2. 科技
    3. MGRE+GRE简单配置实践

    MGRE+GRE简单配置实践

    科技2022-08-13  90

    要求:

    R5为ISP,只能进行IP地址配置;其所有接口配置为公有IP地址R1与R5之间使用PPP的pap认证,R5为主认证方;R2与R5之间使用PPP的chap认证,R5为主认证方;R3和R5之间用HDLC封装R1,R2,R3构建为一个MGRE环境,R1为中心站点;R1和R4之间为点到点GRE整个私有网络基于RIP可达所有路由器连接的PC均可访问R5的环回

    拓扑

    配置

    R5和R1之间使用PAP认证: R5

    <Huawei>sys [Huawei]sysname isp [isp]int LoopBack 0 [isp-LoopBack0]ip add 5.5.5.5 24 [isp-LoopBack0]qu [isp]aaa [isp-aaa]local-user zjn password cipher 123456 Info: Add a new user. [isp-aaa]local-user zjn service-type ppp [isp-aaa]qu [isp]int s3/0/0 [isp-Serial3/0/0]ppp authentication-mode pap [isp-Serial3/0/0]ip add 15.1.1.2 24

    R1

    <Huawei>sys [Huawei]sysname R1 [R1]int s4/0/1 [R1-Serial4/0/1]ip add 15.1.1.1 24 [R1-Serial4/0/1]ppp [R1-Serial4/0/1]ppp pap local-user zjn password cipher 123456 注:如果两端口不可ping通,记得关开端口一次,让端口进行一次状态更新,具体操作为: [R1]int s4/0/1 [R1-Serial4/0/1]shutdown [R1-Serial4/0/1]un shutdown

    R5和R2之间使用CHAP认证

    R5

    [isp]int s3/0/1 [isp-Serial3/0/1]ip add 25.1.1.2 24 [isp-Serial3/0/1]aaa [isp-aaa]local-user zjn service [isp-aaa]local-user zjn service-type ppp [isp-aaa]int s3/0/1 [isp-Serial3/0/1]link-protocol ppp [isp-Serial3/0/1]ppp authentication-mode chap

    R2

    <Huawei>sys [Huawei]sysname R2 [R2]int s4/0/1 [R2-Serial4/0/1]ip add 25.1.1.1 25 [R2]int s4/0/1 [R2-Serial4/0/1]link-protocol ppp [R2-Serial4/0/1]ppp chap user zjn [R2-Serial4/0/1]ppp chap password cipher 123456

    R3和R5之间用HDLC封装 R5

    [isp]int s4/0/0 [isp-Serial4/0/0]ip add 35.1.1.2 24 [isp-Serial4/0/0]link-protocol hdlc

    R3

    <Huawei>sys [Huawei]sysname R3 [R3]int s4/0/1 [R3-Serial4/0/1]ip add 35.1.1.1 24 [R3-Serial4/0/1]link-protocol hdlc Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N] :Y

    R5

    [isp]int g0/0/0 [isp-GigabitEthernet0/0/0]ip add 45.1.1.2 24

    R4

    <Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sysname R4 [R4]int g0/0/0 [R4-GigabitEthernet0/0/0]ip add 45.1.1.1 24

    配置缺省路由

    [R1]ip route-static 0.0.0.0 0 15.1.1.2 [R2]ip route-static 0.0.0.0 0 25.1.1.2 [R3]ip route-static 0.0.0.0 0 35.1.1.2 [R4]ip route-static 0.0.0.0 0 45.1.1.2

    以上完成公网连接端口的配置 R1,R2,R3构建MGRE环境 R1

    [R1]int Tunnel 0/0/0 [R1-Tunnel0/0/0]ip add 10.1.1.1 24 [R1-Tunnel0/0/0]tunnel-protocol gre p2mp [R1-Tunnel0/0/0]source 15.1.1.1 [R1-Tunnel0/0/0]nhrp entry multicast dynamic [R1-Tunnel0/0/0]nhrp network-id 100

    R2

    [R2]int Tunnel 0/0/0 [R2-Tunnel0/0/0]ip add 10.1.1.2 24 [R2-Tunnel0/0/0]tunnel-protocol gre p2mp [R2-Tunnel0/0/0]source s4/0/1 [R2-Tunnel0/0/0]nhrp network-id 100 [R2-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register

    R3

    [R3]int Tunnel 0/0/0 [R3-Tunnel0/0/0]ip add 10.1.1.3 24 [R3-Tunnel0/0/0]tunnel-protocol gre p2mp [R3-Tunnel0/0/0]source s4/0/1 [R3-Tunnel0/0/0]nhrp network-id 100 [R3-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register

    R1和R$构建GRE环境 R1

    [R1]int Tunnel 0/0/1 [R1-Tunnel0/0/1]ip add 10.1.2.1 24 [R1-Tunnel0/0/1]tunnel-protocol gre [R1-Tunnel0/0/1]source 15.1.1.1 [R1-Tunnel0/0/1]destination 45.1.1.1

    R4

    [R4]int Tunnel 0/0/1 [R4-Tunnel0/0/1]ip add 10.1.2.2 24 [R4-Tunnel0/0/1]tunnel-protocol gre [R4-Tunnel0/0/1]source 45.1.1.1 [R4-Tunnel0/0/1]destination 15.1.1.1

    私网配置

    [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24 [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 192.168.2.1 24 [R3]int g0/0/0 [R3-GigabitEthernet0/0/0]ip add 192.168.3.1 24 [R4-Tunnel0/0/1]int g0/0/1 [R4-GigabitEthernet0/0/1]ip add 192.168.4.1 24

    RIP配置

    [R1]rip 1 [R1-rip-1]verify-source //RIP在接收报文时将对源地址进行检查,即检查发送报文的接口IP地址与接收报文接口的IP地址是否在同一网段。如果没有通过检查,则该RIP报文将不被设备处理。 [R1-rip-1]version 2 [R1-rip-1]un summary [R1-rip-1]network 192.168.1.0 [R1-rip-1]network 10.0.0.0 [R2]rip 1 [R2-rip-1]verify-source [R2-rip-1]version 2 [R2-rip-1]un summary [R2-rip-1]network 192.168.2.0 [R2-rip-1]network 10.0.0.0 [R3]rip 1 [R3-rip-1]verify-source [R3-rip-1]version 2 [R3-rip-1]un summary [R3-rip-1]network 192.168.3.0 [R3-rip-1]network 10.0.0.0 [R4]rip 1 [R4-rip-1]verify-source [R4-rip-1]version 2 [R4-rip-1]un summary [R4-rip-1]network 192.168.4.0 [R4-rip-1]network 10.0.0.0 [R1]int Tunnel 0/0/0 [R1-Tunnel0/0/0]undo rip split-horizon [R1]acl 2000 [R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 [R1-acl-basic-2000]int s4/0/1 [R1-Serial4/0/1]nat outbound 2000 [R2]acl 2000 [R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255 [R2-acl-basic-2000]int s4/0/1 [R2-Serial4/0/1]nat outbound 2000 [R3]acl 2000 [R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255 [R3-acl-basic-2000]int s4/0/1 [R3-Serial4/0/1]nat outbound 2000 [R4]acl 2000 [R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255 [R4-acl-basic-2000]int g0/0/0 [R4-GigabitEthernet0/0/0]nat outbound 2000

    最后不要忘记配置IP

    实验结果

    Processed: 0.018, SQL: 9