HCIP fifth day experiment

Network type big experiment

Problem-solving ideas:
1. Network deployment-topology construction
2. Bottom deployment-IP address planning and configuration to ensure that the entire network has IP
R1-R4 private network segments: 192.168.1.0/24-192.168.4.0/24
Between routers on the public network 15.1.1.0/24; 25.1.1.1/24; 35.1.1.1/24; 45.1.1.1/24
tunnel port address: 10.1.1.1/24; ——10.1.1.3/24; 10.2.2.1/ 24-10.2.2.2/24
link interface authentication is also part of the bottom layer deployment.
PPP authentication between R1 and R5, R5 is the main authenticator:
[R5]aaa //The main authenticator-server
[R5-aaa]local -user huawei password cipher huawei123
Info: Add a new user.
[R5-aaa]local-user huawei service-type ppp
[R5-aaa]int s4/0/0 //Connect to the client interface
[R5-Serial4/0/ 0]link-protocol ppp
[R5-Serial4/0/0]ppp authentication-mode pap
[R5-Serial4/0/0]ip address 15.1.1.2 24
[R5-Serial4/0/0]q

[R1]int s4/0/0 //被认证方
[R1-Serial4/0/0]link-protocol ppp
[R1-Serial4/0/0]ppp pap local-user huawei password cipher huawei123
[R1-Serial4/0/0]ip address 15.1.1.1 24

Chap authentication using PPP between R2 and R5:
[R5]aaa //Primary authentication party
[R5-aaa]local-user qq password cipher qq123
Info: Add a new user.
[R5-aaa]local-user qq service-type ppp
[R5-aaa]int s4/0/1
[R5-Serial4/0/1]link-protocol ppp
[R5-Serial4/0/1]ppp authentication-mode chap
[R5-Serial4/0/1]ip address 25.1.1.1 24

[R2]int s4/0/1 //被认证方
[R2-Serial4/0/1]link-protocol ppp
[R2-Serial4/0/1]ppp chap user qq
[R2-Serial4/0/1]ppp chap password cipher qq123
[R2-Serial4/0/1]ip address 25.1.1.2 24

R3与R5间使用HDLC封装：
[R3-LoopBack0]int s4/0/0
[R3-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[R3-Serial4/0/0]ip address 35.1.1.2 24

[R5]int s3/0/0
[R5-Serial3/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y
[R5-Serial3/0/0]ip address 35.1.1.1 24

3. The routing ensures that the entire network is reachable-each router points to R5 by default
[R1]ip route-static 0.0.0.0 0 15.1.1.2
[R2]ip route-static 0.0.0.0 0 25.1.1.1
[R3]ip route- static 0.0.0.0 0 35.1.1.1
[R4]ip route-static 0.0.0.0 0 45.1.1.1

R1-4 is used as a net so that all routers can access R5 loopback normally when they use the loopback private address as the source IP.
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]int s4/0/0
[R1-Serial4/0/ 0]nat outbound 2000
[R1-Serial4/0/0]display nat outbound
NAT Outbound Information:

Interface Acl Address-group/IP/Interface Type

Serial4/0/0 2000 15.1.1.1 easyip

[R2]acl 2000
[R2-acl-basic-2000]rule 5 permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]int s4/0/1
[R2-Serial4/0/1]nat outbound 2000

[R3]acl 2000
[R3-acl-basic-2000]rule 5 permit source 192.168.3.0 0.0.0.255
[R3-acl-basic-2000]q
[R3]int s4/0/0
[R3-Serial4/0/0]nat outbound 2000
[R3-Serial4/0/0]display nat outbound

[R4]acl 2000
[R4-acl-basic-2000]rule 5 permit source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]q
[R4]int g0/0/0
[R4-GigabitEthernet0/0/ 0]nat outbound 2000
[R4-GigabitEthernet0/0/0]display nat outbound When
configuring this part, there are two major problems: 1) Each router cannot use loopback to ping R5's loopback, so nat can't make it work. An additional PC can be added. Can ping through. 2) When writing PC3, the gateway address and host address were written incorrectly, which resulted in the failure of ping and then checked it several times.

4. R1/2/3 builds an MGRE environment, R1 is the central site


and point-to-point GRE between R1/4
[R1]int Tunnel 0/0/1
[R1-Tunnel0/0/1]ip address 10.2.2.1 24
[R1-Tunnel0/0/1]tunnel-protocol gre
[R1-Tunnel0/0/1]source 15.1.1.1
[R1-Tunnel0/0/1]destination 45.1.1.2
Sep 28 2020 18:12:33-08: 00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/1 has entered the UP state.

[R4]int Tunnel 0/0/1
[R4-Tunnel0/0/1]ip address 10.2.2.2 24
[R4-Tunnel0/0/1]tunnel-protocol gre
[R4-Tunnel0/0/1]source 45.1.1.2
[R4-Tunnel0/0/1]destination 15.1.1.1
Sep 28 2020 18:34:38-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface Tunnel0/0/1 has entered the UP state.

4. The entire private network is reachable based on RIP-configure rip and break the horizontal split on R1, otherwise some parts will not learn routing.
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]network 192.168.1.0
[R1-rip-1]network 10.0.0.0

[R2]rip 1
[R2-rip-1]version 2
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 10.0.0.0

[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 192.168.3.0
[R3-rip-1]network 10.0.0.0

[R4]rip 1
[R4-rip-1]version 2
[R4-rip-1]network 192.168.4.0
[R4-rip-1]network 10.0.0.0

Break the horizontal split on R1
[R1-Tunnel0/0/0] undo rip split-horizon

End of experiment