GRE-MGRE综合实验

 拓扑结构：

 要求

1、R5为网络运营商（ISP），接口IP地址均为公有地址；

2、R1与R5间使用PPP的PAP认证，R5为主认证方；R2与R5间使用PPP的chap认证，R5为主认证方；R3与R5间使用HDLC封装

3、R1/R2/R3构建一个MGRE环境，R1为中心站点；R1/R4间为点到点GRE

4、整个私有网段基于RIP全网可达

5、所有路由器基于环回私有IP地址为源IP时，可以正常访问R5环回

 使用的设备：5台路由器、4台电脑

解决网络拓扑：

1、确定广播域的个数

2、分配网段

3、配置IP地址 （优先配置路由器）

确定广播域的个数

根据拓扑结构图以及要求可知，本拓扑结构一共拥有9个网段，包括4个给定网段，一个环回网段和四个内网网段

分配网段

根据情景知，一家公司总公司在东方向，其他三个分公司分布在其他三个方向

 配置路由器IP地址并开启DHCP服务

AR1：

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]interface GigabitEthernet 0/0/0 
[r1-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[r1-GigabitEthernet0/0/0]
Apr 24 2023 21:19:39-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r1-GigabitEthernet0/0/0]q
[r1]interface Serial 1/0/0
[r1-Serial1/0/0]ip address 15.1.1.1 24
[r1-Serial1/0/0]q
[r1]
Apr 24 2023 21:54:59-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[r1]
[r1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r1]ip pool a
Info: It's successful to create an IP address pool.
[r1-ip-pool-a]network 192.168.1.0 mask 24
[r1-ip-pool-a]gateway-list 192.168.1.254
[r1-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
[r1-ip-pool-a]q
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]dhcp select global 
[r1-GigabitEthernet0/0/0]q
[r1]

AR2：

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.2.254 24
[r2-GigabitEthernet0/0/0]
Apr 24 2023 21:51:39-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r2-GigabitEthernet0/0/0]q
[r2]interface Serial 1/0/0
[r2-Serial1/0/0]ip address 25.1.1.1 24
[r2-Serial1/0/0]q 
[r2]
Apr 24 2023 21:55:20-08:00 r2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[r2]
[r2]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r2]ip pool b
Info: It's successful to create an IP address pool.
[r2-ip-pool-b]network 192.168.2.0 mask 24
[r2-ip-pool-b]gateway-list 192.168.2.254
[r2-ip-pool-b]dns-list 114.114.114.114 8.8.8.8
[r2-ip-pool-b]q
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]dhcp select global 
[r2-GigabitEthernet0/0/0]q
[r2]

AR3：

<Huawei>system 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r3
[r3]interface GigabitEthernet 0/0/0 
[r3-GigabitEthernet0/0/0]ip address 192.168.3.254 24
[r3-GigabitEthernet0/0/0]
Apr 24 2023 21:52:43-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r3-GigabitEthernet0/0/0]q
[r3]interface Serial 1/0/0
[r3-Serial1/0/0]ip address 35.1.1.1 24
[r3-Serial1/0/0]q
[r3]  
Apr 24 2023 21:55:35-08:00 r3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[r3]
[r3]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r3]ip pool c
Info: It's successful to create an IP address pool.
[r3-ip-pool-c]network 192.168.3.0 mask 24
[r3-ip-pool-c]gateway-list 192.168.3.254
[r3-ip-pool-c]dns-list 114.114.114.114 8.8.8.8
[r3-ip-pool-c]q
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]dhcp select global 
[r3-GigabitEthernet0/0/0]q
[r3]

AR4：

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.4.254 24
[r4-GigabitEthernet0/0/0]
Apr 24 2023 21:53:47-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip address 45.1.1.1 24
Apr 24 2023 21:54:14-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r4-GigabitEthernet0/0/1]q
[r4]
[r4]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r4]ip pool d
Info: It's successful to create an IP address pool.
[r4-ip-pool-d]network 192.168.4.0 mask 24
[r4-ip-pool-d]gateway-list 192.168.4.254
[r4-ip-pool-d]dns-list 114.114.114.114 8.8.8.8
[r4-ip-pool-d]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]dhcp select global 
[r4-GigabitEthernet0/0/0]q
[r4]

AR5：

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname isp      
[isp]interface Serial 1/0/0
[isp-Serial1/0/0]ip address 15.1.1.2 24
[isp-Serial1/0/0]
Apr 24 2023 22:07:51-08:00 isp %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[isp-Serial1/0/0]q
[isp]interface Serial 1/0/1
[isp-Serial1/0/1]ip address 25.1.1.2 24
[isp-Serial1/0/1]
Apr 24 2023 22:08:12-08:00 isp %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Serial1/0/1 has entered the UP state. 
[isp-Serial1/0/1]q
[isp]interface Serial 2/0/0
[isp-Serial2/0/0]ip address 35.1.1.2 24
[isp-Serial2/0/0]
Apr 24 2023 22:08:35-08:00 isp %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP IPCP on the interface Serial2/0/0 has entered the UP state. 
[isp-Serial2/0/0]q
[isp]interface GigabitEthernet 0/0/0
[isp-GigabitEthernet0/0/0]ip address 45.1.1.2 24
Apr 24 2023 22:09:08-08:00 isp %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[isp-GigabitEthernet0/0/0]q
[isp]
[isp]interface LoopBack 0
[isp-LoopBack0]ip address 3.3.3.3 24
[isp-LoopBack0]q
[isp]

接口之间做认证

1、R1与R5间使用PPP的PAP认证，R5为主认证方

​AR5：

[isp]aaa
[isp-aaa]local-user apple privilege level 15 password cipher 123456
Info: Add a new user.
[isp-aaa]local-user apple service-type ppp
[isp-aaa]q
[isp]interface Serial 1/0/0
[isp-Serial1/0/0]link-protocol ppp
[isp-Serial1/0/0]ppp authentication-mode pap 
[isp-Serial1/0/0]q
[isp]

AR1：

[r1]interface Serial 1/0/0
[r1-Serial1/0/0]link-protocol ppp
[r1-Serial1/0/0]ppp pap local-user apple password cipher 123456
[r1-Serial1/0/0]q
[r1]

2、R2与R5间使用PPP的chap认证，R5为主认证方

AR5：

[isp]aaa
[isp-aaa]local-user banana privilege level 15 password cipher 123456
Info: Add a new user.
[isp-aaa]local-user banana service-type ppp
[isp-aaa]q
[isp]interface Serial 1/0/1
[isp-Serial1/0/1]link-protocol ppp
[isp-Serial1/0/1]ppp authentication-mode chap
[isp-Serial1/0/1]q
[isp]

AR2：

[r2]interface Serial 1/0/0
[r2-Serial1/0/0]link-protocol ppp
[r2-Serial1/0/0]ppp chap user banana
[r2-Serial1/0/0]ppp chap password cipher 123456
[r2-Serial1/0/0]q
[r2]

3、R3与R5间使用HDLC封装

AR3:
[r3]interface Serial 1/0/0
[r3-Serial1/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y



AR5:
[isp]interface Serial 2/0/0
[isp-Serial2/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y

点到点GRE部分配置：

AR1：

[r1]interface Tunnel 0/0/1
[r1-Tunnel0/0/1]ip address 10.1.1.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre 
[r1-Tunnel0/0/1]source 15.1.1.1
[r1-Tunnel0/0/1]destination 45.1.1.1
[r1-Tunnel0/0/1]q
[r1]

AR4：

[r4]interface Tunnel 0/0/0
[r4-Tunnel0/0/1]ip address 10.1.1.2 24
[r4-Tunnel0/0/1]tunnel-protocol gre 
[r4-Tunnel0/0/1]source 45.1.1.1
[r4-Tunnel0/0/1]destination 15.1.1.1
[r4-Tunnel0/0/1]q
[r4]

注：敲目标IP地址时，一定要看清是destination（目的），而不是description（描述）

配置MGRE部分

AR1：中心站点

[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.2.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r1-Tunnel0/0/0]source 15.1.1.1
Apr 25 2023 19:59:48-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 
[r1-Tunnel0/0/0]nhrp network-id 100
[r1-Tunnel0/0/0]q
[r1]

AR2：

[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]ip address 10.1.2.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r2-Tunnel0/0/0]source Serial 1/0/0
Apr 25 2023 20:01:17-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register 
[r2-Tunnel0/0/0]q
[r2]

AR3：

[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip address 10.1.2.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source Serial 1/0/0
Apr 25 2023 20:02:20-08:00 r3 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register 
[r3-Tunnel0/0/0]q
[r3]

配置了GRE和MGRE之后，真实的拓扑结构

 然后R1~R4的每一个路由器上都写上一条指向R5的静态缺省路由

[r1]ip route-static 0.0.0.0 0 15.1.1.2
[r2]ip route-static 0.0.0.0 0 25.1.1.2
[r3]ip route-static 0.0.0.0 0 35.1.1.2
[r4]ip route-static 0.0.0.0 0 45.1.1.2

此时配置了GRE和MGRE的设备可以相互通信

配置RIP动态路由协议

AR1：

[r1]rip 1
[r1-rip-1]version 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 10.0.0.0
[r1-rip-1]silent-interface GigabitEthernet 0/0/0
[r1-rip-1]q
[r1]
[r1]interface Tunnel 0/0/1
[r1-Tunnel0/0/1]rip authentication-mode md5 usual cipher 123456
[r1-Tunnel0/0/1]q
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r1-Tunnel0/0/0]q
[r1]

AR2：

[r2]rip 1
[r2-rip-1]version 2
[r2-rip-1]network 192.168.2.0 
[r2-rip-1]network 10.0.0.0
[r2-rip-1]silent-interface GigabitEthernet 0/0/0
[r2-rip-1]q
[r2]
[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r2-Tunnel0/0/0]q
[r2]

AR3：

[r3]rip 1
[r3-rip-1]version 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 10.0.0.0
[r3-rip-1]silent-interface GigabitEthernet 0/0/0
[r3-rip-1]q
[r3]
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r3-Tunnel0/0/0]q
[r3]

AR4：

[r4]rip 1
[r4-rip-1]version 2
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 10.0.0.0
[r4-rip-1]silent-interface GigabitEthernet 0/0/0
[r4-rip-1]q
[r4]
[r4]interface Tunnel 0/0/0
[r4-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r4-Tunnel0/0/0]q
[r4]

配置rip动态路由协议，并且配置沉默接口，配置认证，保证更新安全

配置之后，四个电脑可以正常相互访问

 配置ACL访问控制列表

AR1：

[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]interface Serial 1/0/0 
[r1-Serial1/0/0]nat outbound 2000    
[r1-Serial1/0/0]q
[r1]

AR2：

[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]interface Serial 1/0/0
[r2-Serial1/0/0]nat outbound 2000
[r2-Serial1/0/0]q
[r2]

AR3：

[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[r3-acl-basic-2000]q
[r3]interface Serial 1/0/0
[r3-Serial1/0/0]nat outbound 2000
[r3-Serial1/0/0]q
[r3]

AR4：

[r4]acl 2000
[r4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[r4-acl-basic-2000]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]nat outbound 2000
[r4-GigabitEthernet0/0/1]q
[r4]

配置完后，PC1~PC4都可以访问R5的环回3.3.3.3

 

 实验到此为止，就完成了 ，要求也是全部完成。