HCIP第三次实验（MGRE综合实验）-CFANZ编程社区

实验需求

拓扑搭建

二、配置地址
【R1】
[r1-Serial4/0/0]ip address 15.0.0.1 24
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
【R2】
[r2-Serial4/0/0]ip address 25.0.0.2 24
[r2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
【R3】
[r3-Serial4/0/0]ip address 35.0.0.2 24
[r3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
【R4】
[r4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[r4-GigabitEthernet0/0/0]ip address 45.0.0.2 24
【R5】
[ISP-Serial3/0/0]ip address 15.0.0.2 24
[ISP-Serial3/0/1]ip address 25.0.0.1 24
[ISP-Serial4/0/0]ip address 35.0.0.1 24
[ISP-GigabitEthernet0/0/0]ip address 45.0.0.1 24
[ISP-LoopBack0]ip address 5.5.5.5 24

二、配缺省路由指向ISP
[r1]ip route-static 0.0.0.0 0 15.0.0.2
[r2]ip route-static 0.0.0.0 0 25.0.0.1
[r3]ip route-static 0.0.0.0 0 35.0.0.1
[r4]ip route-static 0.0.0.0 0 45.0.0.1

三、R1和R5间使用PPP的PAP认证，R5为主认证方
[ISP]aaa
[ISP-aaa]local-user r1 password cipher 123
[ISP-aaa]local-user r1 service-type ppp
[ISP]interface s3/0/0
[ISP-Serial3/0/0]ppp authentication-mode pap
[r1]interface s4/0/0
[r1-Serial4/0/0]ppp pap local-user r1 password cipher 123

四、R2于R5之间使用PPP的chap认证，R5为主认证方
[ISP]aaa
[ISP-aaa]local-user r2 password cipher 123
[ISP-aaa]local-user r2 service-type ppp
[ISP]interface s3/0/1
[ISP-Serial3/0/1]ppp authentication-mode chap
[r2]interface s4/0/0
[r2-Serial4/0/0]ppp chap user r2
[r2-Serial4/0/0]ppp chap password cipher 123

五、R3于R5之间使用HDLC封装
[r3]interface s4/0/0
[r3-Serial4/0/0]link-protocol hdlc
[ISP]interface s4/0/0
[ISP-Serial4/0/0]link-protocol hdlc

六、R1/R2/R3构建一个MGRE环境（点到多点），R1为中心站点，R1、R4间为点到点的GRE
分析：相当于将R1/R2/R3三个私网网段变成一个私网网段
给私网网段配置192.168.5.0的网段，创建Tunnel口，R1为中心站点
[r1]interface t0/0/0
[r1-Tunnel0/0/0]ip address 192.168.5.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 15.0.0.1
[r1-Tunnel0/0/0]nhrp network-id 100（创建一个100的id）
[r1-Tunnel0/0/0]nhrp entry multicast dynamic

[r2]interface t0/0/0
[r2-Tunnel0/0/0]ip address 192.168.5.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source Serial 4/0/0
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register （中心站点的IP地址和接口的IP地址）

[r3]interface t0/0/0
[r3-Tunnel0/0/0]ip address 192.168.5.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source s4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register

七、R1、R4之间为点到点的GRE
同理相当于将R1、R4之间的两个私网网段变成一个私网网段
给私网网段配置192.168.6.0的网段，创建Tunnel口，R1为中心站点
[r1]interface t0/0/1
[r1-Tunnel0/0/1]ip address 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 15.0.0.1
[r1-Tunnel0/0/1]destination 45.0.0.2（R4的G0/0/0接口IP）

[r4]interface t0/0/0
[r4-Tunnel0/0/0]ip address 192.168.6.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.2
[r4-Tunnel0/0/0]destination 15.0.0.1

八、私网网络基于RIP全网可达（只宣告私网网段）
[r1]rip
[r1-rip-1]v 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 192.168.5.0
[r1-rip-1]network 192.168.6.0

[r2]rip
[r2-rip-1]v 2
[r2-rip-1]network 192.168.2.0
[r2-rip-1]network 192.168.5.0

[r3]rip
[r3-rip-1]v 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 192.168.5.0

[r4]rip
[r4-rip-1]v 2
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 192.168.6.0

九、PC配IP且可以访问R5的环回
pc1 IP地址192.168.1.2 子网掩码255.255.255.255 网关192.168.1.1

pc2 IP地址192.168.4.2 子网掩码255.255.255.255 网关192.168.4.1

pc3 IP地址192.168.3.2 子网掩码255.255.255.255 网关192.168.3.1

pc4 IP地址192.168.2.2 子网掩码255.255.255.255 网关192.168.2.1

[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1]interface s4/0/0
[r1-Serial4/0/0]nat outbound 2000