(1)R5为ISP
(2)R1/R2/R3之间建立MGRE环境
(3)R4与R1/R2/R3的tunnel之间建立EIGRP环境(公网所在R5与其他路由器直连接口不能在EIGRP环境内)
(4)为了保障安全性,R1-R5进行CHAP认证,R5为主认证方
(5)R4可以正常访问R5的loopback
所有路由器配置:
Router>en
Router#conf t
Router(config)#line c 0
Router(config-line)#exec-t 0 0
Router(config-line)#logg sy
Router(config-line)#logg synchronous
Router(config-line)#no ip domain-lo
Router(config)#ho RX(X=1/2/3/4/5,表示路由器的hostname)
R4的loopback 1接口的IPV4地址为:4.4.4.4/32
R1的loopback 1接口的IPV4地址为:1.1.1.1/32
R5的loopback 1接口的IPV4地址为:5.5.5.5/32
R2的loopback 1接口的IPV4地址为:2.2.2.2/32
R3的loopback 1接口的IPV4地址为:3.3.3.3/32
R4-R1的S1/1接口的IPV4地址为:10.1.14.1/24
R1-R4的S1/0接口的IPV4地址为:10.1.14.2/24
R1-R5的S1/1接口的IPV4地址为:10.1.15.1/24
R5-R1的S1/0接口的IPV4地址为:10.1.15.2/24
R5-R2的S1/1接口的IPV4地址为:10.1.25.1/24
R2-R5的S1/0接口的IPV4地址为:10.1.25.2/24
R5-R3的S1/2接口的IPV4地址为:10.1.35.1/24
R3-R5的S1/2接口的IPV4地址为:10.1.35.2/24
IPV4地址配置完成之后,配置ISP环境:
R1(config)#ip route 0.0.0.0 0.0.0.0 10.1.15.2
R2(config)#ip route 0.0.0.0 0.0.0.0 10.1.25.1
R3(config)#ip route 0.0.0.0 0.0.0.0 10.1.35.1
此时R1/R2/R3可以访问R5的loopback 1来验证ISP环境有无问题
然后,在R1/R2/R3上配置MGRE环境:
R1配置
R1(config)#int tunnel 1
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#tunnel source s1/1
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#ip nhrp network-id 100
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#exit
R2配置
R2(config)#int tunnel 1
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#tunnel source s1/0
R2(config-if)#tunnel mode gre multipoint
R2(config-if)#ip nhrp network-id 100
R2(config-if)#ip nhrp nhs 192.168.1.1 nbma 10.1.15.1 multicast
R2(config-if)#exit
R3配置
R3(config)#int tunnel 1
R3(config-if)#ip address 192.168.1.3 255.255.255.0
R3(config-if)#tunnel source s1/2
R3(config-if)#tunnel mode gre multipoint
R3(config-if)#ip nhrp network-id 100
R3(config-if)#ip nhrp nhs 192.168.1.1 nbma 10.1.15.1 multicast
R3(config-if)#exit
配置完成,进行验证:
R2(config)#do ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/23 ms
R3(config)#do ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/19/21 ms
R4与R1/R2/R3之间的tunnel建立EIGRP环境:
R4配置:
R4(config)#router eigrp 99
R4(config-router)#no auto-summary
R4(config-router)#network 10.1.14.0 0.0.0.255
R4(config-router)#network 4.4.4.0
R4(config-router)#exit
R1配置:
R1(config)#router eigrp 99
R1(config-router)#network 10.1.14.0 0.0.0.255
R1(config-router)#network 192.168.1.0
R1(config-router)#network 1.1.1.0
R2配置:
R2(config)#router eigrp 99
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.1.0
R2(config-router)#network 2.2.2.0
R2(config-router)#exit
R3配置:
R3(config)#router eigrp 99
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.1.0
R3(config-router)#network 3.3.3.0
R3(config-router)#exit
此时R1拥有R2/R3/R4的路由,可以在R1上查看路由表:
R1#show ip route eigrp
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/27008000] via 192.168.1.2, 00:06:58, Tunnel1
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/27008000] via 192.168.1.3, 00:06:42, Tunnel1
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/2297856] via 10.1.14.1, 00:04:00, Serial1/0
由于R5为ISP,R4到达R5需要通过NAT技术,由R1下发EIGRP环境的默认路由,R1上做NAT指向ISP
R1给R4下发默认路由:
R1(config)#int s1/0
R1(config-if)#ip summary-address eigrp 99 0.0.0.0/0
配置NAT:
R1(config)#access-list 1 permit 10.1.14.0 0.0.0.255
R1(config)#access-list 1 permit 4.4.4.0 0.0.0.255
R1(config)#ip nat inside source list 1 int s1/1 overload
R1(config)#int s1/1
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#int s1/0
R1(config-if)#ip nat inside
R1(config-if)#exit
为了保障链路安全,在R1-R5的链路上使用PPP封装,并且开启CHAP认证:
主认证方:
R1(config)#int s1/1
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#ppp chap password 123
R1(config-if)#exit
被认证方:
R5(config)#int s1/0
R5(config-if)#encapsulation ppp
R5(config-if)#ppp chap hostname R1
R5(config-if)#ppp chap password 123
R5(config-if)#exit
香蕉味的安慕希酸奶°