MGRE综合实验报告册

实验要求1,R5为ISP只能进行IP地址配置其所有地址均配为公有IP地址2,R1和R5间使用PPP的PAP认证R5为主认证方R2与R5之间使用ppp的CHAP认证R5为主认证方 R3与R5之间使用HDLC封装3,R1,R2,R3构建一个MGRE环境R1为中心站点R1,R4间为点到点的GRE;4整个私有网络基本RIP全网可达5所有PC设置私有IP为源IP可以访问RS环回。1、配置IP地址[r1-GigabitEthernet0/0/0]ip ad 192.168.1.254 24[r1-Serial4/0/0]ip ad 15.1.1.1 24r2-GigabitEthernet0/0/0]ip ad 192.168.2.254 24[r2-Serial4/0/0]ip ad 25.1.1.2 24[r3-GigabitEthernet0/0/0]ip ad 192.168.3.254 24[r3-Serial4/0/0]ip ad 35.1.1.3 24[r4-GigabitEthernet0/0/0]ip ad 45.1.1.4 24[r4-GigabitEthernet0/0/1]ip ad 192.168.4.254 24[r5-GigabitEthernet0/0/0]ip ad 45.1.1.5 24[r5-Serial4/0/1]ip ad 15.1.1.5 24[r5-Serial4/0/0]ip ad 35.1.1.5 24[r5-Serial3/0/1]ip ad 25.1.1.5 24[r5-LoopBack0]ip ad 5.5.5.5 24私网通公网通---配置静态路由协议测试公网通[r1]ip route-static 0.0.0.0 0 15.1.1.5[r2]ip route-static 0.0.0.0 0 25.1.1.5[r3]ip route-static 0.0.0.0 0 35.1.1.5[r4]ip route-static 0.0.0.0 0 45.1.1.5配置R1-R5的ppp的pap认证R5为主认证方[r5-aaa]local-user hhh password cipher ****** privilege level 15r5-aaa]local-user hhh service-type ppp[r5-Serial4/0/1]ppp authentication-mode pap[r1-Serial4/0/0]ppp pap local-user hhh password cipher hhh12345R2与R5之间使用ppp的CHAP认证R5为主认证方[r5-Serial3/0/1]ppp authentication-mode chap[r2-Serial4/0/0]ppp chap password cipher hhh12345R3与R5之间使用HDLC封装[r3-Serial4/0/0]link-protocol hdlc[r5-Serial4/0/0]link-protocol hdlc配置GRE VPN[r1-Tunnel0/0/0]ip ad 10.1.1.1 24[r1-Tunnel0/0/0]tunnel-protocol gre[r1-Tunnel0/0/0]source 15.1.1.1[r1-Tunnel0/0/0]destination 45.1.1.4[r4-Tunnel0/0/0]ip ad 10.1.1.4 24[r4-Tunnel0/0/0]tunnel-protocol gre[r4-Tunnel0/0/0]source 45.1.1.4[r4-Tunnel0/0/0]destination 15.1.1.17、配置MGRE VPN1配置NHRP协议构建公共隧道[r1-Tunnel0/0/1]ip ad 10.1.2.1 24[r1-Tunnel0/0/1]tunnel-protocol gre p2mp[r1-Tunnel0/0/1]source 15.1.1.1[r1-Tunnel0/0/1]nhrp network-id 100配置NHRP 协议使分支机构将自己的隧道地址和公网地址发给总部[r2-Tunnel0/0/1]ip ad 10.1.2.2 24[r2-Tunnel0/0/1]tunnel-protocol gre p2mp[r2-Tunnel0/0/1]source 25.1.1.2[r2-Tunnel0/0/1]nhrp network-id 100[r2-Tunnel0/0/1]nhrp entry 10.1.2.1 15.1.1.1 register[r3-Tunnel0/0/1]ip ad 10.1.2.3 24[r3-Tunnel0/0/1]source 35.1.1.3[r3-Tunnel0/0/1]nhrp network-id 100[r3-Tunnel0/0/1]nhrp entry 10.1.1.1 15.1.1.1 register配置RIPV2传递两端的私网路由实现总部和分部分部和分部之间的互通[r1-rip-1]v 2[r1-rip-1]net 192.168.1.0[r1-rip-1]net 10.0.0.0[r2-rip-1]v 2[r2-rip-1]net 192.168.2.0[r2-rip-1]net 10.0.0.0[r3-rip-1]v 2[r3-rip-1]net 192.168.3.0[r3-rip-1]net 10.0.0.0[r4-rip-1]v 2[r4-rip-1]net 192.168.4.0[r4-rip-1]net 10.0.0.0在中心站点上开启伪广播功能[r1-Tunnel0/0/1]nhrp entry multicast dynamic关闭中心和分支站点的RIP的水平分割机制[r1-Tunnel0/0/1]undo rip split-horizon[r2-rip-1]undo silent-interface[r3-Tunnel0/0/1]undo rip split-horizon6配置nat使全网pc可访问到r5环回[r1-acl-basic-2000]rule permit source 15.1.1.1 0.0.0.255[r1-Serial4/0/0]nat outbound 2000[r2-acl-basic-2000]rule permit source 25.1.1.2 0.0.0.255[r2-Serial4/0/0]nat outbound 2000[r3-acl-basic-2000]rule permit source 35.1.1.3 0.0.0.255[r3-Serial4/0/0]nat outbound 2000[r4-acl-basic-2000]rule permit source 45.1.1.4 0.0.0.255[r4-GigabitEthernet0/0/0]nat outbound 2000