一、实验拓扑
二、实验要求
三、实验步骤
步骤一,配置IP地址
从PC1到PC4。。。
R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.2 24
[R1-GigabitEthernet0/0/0]int s4/0/0
[R1-Serial4/0/0]ip add 15.1.1.1 24
R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[R2-GigabitEthernet0/0/0]int s4/0/1
[R2-Serial4/0/1]ip add 25.1.1.1 24
R3
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.3.1 24
[R3-GigabitEthernet0/0/0]int s4/0/0
[R3-Serial4/0/0]ip add 35.1.1.1 24
R4
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 192.168.4.2 24
[R4-GigabitEthernet0/0/1]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 45.1.1.1 24
R5
[Huawei]sys R5
[R5]int s4/0/0
[R5-Serial4/0/0]ip add 15.1.1.5 24
[R5-Serial4/0/0]int s4/0/1
[R5-Serial4/0/1]ip add 25.1.1.5 24
[R5-Serial4/0/1]int s3/0/0
[R5-Serial3/0/0]ip add 35.1.1.5 24
[R5-Serial3/0/0]int g0/0/0
[R5-GigabitEthernet0/0/0]ip add 45.1.1.5 24[R5]int l0
[R5-LoopBack0]ip add 5.5.5.5 24
步骤二,配缺省外网通
[R1]ip route-static 0.0.0.0 0 15.1.1.5
[R2]ip route-static 0.0.0.0 0 25.1.1.5
[R3]ip route-static 0.0.0.0 0 35.1.1.5
[R4]ip route-static 0.0.0.0 0 45.1.1.5
测试
步骤三,配认证
R1和R5使用PPP的PAP认证,R5主认证方
[R5]aaa
[R5-aaa]local-user xiaokeai password cipher 123456
Info: Add a new user.
[R5-aaa]local-user xiaokeai service-type ppp
[R5-aaa]int s4/0/0
[R5-Serial4/0/0]ppp authentication-mode pap[R1]int s4/0/0
[R1-Serial4/0/0]ppp pap local-user xiaokeai password cipher 123456
R2和R5使用PPP的CHAP认证,R5主认证方
[R5]aaa
[R5-aaa]local-user xiaoke password cipher 123456
Info: Add a new user.
[R5-aaa]local-user xiaoke service-type ppp
[R5-aaa]q
[R5]int s4/0/1
[R5-Serial4/0/1]ppp authentication-mode chap[R2]int s4/0/1
[R2-Serial4/0/1]ppp chap user xiaoke
[R2-Serial4/0/1]ppp chap password cipher 123456
R3和R5使用DHLC封装
[R5-Serial3/0/0]link-protocol hdlc
Y
[R3-Serial4/0/0]link-protocol hdlc
Y
步骤四,GRE与MGRE
R1,R2,R3之间建立MGRE
R1中心站点配置:
[R1]int t0/0/0 创建GRE随道接口
[R1-Tunnel0/0/0]ip add 10.1.2.1 24 配置IP
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp 定义封装方式
[R1-Tunnel0/0/0]source 15.1.1.1 定义隧道被封装的源地址创建NHRP域:
[R1-Tunnel0/0/0]nhrp network-id 100
R2分支站点配置:
[R2]int tunnel0/0/0
[R2-Tunnel0/0/0]ip add 10.1.2.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source Serial 4/0/1[R2-Tunnel0/0/0]nhrp network-id 100 分站加入中心站点域
[R2-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register 找中心要个身份
R3分支站点配置:
[R3]int t0/0/0
[R3-Tunnel0/0/0]ip add 10.1.2.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source s4/0/0[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register
R1与R4建立GRE
[R1]int t0/0/1
[R1-Tunnel0/0/1]ip add 10.1.1.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre
[R1-Tunnel0/0/1]source 15.1.1.1
[R1-Tunnel0/0/1]description 45.1.1.1
[R4]int t0/0/1
[R4-Tunnel0/0/1]ip add 10.1.1.2 24
[R4-Tunnel0/0/1]tunnel-protocol gre
[R4-Tunnel0/0/1]source 45.1.1.2
[R4-Tunnel0/0/1]description 15.1.1.1
步骤五,RIP全网可达
[R1]rip 1
[R1-rip-1]ver 2
[R1-rip-1]undo summary
[R1-rip-1]network 10.0.0.0 A类主网地址
[R1-rip-1]n 192.168.1.0[R2]rip 1
[R2-rip-1]v 2
[R2-rip-1]undo summary
[R2-rip-1]n 10.0.0.0
[R2-rip-1]n 192.168.2.0[R3]rip 1
[R3-rip-1]v 2
[R3-rip-1]undo su
[R3-rip-1]n 10.0.0.0
[R3-rip-1]n 192.168.3.0[R4]rip 4
[R4-rip-4]v 2
[R4-rip-4]undo su
[R4-rip-4]n 10.0.0.0
[R4-rip-4]n 192.168.4.0
1、只有中心获取到分支的路由信息,但是分支并没有获取到中心的路由信息;
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
2、分支在中心开启伪广播后,分支只能获取到中心的路由信息,但是无法获取分支之间的路由信息;
[R1-Tunnel0/0/0]undo rip split-horizon
测试PC1-PC2:
测试PC2-PC3:
步骤六
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]int s4/0/0
[R1-Serial4/0/0]nat outbound 2000[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]int s4/0/1
[R2-Serial4/0/1]nat o 2000[R3]acl 2000
[R3-acl-basic-2000]rule p s 192.168.3.0 0.0.0.255
[R3-acl-basic-2000]int s4/0/0
[R3-Serial4/0/0]nat o 2000[R4]acl 2000
[R4-acl-basic-2000]rule p s 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]int g0/0/0
[R4-GigabitEthernet0/0/0]nat o 2000
测试
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
