mgre实验

（ip，路由配置）

首先配置r2，如果端口up后再进行认证没有意义.

#r1与r2之间为hdlc封装
[r2]int  s 3/0/0   
[r2-Serial3/0/0]link-protocol hdlc 
#添加ip
[r2-Serial3/0/0]ip address 12.1.1.2 24
#配置环回接口
[r2-Serial3/0/0]int lo0
[r2-LoopBack0]ip add 2.2.2.2 24
#r2与r3之间为ppp封装，添加ip
[r2-LoopBack0]int s3/0/1
[r2-Serial3/0/1]ip address 23.1.1.2 24
#进行pap认证
[r2]aaa
[r2-aaa]local-user a password cipher 123456
Info: Add a new user.
[r2-aaa]local-user a service-type ppp
[r2]int s3/0/1   
[r2-Serial3/0/1]ppp authentication-mode  pap
#r2与r4之间为ppp封装，添加IP并且进行chap认证
r2]int s4/0/0 
[r2-Serial4/0/0]ip address 24.1.1.2 24  
[r2-Serial4/0/0]ppp authentication-mode  chap
[r2]aaa
[r2-aaa]local-user b password  cipher 654321
[r2-aaa]local-user b service-type ppp

配置r1

[r1]int g0/0/1 
[r1-GigabitEthernet0/0/1]ip address  192.168.1.1 24
[r1]int s4/0/0
[r1-Serial4/0/0]ip address 12.1.1.1 24
#改变为hdlc封装
[r1-Serial4/0/0]link-protocol hdlc
#缺省路由配置
[r1]ip route-static 0.0.0.0  0 12.1.1.2

配置r3

[r3]int s4/0/0  
[r3-Serial4/0/0]ip address 23.1.1.1 24
[r3]int g0/0/0
[r3-GigabitEthernet0/0/1]ip address 192.168.2.1 24
#没有认证，无法ping通r2（pap认证）
[r3-Serial4/0/0]ppp pap local-user a password cipher 123456
#缺省路由配置
[r3]ip route-static 0.0.0.0 0 23.1.1.2

配置r4

[r4]int s4/0/0  
[r4-Serial4/0/0]ip address 24.1.1.1 24
[r4]int g0/0/0
[r4-GigabitEthernet0/0/1]ip add 192.168.3.1 24
#chap认证
[r4-Serial4/0/0]ppp chap user b  
[r4-Serial4/0/0]ppp chap password cipher 654321
#缺省路由配置
[r4]ip route-static 0.0.0.0 0 24.1.1.2

配置pc ip地址与网关

mgre配置

r1

#配置隧道接口
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 192.168.4.1 24
#mgre中心站点配置
#通过NHRP协议来获取加封装的目标ip地址（r1为中心站点）
[r1-Tunnel0/0/0]nhrp entry  multicast dynamic 
[r1-Tunnel0/0/0]nhrp network-id 100

r3

#配置隧道接口
[r3]int Tunnel 0/0/0 
[r3-Tunnel0/0/0]ip address 192.168.4.3 24   
#mgre分支站点配置
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp     
#加封装的报头源ip地址
[r3-Tunnel0/0/0]source Serial 4/0/0    
#加封装的目标ip地址(需要到NHRP中心站点获取)
[r3-Tunnel0/0/0]nhrp entry 192.168.4.1 12.1.1.1 register    
[r3-Tunnel0/0/0]nhrp network-id 100

r4

#配置隧道接口
[r4]int Tunnel 0/0/0
[r4-Tunnel0/0/0]ip address 192.168.4.4 24
#mgre分支站点配置    
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp 
#加封装的报头源ip地址
[r4-Tunnel0/0/0]source Serial 4/0/0
#加封装的目标ip地址(需要到NHRP中心站点获取)
[r4-Tunnel0/0/0]nhrp entry 192.168.4.1 12.1.1.1 register 
[r4-Tunnel0/0/0]nhrp network-id 100

rip配置---使私网连通

r1配置

[r1]rip 1
[r1-rip-1]ver 2
[r1-rip-1]network 192.168.1.0   
[r1-rip-1]network 192.168.4.0
#取消该接口上的水平分割
[r1-Tunnel0/0/0]undo rip split-horizon

r3配置

[r3]rip 1
[r3-rip-1]ver 2  
[r3-rip-1]network 192.168.2.0   
[r3-rip-1]network 192.168.4.0

r4配置

[r4]rip 1
[r4-rip-1]ver 2
[r4-rip-1]net 192.168.4.0
[r4-rip-1]net 192.168.3.0

然后使pc间两两ping通

访问公网--配置nat（与缺省路由）

r1配置

[r1]acl 2000   
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255   
[r1-acl-basic-2000]int s4/0/0   
[r1-Serial4/0/0]nat outbound 2000

r3配置

[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r3-acl-basic-2000]int s4/0/0      
[r3-Serial4/0/0]nat outbound 

r4配置

[r4]acl 2000  
[r4-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[r4-acl-basic-2000]int s4/0/0
[r4-Serial4/0/0]nat outbound 2000

使用pc端ping r2环回（使用公网上网）