配置路由器、PC的IP地址及R5的环回

R1

[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[R1-GigabitEthernet0/0/0]int s 4/0/0
[R1-Serial4/0/0]ip add 15.0.0.1 24

R2

[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.2.254 24
[R2-GigabitEthernet0/0/0]int s 4/0/0
[R2-Serial4/0/0]ip add 25.0.0.1 24

 R3

[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.3.254 24
[R3-GigabitEthernet0/0/0]int s 4/0/0
[R3-Serial4/0/0]ip add 35.0.0.1 24

 R4

[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip add 45.0.0.1 24
[R4-GigabitEthernet0/0/0]int g 0/0/1
[R4-GigabitEthernet0/0/1]ip add 192.168.4.254 24

 R5

[R5]int s 3/0/0
[R5-Serial3/0/0]ip add 15.0.0.2 24
[R5-Serial3/0/0]int s 3/0/1
[R5-Serial3/0/1]ip add 25.0.0.2 24
[R5-Serial3/0/1]int s 4/0/0
[R5-Serial4/0/0]ip add 35.0.0.2 24
[R5-Serial4/0/0]int g 0/0/0
[R5-GigabitEthernet0/0/0]ip add 45.0.0.2 24
[R5-GigabitEthernet0/0/0]int l 0
[R5-LoopBack0]ip add 5.5.5.5 24

查看接口IP地址

[R5]display ip interface brief 

 2. PAP认证

主认证方R5配置：
[R5-aaa]local-user admin password cipher 123456
[R5-aaa]local-user admin service-type ppp
[R5-aaa]int s 3/0/0
[R5-Serial3/0/0]ppp authentication-mode pap
被认证方R1配置
[R1-Serial4/0/0]ppp pap local-user admin password cipher 123456

测试

 3. CHAP认证

主认证方R5配置【类似PAP】
[R5]aaa
[R5-aaa]local-user admin2 password cipher 123456
[R5-aaa]local-user admin2 service-type ppp
[R5-aaa]int s 3/0/1
[R5-Serial3/0/1]ppp authentication-mode chap
被认证方R2配置
[R2]int s 4/0/0
[R2-Serial4/0/0]ppp chap user admin2
[R2-Serial4/0/0]ppp chap password cipher 123456

测试

R2 ping R5

4. HDLC协议封装

[R3-Serial4/0/0]link-protocol hdlc

[R5-Serial4/0/0]link-protocol hdlc 

测试

R3 ping R5

5. 配置GRE环境 

[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip add 192.168.5.1 24 
[R1-Tunnel0/0/0]tunnel-protocol gre
[R1-Tunnel0/0/0]source 15.0.0.1
[R1-Tunnel0/0/0]destination 45.0.0.1

[R4]int Tunnel 0/0/0
[R4-Tunnel0/0/0]ip add 192.168.5.4 24
[R4-Tunnel0/0/0]tunnel-protocol gre
[R4-Tunnel0/0/0]source 45.0.0.1
[R4-Tunnel0/0/0]destination 15.0.0.1

6. 配置MGRE环境

中心R1配置
[R1]int t 0/0/1
[R1-Tunnel0/0/1]ip add 192.168.6.1 24	
[R1-Tunnel0/0/1]tunnel-protocol gre p2mp
[R1-Tunnel0/0/1]source 15.0.0.1
[R1-Tunnel0/0/1]nhrp network-id 100

分支R2配置
[R2]int t 0/0/1
[R2-Tunnel0/0/1]ip add 192.168.6.2 24
[R2-Tunnel0/0/1]tunnel-protocol gre p2mp
[R2-Tunnel0/0/1]source Serial 4/0/0
[R2-Tunnel0/0/1]nhrp network-id 100
[R2-Tunnel0/0/1]nhrp entry 192.168.6.1 15.0.0.1 register

分支R3配置
[R3]int t 0/0/1
[R3-Tunnel0/0/1]ip add 192.168.6.3 24	
[R3-Tunnel0/0/1]tunnel-protocol gre p2mp 
[R3-Tunnel0/0/1]source s 4/0/0
[R3-Tunnel0/0/1]nhrp network-id 100
[R3-Tunnel0/0/1]nhrp entry 192.168.6.1 15.0.0.1 register 

7. 开启RIP动态路由协议

[R1]ip route-static 0.0.0.0 0 15.0.0.2
[R1]rip 1
[R1-rip-1]v 2
[R1-rip-1]undo summary 
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 192.168.5.0
[R1-rip-1]network 192.168.6.0

[R2]ip route-static 0.0.0.0 0 25.0.0.2
[R2]rip 1
[R2-rip-1]v 2
[R2-rip-1]undo summary 
[R2-rip-1]network 192.168.2.0	
[R2-rip-1]network 192.168.6.0

[R3]ip route-static 0.0.0.0 0 35.0.0.2
[R3]rip 1
[R3-rip-1]v 2
[R3-rip-1]undo summary
[R3-rip-1]network 192.168.3.0 
[R3-rip-1]network 192.168.6.0

[R4]ip route-static 0.0.0.0 0 45.0.0.2
[R4]rip 1
[R4-rip-1]v 2
[R4-rip-1]undo summary 
[R4-rip-1]network 192.168.4.0
[R4-rip-1]network 192.168.5.0

对NFS的隧道接口上开启伪广播配置

[R1-Tunnel0/0/1]nhrp entry multicast dynamic 

在NFS隧道接口上关闭水平分割

[R1-Tunnel0/0/1]undo rip split-horizon 

测试

GRE：PC1 ping PC4

MGRE：PC1 ping PC2和PC3

8. NAT配置

[R1]acl 2000	
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int Serial 4/0/0
[R1-Serial4/0/0]nat outbound 2000

[R2]acl 2000                  	
[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]int s 4/0/0
[R2-Serial4/0/0]nat outbound 2000

[R3]acl 2000	
[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R3-acl-basic-2000]q
[R3]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000

[R4]acl 2000	
[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]q
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]nat outbound 2000

测试