目录
实验要求:
先给所有设备配上IP地址,以R1为例
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ip a
[r1-GigabitEthernet0/0/0]ip accounting
[r1-GigabitEthernet0/0/0]ip address 192.16.1.1 24
[r1-Serial4/0/0]ip address 13.1.1.1 24
R1和R5间进行ppp的pap认证,r5为认证方
(1)PAP认证
R5主认证方
[R5]aaa
[R5-aaa]local-user xixi password cipher cisco
[R5-aaa]local-user xixi service-type ppp
[R5-aaa]int s3/0/0
[R5-Serial3/0/0]link-protocol ppp
[R5-Serial3/0/0]ppp authentication-mode pap
R1被认证方
[R1]int s3/0/0
[R1-Serial3/0/0]link-protocol ppp
[R1-Serial3/0/0]ppp pap local-user xixi password cipher cisco
(2)chap认证
R5主认证方
[R5]aaa
[R5-aaa]local-user xixi password cipher cisco
[R5-aaa]local-user xixi service-type ppp
[R5-Serial3/0/0]int s4/0/0
[R5-Serial4/0/0]link-protocol ppp
[R5-Serial4/0/0]ppp authentication-mode chap
R2被认证方
[R2]int s4/0/0
[R2-Serial4/0/0]link-protocol ppp
[R2-Serial4/0/0]ppp chap user xixi
[R2-Serial4/0/0]ppp chap password cipher cisco
3.R3与R5之间使用HDLC封装
[R3]int s3/0/1
[R3-Serial3/0/1]link-protocol hdlc
R1/2/3构建MGRE环境,R1为中心站点
以R1为例
[r1-Tunnel0/0/0]ip address 10.1.1.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 13.1.1.1
[r1-Tunnel0/0/0]nhrp entry multicast dynamic
[r1-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]ip address 10.1.1.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source g0/0/0
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 10.1.1.1 13.1.1.1 register
R1/4使用点到点gre
[r1-Tunnel0/0/0]tunnel-protocol gre
[r1-Tunnel0/0/0]source 13.1.1.1
[r1-Tunnel0/0/0]description 33.1.1.2
缺省路由
[R1]ip route-static 0.0.0.0 0 15.1.1.2
[R2]ip route-static 0.0.0.0 0 25.1.1.2
[R3]ip route-static 0.0.0.0 0 35.1.1.2
[R4]ip route-static 0.0.0.0 0 45.1.1.2
RIP
[r4]rip
[r4-rip-1]version 2
[r4-rip-1]undo summary
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 10.0.0.0
nat
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int s3/0/0
[R1-Serial3/0/0]nat outbound 2000
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]int s4/0/0
[R2-Serial4/0/0]nat outbound 2000
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[R3-acl-basic-2000]q
[R3]int s3/0/1
[R3-Serial3/0/1]nat outbound 2000
[R4]acl 2000
[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]q
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]nat outbound 2000