tunnel0/0/1]ip address 192.168.6.1 24

[R1-Tunnel0/0/1]tunnel-protocol gre

[R1-Tunnel0/0/1]source 15.0.0.1

[R1-Tunnel0/0/1]destination 45.0.0.4



R4:

[R4]int Tunnel 0/0/1

[R4-Tunnel0/0/1]ip address 192.168.6.4 24

[R4-Tunnel0/0/1]tunnel-protocol gre

[R4-Tunnel0/0/1]source 45.0.0.4

[R4-Tunnel0/0/1]destination 15.0.0.1

四、 配置RIP协议

复制代码
R1:

rip 1
 version 2
 network 192.168.1.0
 network 192.168.5.0
 network 192.168.6.0

[R1-Tunnel0/0/0]nhrp entry multicast dynamic 

[R1-Tunnel0/0/0]undo rip split-horizon 

[R1-Tunnel0/0/1]undo rip split-horizon
复制代码
R2:

rip 1
 version 2
 network 192.168.2.0
 network 192.168.5.0

[R2-Tunnel0/0/1]undo rip split-horizon
复制代码
R3:

rip 1
 version 2
 network 192.168.3.0
 network 192.168.5.0

[R3-Tunnel0/0/1]undo rip split-horizon
复制代码
R4:

rip 1
 version 2
 network 192.168.4.0
 network 192.168.6.0

[R4-Tunnel0/0/1]undo rip split-horizon

五、 配置NAT

复制代码
R1:

[R1]acl number 2000

[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[R1]int Serial 1/0/0

[R1-Serial1/0/0]nat outbound 2000



R2:

[R2]acl 2000

[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255

[R2]int Serial 2/0/0

[R2-Serial2/0/0]nat outbound 2000



R3:

[R3]acl 2000

[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255

[R3]int Serial 3/0/0

[R3-Serial3/0/0]nat outbound 2000



R4:

[R4]acl 2000

[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255

[R4]int g 0/0/0

[R4-GigabitEthernet0/0/0]nat outbound 2000
相关推荐
网络小白不怕黑18 分钟前
监控httpd状态
服务器
阿米亚波1 小时前
【EVE-NG 实战】防火墙基础(VLAN · VRRP · NAT · ACL · 静态路由)
运维·网络·笔记·网络协议·计算机网络·网络安全·运维开发
日取其半万世不竭2 小时前
云服务器迁移怎么少停机?DNS 切换前后的完整清单
运维·服务器
FREEDOM_X2 小时前
Linux 多线程编程——总结
java·linux·运维·ubuntu
名字还没想好☜2 小时前
Docker 多阶段构建:把镜像从 1.2GB 砍到 15MB
运维·docker·容器·多阶段构建·镜像优化
祸心依旧2 小时前
Visual Studio 五月更新 —— 计划、评审、优化
运维·人工智能·visual studio
Web4Browser3 小时前
Headless 浏览器自动化适合哪些任务?巡检、截图和提交动作要分级
运维·前端·自动化
難釋懷3 小时前
Nginx浏览器强制缓存
运维·nginx·缓存
大博士.J3 小时前
视频号主体违规与认证上限?正确的解决方式
运维·python·自动化
山东点狮信息科技有限公司3 小时前
企业级应用双模式部署架构设计:从单体到微服务的平滑演进
运维·微服务·架构