HCIP-Day2（MGRE实验）

实验要求具体如下：
1、R5为lSP，只能进行ip地址配置;其所有接口配置为公有ip地址
2、R1与R5间使用PPP的PAP认证，R5为主认证方;R2与R5间使用PPP的chap认证，R5为主认证方;R3与R5间使用HDLC封装
3、R1/2/3构建一个MGRE环境，R1为中心站点;R1/4间为点到点GRE
4、整个私有网络基于RIP全网可达
5、所有路由骤真干不同私有地址为源ip时，可以正常访问R5环回

一、拓扑搭建

二、配置IP

采用DHCP自动获取IP
以下以R1为例

[r1]dhcp enable
[r1]ip pool r1
[r1-ip-pool-r1]gateway-list 192.168.1.254
[r1-ip-pool-r1]network 192.168.1.0 mask 255.255.255.0
[r1-ip-pool-r1]dns-list 6.6.6.6
[r1-ip-pool-r1]int e0/0/0
[r1-Ethernet0/0/0]dhcp select global 
[r1-Ethernet0/0/0]ip address 192.168.1.2 24

按以上方法配置完R2,R3,R4

三、配置R1与R5间使用PPP的PAP认证，R5为主认证方

1、于R5上创建一个用户，用于PPP认证

[r5-aaa]local-user hhh password cipher 0615
[r5-aaa]local-user hhh service-type ppp
[r5-aaa]int s0/0/0
[r5-Serial0/0/0]ppp authentication-mode pap

2、在R1上发送请求

[r1]int s0/0/0
[r1-Serial0/0/0]ppp pap local-user hhh password cipher 0615

四、R2与R5间使用PPP的chap认证，R5为主认证方

R5

[r5-Serial0/0/1]ppp authentication-mode chap

在R2上进行请求

[r2-Serial0/0/0]ppp chap password cipher 0615

五、R3与R5间使用HDLC封装

只需要修改接口封装类型
R5

[r5]int s0/0/3
[r5-Serial0/0/3]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. 
Continue? [Y/N]:y

R3

[r3]int s0/0/0
[r3-Serial0/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. 
Continue? [Y/N]:y

六、缺省路由配置

[r1]ip route-static 0.0.0.0 0 14.1.1.1
[r2]ip route-static 0.0.0.0 0 24.1.1.2
[r3]ip route-static 0.0.0.0 0 34.1.1.2
[r4]ip route-static 0.0.0.0 0 44.1.1.2

七、NAT配置

R1

[r1]ACL 2000
[r1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[r1]int s0/0/0
[r1-Serial0/0/0]nat outbound 2000
[r1-Serial0/0/0]dis nat out

R2

[r2]ACL 2000
[r2-acl-basic-2000]rule 5 permit source 192.168.2.0 0.0.0.255
[r2]INT s0/0/0
[r2-Serial0/0/0]nat outbound 2000
[r2-Serial0/0/0]dis nat out

R3

[r3]acl 2000
[r3-acl-basic-2000]rule 5 permit source 192.168.3.0 0.0.0.255
[r3]int s0/0/0
[r3-Serial0/0/0]nat outbound 2000
[r3-Serial0/0/0]dis nat out

R4

[r4]acl 2000
[r4-acl-basic-2000]rule 5 permit source 192.168.4.0 0.0.0.255
[r4]int s0/0/0
[r4-Serial0/0/0]nat outbound 2000
[r4-Serial0/0/0]dis nat out

八、R1/R2/R3构建一个MGRE环境，R1为中心站点

R1

[r1-Tunnel0/0/0]ip add 10.1.1.1 255.255.255.0
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 14.1.1.1
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 
[r1-Tunnel0/0/0]nhrp network-id 100
[r1-Tunnel0/0/0]dis nhrp peer all

R2

[r2]int t0/0/0
[r2-Tunnel0/0/0]ip add 10.1.1.2 255.255.255.0
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source s0/0/0
[r2-Tunnel0/0/0]nhrp entry 10.1.1.1 14.1.1.1 re

R3

[r3]interface Tunnel0/0/0
[r3-Tunnel0/0/0]ip address 10.1.1.3 255.255.255.0 
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial0/0/0
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 14.1.1.1 reg

九、R1/R4间为点到点GRE

R1

[r1]int Tunnel 0/0/1
[r1-Tunnel0/0/1]ip address 10.2.2.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]source 14.1.1.1
[r1-Tunnel0/0/1]destination 44.1.1.2

R4

[r4]int Tunnel 0/0/1
[r4-Tunnel0/0/1]ip address 10.2.2.2 24
[r4-Tunnel0/0/1]tunnel-protocol gre
[r4-Tunnel0/0/1]source 44.1.1.2
[r4-Tunnel0/0/1]destination 14.1.1.1

十、整个私有网络基于RIP全网可达

R1

[r1]rip 1 
[r1-rip-1]ver 2 
[r1-rip-1]net 192.168.1.0 
[r1-rip-1]net 10.0.0.0 

R2

[r2]rip 1 
[r2-rip-1]version 2 
[r2-rip-1]network 192.168.2.0 
[r2-rip-1]network 10.0.0.0 

R3

[r3]rip 1 
[r3-rip-1]version 2 
[r3-rip-1]network 192.168.3.0 
[r3-rip-1]network 10.0.0.0 

R4

[r4]rip 1 
[r4-rip-1]version 2 
[r4-rip-1]network 192.168.4.0 
[r4-rip-1]network 10.0.0.0

十一、水平分割

[r1-Tunnel0/0/0]undo rip split-horizon