Network Type Comprehensive Experiment
-
- Experimental requirements
- Experimental procedure
- 1 Planning ip address
- 2. Configure the IP address mask gateway on the PC
- 3. R5 is an ISP, only IP address configuration can be performed, and all its interfaces are configured as public IP addresses;
- 4. R1 and R5 use the pap authentication of ppp, and R5 is the main authenticator;
- 5. The chap authentication of ppp is used between R2 and R5, and R5 is the main authenticator
- 6. Do HDLC packaging between R3 and R5, and configure the two interfaces between R3 and R5 at the same time
- MGRE environment is established between R1, R2 and R3, and R1 is the central site
- 8. Configure point-to-point GRE with R4, because R1 R2 R3 is configured with MGRE, so now use another interface and network segment
- 9. Use rip to make the entire private network reachable
- 10. Use nat address translation
Experimental requirements
Experimental procedure
1 Planning ip address
as the picture shows
2. Configure the IP address mask gateway on the PC
Take PC1 as an example
3. R5 is an ISP, only IP address configuration can be performed, and all its interfaces are configured as public IP addresses;
4. R1 and R5 use the pap authentication of ppp, and R5 is the main authenticator;
PAP 明文传递用户名和密码
[ISP]aaa 主认证方—服务端
[ISP-aaa]local-user lzl password cipher 123456
[ISP-aaa]local-user lzl service-type ppp
[ISP]interface Serial 3/0/0 连接客户端的接口
[ISP-Serial3/0/0]link-protocol ppp
[ISP-Serial3/0/0]ppp authentication-mode pap
[ISP-Serial3/0/0]ip address 15.1.1.2 24
[R1]interface Serial 4/0/0 被认证方
[R1-Serial4/0/0]link-protocol ppp
[R1-Serial4/0/0]ppp pap local-user lzl password cipher 123456
[R1-Serial4/0/0]ip address 15.1.1.1 24
5. The chap authentication of ppp is used between R2 and R5, and R5 is the main authenticator
[ISP]aaa
[ISP-aaa]local-user lzl password cipher 123456
[ISP-aaa]local-user lzl service-type ppp
[ISP]interface Serial 3/0/1
[ISP-Serial3/0/1]link-protocol ppp
[ISP-Serial3/0/1]ppp authentication-mode chap
被认证方
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]link-protocol ppp
[R2-Serial1/0/0]ppp chap user lzl
[R2-Serial1/0/0]ppp chap password cipher 123456
6. Do HDLC packaging between R3 and R5, and configure the two interfaces between R3 and R5 at the same time
[r5]
[Huawei-Serial4/0/0]link-protocol hdlc
[r3]
[Huawei-Serial4/0/0]link-protocol hdlc
MGRE environment is established between R1, R2 and R3, and R1 is the central site
中心站点配置
interface Tunnel0/0/0 创建tunnel口
ip address 10.1.1.1 255.255.255.0 配置接口ip地址
tunnel-protocol gre p2mp 先修改接口模式为多点GRE
source 15.1.1.1 再定义公有的源IP地址
nhrp entry multicast dynamic 本地成为NHRP中心,同时可以进行伪广播
nhrp network-id 100
分支站点:
interface Tunnel0/0/0
ip address 10.1.1.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial 4/0/0
假设分支站点ip地址不固定 配置为当前接口
nhrp network-id 100
nhrp entry 10.1.1.1 15.1.1.1 register 分支需要到中心站点注册
8. Configure point-to-point GRE with R4, because R1 R2 R3 is configured with MGRE, so now use another interface and network segment
[R1]interface Tunnel 0/0/1
[R1-Tunnel0/0/0]ip address 10.1.2.1 24
[R1-Tunnel0/0/0]tunnel-protocol gre
[R1-Tunnel0/0/0]source 15.1.1.1
[R1-Tunnel0/0/0]destination 45.1.1.1
记得去的也要写
9. Use rip to make the entire private network reachable
Take AR1 as an example
[R1]rip 1
[R1-rip-1]version 2
[R1-rip-1]un summary
[R1-rip-1]network 192.168.1.0 宣告自己的主类
[R1-rip-1]net
[R1-rip-1]network 10.0.0.0 宣告虚拟接口
1. After the configuration of each router from R1 to R4 is completed, a problem will be found. When the branch site sends data to the central site in MGRE, the central site will not pass it to another branch. At this time, there is a problem of horizontal splitting, so To turn off split horizon on the hub router.
2. [r1-Tunnel0/0/0]undo rip split-horizon
3. Finally, the entire private network can be reached
10. Use nat address translation
1.rip only makes the entire private network reachable. Finally, if you want to ping the loopback of the ISP, you need to use NAT address translation on all border network routers.
Take AR1 as an example