MGRE、GRE,串线PAP、CHAP协议实验
思路:
数广播域,子网划分,配置路由器接口IP地址,配置GRE,配置静态缺省路由,配置RIP,配置nat
子网划分:
192.168.1.0/24 -- R1内网网段
192.168.2.0/24 -- R2内网网段
192.168.3.0/24 -- R3内网网段
192.168.4.0/24 -- R4内网网段
192.168.5.0/24 -- MGRE/GRE中R1,R2,R3网段
192.168.6.0/24 -- GRE中R1,R4网段
15.0.0.0/8 -- R1~R5链路
25.0.0.0/8 -- R2~R5链路
35.0.0.0/8 -- R3~R5链路
45.0.0.0/8 -- R4~R5链路
5.5.5.5/8 -- R5环回
配置:
-
配IP地址
以R1为例
- int g0/0/0
- ip add 192.168.1.1 24
- int s4/0/0
- nat outbound 2000
- ip add 15.0.0.1 8
- int t0/0/0
- ip add 192.168.5.1 24
- int t0/0/1
- ip add 192.168.6.1 24
-
认证
- 首先配置ACL(R1-R4)
- acl 2000 rule permit source 192.168.1.0 0.0.0.255
- int s4/0/0
- nat outbound 2000
- PAP
- 配置PAP被认证方
- int s4/0/0
- ppp pap local-user adminpap password cipher 123456
- 配置PAP主认证
- aaa
- local-user adminpap password cipher 123456
- local-user adminpap service-type ppp
- int s3/0/0
- ppp authentication-mode pap
- CHAP
- 配置CHAP被认证方
- int s4/0/0
- ppp chap user adminchap
- ppp chap password cipher 123456
- 配置CHAP主认证
- aaa local-user adminchap password cipher 123456
- local-user adminchap service-type ppp
- int s3/0/1
- ppp authentication-mode chap
- HDLC
- int s 4/0/0
- link-protocol hdlc (R3,R5对应接口)
- 首先配置ACL(R1-R4)
-
MGRE
- 以R1中心设备为例
- int t0/0/0
- tunnel-protocol gre p2mp
- source 15.0.0.1
- nhrp network-id 100
- int t0/0/0
- nhrp entry multicast dynamic
- undo rip split-horizon
- 以R2为例
- int t0/0/0
- tunnel-protocol gre p2mp
- source s 4/0/0
- nhrp network-id 100
- nhrp entry 192.168.5.1 15.0.0.1 register
-
GRE(R1-R4点对点)
- 以R1为例
- int t0/0/1
- tunnel-protocol gre
- source 15.0.0.1
- destination 45.0.0.1
-
RIP、静态路由
- 以R1为例
- rip 1
- v 2
- net 192.168.1.0
- net 192.168.5.0 (宣告所有接口的私网)
- net 192.168.6.0
- ip route-s 0.0.0.0 0 15.0.0.2(R1-R4写一条指向公网的缺省)
