第一步:给R1,R2,R3,R4配IP
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[R1-Serial4/0/0]ip address 15.0.0.1 24
[R2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[R2-Serial4/0/0]ip address 25.0.0.1 24
[R3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[R3-Serial4/0/0]ip address 35.0.0.1 24
[R4-GigabitEthernet0/0/0]ip address 192.168.4.1 24
第二步:认证配置
给R1和R5间使用PPP的PAP认证;
ISP设密码
[ISP-aaa]local-user huawei password cipher 123456
定义服务对象:
[ISP-aaa]local-user huawei service-type ppp
[ISP-Serial3/0/0]ppp authentication-mode pap、
重新协商链路:
[R1-Serial4/0/0]shutdown
[R1-Serial4/0/0]undo shutdown
协议层面(protocol)是down就密码和账号就建立成功了
s 40/0/0认证成功
补全认证
[R1-Serial4/0/0]ppp pap local-user huawei password cipher 12345
[R1-Serial4/0/0]shutdown
[R1-Serial4/0/0]undo shutdown
s 4/0/0 都up,认证成功。
R2与R5之间使用PPP的chap认证,R5为主认证方:
[R2-Serial4/0/0]ppp chap user huawei 创建账号
[R2-Serial4/0/0]ppp chap password cipher 123456 设密码
[R1-Serial4/0/0]shutdown
[R1-Serial4/0/0]undo shutdown 认证
都up,认证成功
R3与R5之间使用HDLC封装
[ISP-Serial4/0/0]link-protocol hdlc
第三步:构建MGRE环境
配置静态路由
[R1]ip route-static 0.0.0.0 0 15.0.0.2
[R2]ip route-static 0.0.0.0 0 25.0.0.2
[R3]ip route-static 0.0.0.0 0 35.0.0.2
[R4]ip route-static 0.0.0.0 0 45.0.0.2
建立隧道
[R1]int t0/0/0
[R1-Tunnel0/0/0]ip address 192.168.5.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp[R1-Tunnel0/0/0]shutdown
[R1-Tunnel0/0/0]source 15.0.0.1
[R1-Tunnel0/0/0]nhrp network-id 100[R2]int t0/0/0
[R2-Tunnel0/0/0]ip address 192.168.5.2 24
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp[R2-Tunnel0/0/0]shutdown
[R2-Tunnel0/0/0]source s4/0/0
[R2-Tunnel0/0/0]nhrp network-id 100[R2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
[R3]int t0/0/0
[R3-Tunnel0/0/0]ip address 192.168.5.3 24
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]shutdown
[R3-Tunnel0/0/0]source s4/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register
[R1-Tunnel0/0/0]int t0/0/1
[R1-Tunnel0/0/1]ip address 192.168.6.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre
[R1-Tunnel0/0/1]shutdown
[R1-Tunnel0/0/1]source 15.0.0.1
[R1-Tunnel0/0/1]description 45.0.0.1
[R4]int t0/0/0
[R4-Tunnel0/0/0]ip address 192.168.6.2 24
[R4-Tunnel0/0/0]tunnel-protocol gre
[R4-Tunnel0/0/0]shutdown
[R4-Tunnel0/0/0]source 45.0.0.1
[R4-Tunnel0/0/0]description 15.0.0.1
第四步:rip全网可达
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]ne 192.168.1.0
[R1-rip-1]ne 192.168.5.0
[R1-rip-1]ne 192.168.6.0
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]network 192.168.5.0
[R2-rip-1]network 192.168.2.0[R3]rip
[R3-rip-1]verify-source
[R3-rip-1]version 2
[R3-rip-1]network 192.168.3.0
[R3-rip-1]network 192.168.5.0[R4]rip
[R4-rip-1]version 2
[R4-rip-1]network 192.168.4.0[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]undo rip split-horizon
第五步:可访问R5环回
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255[R1]int s4/0/0
[R1-Serial4/0/0]nat out
[R1-Serial4/0/0]nat outbound 2000