hcip-homework-2 MGRE基础实验

一、实验拓扑

二、实验需求

0. R2为ISP，其上只能配置IP地址。
1. R1-R2之间为HDLC封装。
2. R2-R3之间为ppp封装，pap认证，R2为主认证方。
3. R2-R4之间为ppp封装，chap认证，R2为主认证方。
4. R1、R2、R3构建MGRE环境，仅R1IP地址固定。
5. 内网使用RIP获取路由，所有pc可以相互访问，并且可访问R2的环回。

四、实验步骤

一、配置IP地址

R1配置IP地址：

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              192.168.1.1/24       up         up        
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial4/0/0                       12.1.1.1/24          up         up        
Serial4/0/1                       unassigned           down       down      
Tunnel0/0/0                       192.168.4.1/24       up         up 

R2配置IP地址：

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         192.168.10.1/24      up         up(s)     
NULL0                             unassigned           up         up(s)     
Serial3/0/0                       14.1.1.2/24          up         up        
Serial3/0/1                       unassigned           down       down      
Serial4/0/0                       12.1.1.2/24          up         up        
Serial4/0/1                       13.1.1.2/24          up         up 

R3配置IP地址：

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              192.168.2.1/24       up         up      
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial4/0/0                       13.1.1.1/24          up         up        
Serial4/0/1                       unassigned           down       down      
Tunnel0/0/0                       192.168.4.2/24       up         up 

R4配置IP地址：

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              192.168.3.1/24       up         up        
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial4/0/0                       14.1.1.1/24          up         up        
Serial4/0/1                       unassigned           down       down      
Tunnel0/0/0                       192.168.4.3/24       up         up 

二、公网路由

R1、R3、R4配置缺省路由，使得公网可以联通：

    [R1]ip route-static 0.0.0.0 0 12.1.1.2
    [R3]ip route-static 0.0.0.0 0 13.1.1.2
    [R4]ip route-static 0.0.0.0 0 14.1.1.2

三、R1-R2之间为HDLC封装

R1和R2连接的串线接口均改为HDLC：

[R1]int s4/0/0
[R1-Serial4/0/0]link-protocol hdlc 
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y

[ISP]int s4/0/0
[ISP-Serial4/0/0]link-protocol hdlc 
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y

四、R2-R3之间为ppp封装，pap认证，R2为主认证方

R2和R3默认均为ppp封装，R2为主认证方，R3为被认证方：

    [ISP]aaa
    [ISP-aaa]local-user r3 password cipher 123456
    [ISP-aaa]local-user r3 service-type ppp 

    [ISP]int s4/0/1
    [ISP-Serial4/0/1]ppp authentication-mode pap 

    [r3]int s4/0/0
    [r3-Serial4/0/0]ppp pap local-user r3 password cipher 123456

五、R2-R4之间为ppp封装，chap认证，R2为主认证方。

R2和R4默认均为ppp封装，R2为主认证方，R4为被认证方：

    [ISP]aaa
    [ISP-aaa]local-user r4 password cipher 123456
    [ISP-aaa]local-user r4 service-type ppp 

    [ISP]int s3/0/0
    [ISP-Serial3/0/0]ppp authentication-mode chap 

    [r4]int s4/0/0
    [r4-Serial4/0/0]ppp chap local-user r4 password cipher 123456

六、R1、R2、R3构建MGRE环境，仅R1IP地址固定

R1作为中心站点：

    [R1]int t0/0/0
    [R1-Tunnel0/0/0]ip address 192.168.4.1 255.255.255.0 
    [R1-Tunnel0/0/0]tunnel-protocol gre p2mp
    [R1-Tunnel0/0/0]source 12.1.1.1
    [R1-Tunnel0/0/0]nhrp entry multicast dynamic
    [R1-Tunnel0/0/0]nhrp network-id 100

R3和R4作为分支站点：

    [R3]int t0/0/0
    [R3-Tunnel0/0/0]ip address 192.168.4.2 255.255.255.0 
    [R3-Tunnel0/0/0]tunnel-protocol gre p2mp
    [R3-Tunnel0/0/0]source Serial4/0/0
    [R3-Tunnel0/0/0]nhrp entry 192.168.4.1 12.1.1.1 register
    [R3-Tunnel0/0/0]nhrp network-id 100

    [R4]int t0/0/0
    [R4-Tunnel0/0/0]
    [R4-Tunnel0/0/0]ip address 192.168.4.3 255.255.255.0 
    [R4-Tunnel0/0/0]tunnel-protocol gre p2mp
    [R4-Tunnel0/0/0]source Serial4/0/0
    [R4-Tunnel0/0/0]nhrp entry 192.168.4.1 12.1.1.1 register
    [R4-Tunnel0/0/0]nhrp network-id 100

此时R1作为中心站的map：

此时4.0网段内可以互通。

七、RIP路由

R1、R3、R4均开启RIP协议，使得1.0，2.0，3.0网段可以互通。

    [R1]rip
    [R1-rip-1]version 2
    [R1-rip-1]network 192.168.1.0
    [R1-rip-1]network 192.168.4.0

    [R3]rip
    [R3-rip-1]version 2
    [R3-rip-1]network 192.168.2.0
    [R3-rip-1]network 192.168.4.0

    [R4]rip
    [R4-rip-1]version 2
    [R4-rip-1]network 192.168.3.0
    [R4-rip-1]network 192.168.4.0

R1关闭水平分割

    [r1-Tunnel0/0/0]undo rip split-horizon  

此时三台PC均可相互ping通

R2开启RIP协议宣告环回接口

    [ISP]rip
    [ISP-rip-1]version 2
    [ISP-rip-1]network 192.168.10.0

八、R1，R3，R4各路由器公网接口配置nat

    [R1]acl 2000
    [R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255 
    
    [R1]int s4/0/0
    [R1-Serial4/0/0]nat outbound 2000

    [R3]acl 2000
    [R3-acl-basic-2000]rule 5 permit source 192.168.2.0 0.0.0.255 
    
    [R3]int s4/0/0
    [R3-Serial4/0/0]nat outbound 2000

    [R4]acl 2000
    [R4-acl-basic-2000]rule 5 permit source 192.168.3.0 0.0.0.255 
    
    [R4]int s4/0/0
    [R4-Serial4/0/0]nat outbound 2000

此时三台PC均可均可ping通R2环回接口192.168.10.1