思维导图

综合实验

配置IP地址

R1：

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24

[R1-GigabitEthernet0/0/0]int s3/0/0

[R1-Serial3/0/0]ip add 15.1.1.1 24

R2:

[R2]int g 0/0/0

[R2-GigabitEthernet0/0/0]ip ad 192.168.2.2 24

[R2-GigabitEthernet0/0/0]int s 4/0/0

[R2-Serial4/0/0]ip add 25.1.1.2 24

R3:

[R3]int g0/0/0

[R3-GigabitEthernet0/0/0]ip add 192.168.3.1 24

[R3-GigabitEthernet0/0/0]int s3/0/0

[R3-Serial3/0/0]ip add 35.1.1.3 24

R4:

[R4]int g0/0/1

[R4-GigabitEthernet0/0/1]ip add 192.168.4.1 24

[R4-GigabitEthernet0/0/1]int g0/0/0

[R4-GigabitEthernet0/0/0]ip add 45.1.1.4 24

R5:

[R5]int g 0/0/0

[R5-GigabitEthernet0/0/0]ip add 45.1.1.5 24

[R5-GigabitEthernet0/0/0]int s3/0/0

[R5-Serial3/0/0]ip add 15.1.1.5 24

[R5-Serial3/0/0]int s3/0/1

[R5-Serial3/0/1]ip add 25.1.1.5 24

[R5-Serial3/0/1]int s 4/0/0

[R5-Serial4/0/0]ip add 35.1.1.5 24

[R5]int l0

[R5-LoopBack0]ip add 5.5.5.5 24

R1和R5间使用ppp的pap认证，R5为主认证方；

R5:

[R5]aaa

[R5-aaa]local-user chenlilin password cipher cll12345

Info: Add a new user.

[R5-aaa]local-user chenlilin service-type ppp

[R5-aaa]int s 3/0/0

[R5-Serial3/0/0]ppp authentication-mode pap

R1:

[R1]int s 3/0/0

[R1-Serial3/0/0]ppp chap user chenlilin

[R1-Serial3/0/0]ppp chap password cipher cll12345

R2与R5之间使用ppp的CHAP认证，R5为主认证方；

R5:

[R5]int s 3/0/1

[R5-Serial3/0/1]ppp authentication-mode chap

R2:

[R2]int s 4/0/0

[R2-Serial4/0/0]ppp chap user chenlilin

[R2-Serial4/0/0]ppp chap password cipher cll12345

R3和R5之间使用HDLC封装；

R5:

[R5-Serial4/0/0]link-protocol hdlc

Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]

:y

R3:

[R3-Serial3/0/0]link-protocol hdlc

Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]

:y

R1,R2,R3构建一个MGRE环境，R1为中心站点，R1,R4间为点到点的GRE

搞通公网

[R1]ip route-static 0.0.0.0 0 15.1.1.5

[R2]ip route-static 0.0.0.0 0 25.1.1.5

[R3]ip route-static 0.0.0.0 0 35.1.1.5

[R4]ip route-static 0.0.0.0 0 45.1.1.5

配置总部与分部之间的隧道-MGRE VPN

R1

[R1]int t 0/0/0

[R1-Tunnel0/0/0]ip add 10.1.2.1 24  

[R1-Tunnel0/0/0]tunnel-protocol gre p2mp

[R1-Tunnel0/0/0]source 15.1.1.1

R2

[R2]int t0/0/0

[R2-Tunnel0/0/0]ip add 10.1.2.2 24

[R2-Tunnel0/0/0]tunnel-protocol gre p2mp

[R2-Tunnel0/0/0]source 25.1.1.2

R3

[R3]int t0/0/0

[R3-Tunnel0/0/0]ip add 10.2.1.3 24

[R3-Tunnel0/0/0]tunnel-protocol gre p2mp

[R3-Tunnel0/0/0]source 35.1.1.3

NHRP的配置

主R1：

[R1]int t0/0/0

[R1-Tunnel0/0/0]nhrp network-id 100

R2：

[R2]int t0/0/0

[R2-Tunnel0/0/0]nhrp network-id 100

[R2-Tunnel0/0/0]nhrp entry 10.1.2.2 15.1.1.1 register

R3：

[R3]int t0/0/0

[R3-Tunnel0/0/0]nhrp network-id 100     

[R3-Tunnel0/0/0]nhrp entry 10.1.2.3 15.1.1.1

R1,R4间为点到点的GRE

R1:

[R1]int t0/0/1

[R1-Tunnel0/0/1]ip add 10.1.1.1 24  

[R1-Tunnel0/0/1]tunnel-protocol gre

[R1-Tunnel0/0/1]source 15.1.1.1

[R1-Tunnel0/0/1]destination 45.1.1.4

R4:

[R4]int t0/0/1

[R4-Tunnel0/0/1]ip add 10.1.1.4 24

[R4-Tunnel0/0/1]tunnel-protocol gre

[R4-Tunnel0/0/1]source 45.1.1.4

[R4-Tunnel0/0/1]destination 15.1.1.1

配置RIP路由协议来传递两端私网路由

R1:

[R1]rip 1

[R1-rip-1]v 2

[R1-rip-1]undo summary

[R1-rip-1]network 192.168.1.0  

[R1-rip-1]network 10.0.0.0

R2:

[R2]rip 1

[R2-rip-1]v 2

[R2-rip-1]undo summary

[R2-rip-1]network 192.168.2.0

[R2-rip-1]network 10.0.0.0

R3:

[R3]rip 1

[R3-rip-1]v 2

[R3-rip-1]undo su

[R3-rip-1]undo summary

[R3-rip-1]network 192.168.3.0

[R3-rip-1]network 10.0.0.0

R4:

[R4]rip 1

[R4-rip-1]v 2

[R4-rip-1]undo summary  

[R4-rip-1]network 192.168.4.0

[R4-rip-1]network 10.0.0.0

在中心上开启伪广播，目的：告诉分支站点，中心站点及其他分支站点的私网网段信息，

[R1-Tunnel0/0/0]nhrp entry multicast dynamic

关闭RIP的水平分割机制

[R1-Tunnel0/0/0]undo rip split-horizon

[R2-Tunnel0/0/0]undo rip split-horizon

[R3-Tunnel0/0/0]undo rip split-horizon

全网通

所有PC设置私有IP为源IP，可以访问R5环回，达到全网通

内网转换

R1:

[R1]acl 2000

[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[R1]int s 3/0/0

[R1-Serial3/0/0]nat outbound 2000

R2:

[R2]acl 2000

[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255

[R2-acl-basic-2000]q

[R2]int s 4/0/0

[R2-Serial4/0/0]nat outbound 2000

R3:

[R3]acl 2000

[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255

[R3-acl-basic-2000]q

[R3]int s3/0/0

[R3-Serial3/0/0]nat outbound 2000

R4:

[R4]acl 2000

[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255

[R4-acl-basic-2000]q

[R4]int g0/0/0

[R4-GigabitEthernet0/0/0]nat outbound 2000