HCIP之PPP协议（PAP认证，CHAP认证）、GRE、MGRE综合实验

实验过程

一、IP配置
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]ip ad 15.1.1.1 24
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip ad 192.168.1.1 24
r2]interface Serial 4/0/0
[r2-Serial4/0/0]ip ad 25.1.1.2 24
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip ad 192.168.2.1 24
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]ip ad 35.1.1.3 24
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip ad 192.168.3.1 24
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip ad 45.1.1.4 24
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip ad 192.168.4.1 24
[r5]interface Serial 4/0/1
[r5-Serial4/0/1]ip ad 15.1.1.5 24
[r5]interface Serial 3/0/1
[r5-Serial3/0/1]ip ad 25.1.1.5 24
[r5]interface Serial 4/0/0
[r5-Serial4/0/0]ip ad 35.1.1.5 24
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ip ad 45.1.1.5 24

二、缺省路由
[r1]ip route-static 0.0.0.0 0 15.1.1.5
[r2]ip route-static 0.0.0.0 0 25.1.1.5
[r3]ip route-static 0.0.0.0 0 35.1.1.5
[r4]ip route-static 0.0.0.0 0 45.1.1.5

三、R1与R5之间的PAP认证
主认证方
[r5]aaa
[r5-aaa]local-user wangdaye password cipher wdy12345
Info: Add a new user.
[r5-aaa]local-user wangdaye service-type ppp
[r5]interface Serial  4/0/1
[r5-Serial4/0/1]ppp authentication-mode pap 
被认证方
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]ppp pap local-user wangdaye password cipher wdy12345
[r1-Serial4/0/0]shutdown 
[r1-Serial4/0/0]undo shutdown 

四、R2和R5的CHAP认证
主认证方
[r5]interface Serial 3/0/1
[r5-Serial3/0/1]ppp authentication-mode chap 
被认证方
[r2]interface Serial 4/0/0
[r2-Serial4/0/0]ppp chap user wangdaye 
[r2-Serial4/0/0]ppp chap password cipher wdy12345
[r2-Serial4/0/0]shutdown
[r2-Serial4/0/0]undo shutdown

五、更改R3和R5之间的链路协议
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]display th
[V200R003C00]
#
interface Serial4/0/0
 link-protocol ppp
 ip address 35.1.1.3 255.255.255.0 
#
return
[r3-Serial4/0/0]link-protocol hdlc
[r5]interface Serial 4/0/0
[r5-Serial4/0/0]link-protocol hdlc 
 
六、R1、R2、R3 构建一个MGRE环境
R1：
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip ad 10.1.1.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r1-Tunnel0/0/0]nhrp network-id 100
R2：
[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]ip ad 10.1.1.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r2-Tunnel0/0/0]source Serial 4/0/0
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register
R3
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip ad 10.1.1.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source Serial 4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register 

七、R1与R4GRE配置
R1
[r1]interface Tunnel 0/0/1
[r1-Tunnel0/0/1]ip ad 10.1.2.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 15.1.1.1
[r1-Tunnel0/0/1]destination 45.1.1.4
R4
[r4]interface Tunnel 0/0/1
[r4-Tunnel0/0/1]ip ad 10.1.2.4 24
[r4-Tunnel0/0/1]tunnel-protocol gre 
[r4-Tunnel0/0/1]source 45.1.1.4
[r4-Tunnel0/0/1]destination 15.1.1.1

八、RIP传递路由
[r1]rip
[r1-rip-1]v 2
[r1-rip-1]undo s    
[r1-rip-1]undo summary
[r1-rip-1]network 192.168.1.0 
[r1-rip-1]network 10.0.0.0
[r2]rip 
[r2-rip-1]version 2
[r2-rip-1]undo summary 
[r2-rip-1]network 192.168.2.0
[r2-rip-1]network 10.0.0.0
[r3]rip    
[r3-rip-1]version 2
[r3-rip-1]undo su    
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 10.0.0.0
[r4]rip    
[r4-rip-1]v 2
[r4-rip-1]undo summary 
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 10.0.0.0

打开伪广播关闭rip水平分割
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 
[r1-Tunnel0/0/0]undo rip split-horizon
[r2]interface tun 0/0/0
[r2-Tunnel0/0/0]undo rip split-horizon
[r3]interface t 0/0/0
[r3-Tunnel0/0/0]undo rip split-horizon

九、NAT配置
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1]interface Serial 4/0/0
[r1-Serial4/0/0]nat outbound 2000
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r2]interface Serial 4/0/0
[r2-Serial4/0/0]nat outbound 2000
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]nat outbound 2000
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[r4-acl-basic-2000]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]nat outbound 2000

 实验结果测试

查看配置完的nhrp表

ping通测试 

学习之路无终点，知识海洋无尽头，但你的努力，将照亮你的前行之路！