GRE-MGRE Comprehensive Test

Internet 2023-05-04 16:14:15 views: null

 Topology:

 Require

1. R5 is the network operator (ISP), and the interface IP addresses are all public addresses;

2. PPP PAP authentication is used between R1 and R5, and R5 is the main authenticator; PPP chap authentication is used between R2 and R5, and R5 is the main authenticator; HDLC encapsulation is used between R3 and R5

3. R1/R2/R3 build an MGRE environment, R1 is the central site; R1/R4 is point-to-point GRE

4. The entire private network segment is reachable on the entire network based on RIP

5. When all routers are based on the loopback private IP address as the source IP, they can normally access the R5 loopback

 Equipment used: 5 routers, 4 computers

Solve network topology :

1. Determine the number of broadcast domains

2. Assign network segments

3. Configure IP address (router configuration is preferred)

Determine the number of broadcast domains

According to the topology diagram and requirements, this topology has a total of 9 network segments, including 4 given network segments, a loopback network segment and four intranet network segments

Assign network segment

According to the scenario, a company's head office is in the east direction, and the other three branches are distributed in the other three directions

 Configure router IP address and enable DHCP service

AR1:

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]interface GigabitEthernet 0/0/0 
[r1-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[r1-GigabitEthernet0/0/0]
Apr 24 2023 21:19:39-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r1-GigabitEthernet0/0/0]q
[r1]interface Serial 1/0/0
[r1-Serial1/0/0]ip address 15.1.1.1 24
[r1-Serial1/0/0]q
[r1]
Apr 24 2023 21:54:59-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[r1]
[r1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r1]ip pool a
Info: It's successful to create an IP address pool.
[r1-ip-pool-a]network 192.168.1.0 mask 24
[r1-ip-pool-a]gateway-list 192.168.1.254
[r1-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
[r1-ip-pool-a]q
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]dhcp select global 
[r1-GigabitEthernet0/0/0]q
[r1]

AR2:

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.2.254 24
[r2-GigabitEthernet0/0/0]
Apr 24 2023 21:51:39-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r2-GigabitEthernet0/0/0]q
[r2]interface Serial 1/0/0
[r2-Serial1/0/0]ip address 25.1.1.1 24
[r2-Serial1/0/0]q 
[r2]
Apr 24 2023 21:55:20-08:00 r2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[r2]
[r2]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r2]ip pool b
Info: It's successful to create an IP address pool.
[r2-ip-pool-b]network 192.168.2.0 mask 24
[r2-ip-pool-b]gateway-list 192.168.2.254
[r2-ip-pool-b]dns-list 114.114.114.114 8.8.8.8
[r2-ip-pool-b]q
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]dhcp select global 
[r2-GigabitEthernet0/0/0]q
[r2]

AR3:

<Huawei>system 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r3
[r3]interface GigabitEthernet 0/0/0 
[r3-GigabitEthernet0/0/0]ip address 192.168.3.254 24
[r3-GigabitEthernet0/0/0]
Apr 24 2023 21:52:43-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r3-GigabitEthernet0/0/0]q
[r3]interface Serial 1/0/0
[r3-Serial1/0/0]ip address 35.1.1.1 24
[r3-Serial1/0/0]q
[r3]  
Apr 24 2023 21:55:35-08:00 r3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[r3]
[r3]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r3]ip pool c
Info: It's successful to create an IP address pool.
[r3-ip-pool-c]network 192.168.3.0 mask 24
[r3-ip-pool-c]gateway-list 192.168.3.254
[r3-ip-pool-c]dns-list 114.114.114.114 8.8.8.8
[r3-ip-pool-c]q
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]dhcp select global 
[r3-GigabitEthernet0/0/0]q
[r3]

AR4:

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.4.254 24
[r4-GigabitEthernet0/0/0]
Apr 24 2023 21:53:47-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip address 45.1.1.1 24
Apr 24 2023 21:54:14-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r4-GigabitEthernet0/0/1]q
[r4]
[r4]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r4]ip pool d
Info: It's successful to create an IP address pool.
[r4-ip-pool-d]network 192.168.4.0 mask 24
[r4-ip-pool-d]gateway-list 192.168.4.254
[r4-ip-pool-d]dns-list 114.114.114.114 8.8.8.8
[r4-ip-pool-d]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]dhcp select global 
[r4-GigabitEthernet0/0/0]q
[r4]

AR5:

<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname isp      
[isp]interface Serial 1/0/0
[isp-Serial1/0/0]ip address 15.1.1.2 24
[isp-Serial1/0/0]
Apr 24 2023 22:07:51-08:00 isp %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP IPCP on the interface Serial1/0/0 has entered the UP state. 
[isp-Serial1/0/0]q
[isp]interface Serial 1/0/1
[isp-Serial1/0/1]ip address 25.1.1.2 24
[isp-Serial1/0/1]
Apr 24 2023 22:08:12-08:00 isp %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Serial1/0/1 has entered the UP state. 
[isp-Serial1/0/1]q
[isp]interface Serial 2/0/0
[isp-Serial2/0/0]ip address 35.1.1.2 24
[isp-Serial2/0/0]
Apr 24 2023 22:08:35-08:00 isp %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP IPCP on the interface Serial2/0/0 has entered the UP state. 
[isp-Serial2/0/0]q
[isp]interface GigabitEthernet 0/0/0
[isp-GigabitEthernet0/0/0]ip address 45.1.1.2 24
Apr 24 2023 22:09:08-08:00 isp %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[isp-GigabitEthernet0/0/0]q
[isp]
[isp]interface LoopBack 0
[isp-LoopBack0]ip address 3.3.3.3 24
[isp-LoopBack0]q
[isp]

Authentication between interfaces

1. Use PPP PAP authentication between R1 and R5, and R5 is the main authenticator

​AR5:

[isp]aaa
[isp-aaa]local-user apple privilege level 15 password cipher 123456
Info: Add a new user.
[isp-aaa]local-user apple service-type ppp
[isp-aaa]q
[isp]interface Serial 1/0/0
[isp-Serial1/0/0]link-protocol ppp
[isp-Serial1/0/0]ppp authentication-mode pap 
[isp-Serial1/0/0]q
[isp]

AR1:

[r1]interface Serial 1/0/0
[r1-Serial1/0/0]link-protocol ppp
[r1-Serial1/0/0]ppp pap local-user apple password cipher 123456
[r1-Serial1/0/0]q
[r1]

2. Use PPP chap authentication between R2 and R5, and R5 is the main authenticator

AR5:

[isp]aaa
[isp-aaa]local-user banana privilege level 15 password cipher 123456
Info: Add a new user.
[isp-aaa]local-user banana service-type ppp
[isp-aaa]q
[isp]interface Serial 1/0/1
[isp-Serial1/0/1]link-protocol ppp
[isp-Serial1/0/1]ppp authentication-mode chap
[isp-Serial1/0/1]q
[isp]

AR2:

[r2]interface Serial 1/0/0
[r2-Serial1/0/0]link-protocol ppp
[r2-Serial1/0/0]ppp chap user banana
[r2-Serial1/0/0]ppp chap password cipher 123456
[r2-Serial1/0/0]q
[r2]

3. Use HDLC package between R3 and R5

AR3:
[r3]interface Serial 1/0/0
[r3-Serial1/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y



AR5:
[isp]interface Serial 2/0/0
[isp-Serial2/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y

Point-to-point GRE partial configuration:

AR1:

[r1]interface Tunnel 0/0/1
[r1-Tunnel0/0/1]ip address 10.1.1.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre 
[r1-Tunnel0/0/1]source 15.1.1.1
[r1-Tunnel0/0/1]destination 45.1.1.1
[r1-Tunnel0/0/1]q
[r1]

AR4:

[r4]interface Tunnel 0/0/0
[r4-Tunnel0/0/1]ip address 10.1.1.2 24
[r4-Tunnel0/0/1]tunnel-protocol gre 
[r4-Tunnel0/0/1]source 45.1.1.1
[r4-Tunnel0/0/1]destination 15.1.1.1
[r4-Tunnel0/0/1]q
[r4]

Note: When knocking on the target IP address, be sure to see the destination (purpose), not the description (description)

Configure the MGRE section

AR1: Central Site

[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.2.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r1-Tunnel0/0/0]source 15.1.1.1
Apr 25 2023 19:59:48-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r1-Tunnel0/0/0]nhrp entry multicast dynamic 
[r1-Tunnel0/0/0]nhrp network-id 100
[r1-Tunnel0/0/0]q
[r1]

AR2:

[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]ip address 10.1.2.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r2-Tunnel0/0/0]source Serial 1/0/0
Apr 25 2023 20:01:17-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r2-Tunnel0/0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register 
[r2-Tunnel0/0/0]q
[r2]

AR3:

[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip address 10.1.2.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source Serial 1/0/0
Apr 25 2023 20:02:20-08:00 r3 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol IP on the interface Tunnel0/0/0 has entered the UP state. 
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 15.1.1.1 register 
[r3-Tunnel0/0/0]q
[r3]

After configuring GRE and MGRE, the actual topology

 Then write a static default route pointing to R5 on each router of R1~R4

[r1]ip route-static 0.0.0.0 0 15.1.1.2
[r2]ip route-static 0.0.0.0 0 25.1.1.2
[r3]ip route-static 0.0.0.0 0 35.1.1.2
[r4]ip route-static 0.0.0.0 0 45.1.1.2

At this time, devices configured with GRE and MGRE can communicate with each other.

Configure the RIP dynamic routing protocol

AR1:

[r1]rip 1
[r1-rip-1]version 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 10.0.0.0
[r1-rip-1]silent-interface GigabitEthernet 0/0/0
[r1-rip-1]q
[r1]
[r1]interface Tunnel 0/0/1
[r1-Tunnel0/0/1]rip authentication-mode md5 usual cipher 123456
[r1-Tunnel0/0/1]q
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r1-Tunnel0/0/0]q
[r1]

AR2:

[r2]rip 1
[r2-rip-1]version 2
[r2-rip-1]network 192.168.2.0 
[r2-rip-1]network 10.0.0.0
[r2-rip-1]silent-interface GigabitEthernet 0/0/0
[r2-rip-1]q
[r2]
[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r2-Tunnel0/0/0]q
[r2]

AR3:

[r3]rip 1
[r3-rip-1]version 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 10.0.0.0
[r3-rip-1]silent-interface GigabitEthernet 0/0/0
[r3-rip-1]q
[r3]
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r3-Tunnel0/0/0]q
[r3]

AR4:

[r4]rip 1
[r4-rip-1]version 2
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 10.0.0.0
[r4-rip-1]silent-interface GigabitEthernet 0/0/0
[r4-rip-1]q
[r4]
[r4]interface Tunnel 0/0/0
[r4-Tunnel0/0/0]rip authentication-mode md5 usual cipher 123456
[r4-Tunnel0/0/0]q
[r4]

Configure the rip dynamic routing protocol, configure the silent interface, and configure authentication to ensure update security

After configuration, the four computers can access each other normally

 Configure ACL access control list

AR1:

[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]interface Serial 1/0/0 
[r1-Serial1/0/0]nat outbound 2000    
[r1-Serial1/0/0]q
[r1]

AR2:

[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]interface Serial 1/0/0
[r2-Serial1/0/0]nat outbound 2000
[r2-Serial1/0/0]q
[r2]

AR3:

[r3]acl 2000
[r3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255
[r3-acl-basic-2000]q
[r3]interface Serial 1/0/0
[r3-Serial1/0/0]nat outbound 2000
[r3-Serial1/0/0]q
[r3]

AR4:

[r4]acl 2000
[r4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255
[r4-acl-basic-2000]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]nat outbound 2000
[r4-GigabitEthernet0/0/1]q
[r4]

After configuration, PC1~PC4 can access the loopback 3.3.3.3 of R5

 

 So far, the experiment has been completed, and all the requirements have been completed.

Guess you like

Origin blog.csdn.net/mxxcxy/article/details/130330106
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com