HCIP third experiment

Enterprise 2023-12-17 16:29:53 views: null

Insert image description here

一、拓扑搭建
Insert image description here
二、配置地址
【R1】
[r1-Serial4/0/0]ip address 15.0.0.1 24
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
【R2】
[r2-Serial4/0/0]ip address 25.0.0.2 24
[r2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
【R3】
[r3-Serial4/0/0]ip address 35.0.0.2 24
[r3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
【R4】
[r4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[r4-GigabitEthernet0/0/0]ip address 45.0.0.2 24
【R5】
[ISP-Serial3/0/0]ip address 15.0.0.2 24
[ISP-Serial3/0/1]ip address 25.0.0.1 24
[ISP-Serial4/0/0]ip address 35.0.0.1 24
[ISP-GigabitEthernet0/0/0]ip address 45.0.0.1 24
[ISP-LoopBack0]ip address 5.5.5.5 24

2. Configure the default route pointing to ISP
[r1]ip route-static 0.0.0.0 0 15.0.0.2
[r2]ip route -static 0.0.0.0 0 25.0.0.1
[r3]ip route-static 0.0.0.0 0 35.0.0.1
[r4]ip route-static 0.0. 0.0 0 45.0.0.1
Test results
Insert image description here
Insert image description here
3. PAP authentication using PPP between R1 and R5, R5 is the main authenticator
[ISP]aaa
[ISP-aaa]local-user r1 password cipher 123
[ISP-aaa]local-user r1 service-type ppp [r1-Serial4/0/0]ppp pap local-user r1 password cipher 123 [r1 ]interface s4/0/0 [ISP-Serial3/0/0]ppp authentication-mode pap
[ISP]interface s3/0/0


4. PPP chap authentication is used between R2 and R5, and R5 is the main authenticator
[ISP]aaa
[ISP-aaa] local-user r2 password cipher 123
[ISP-aaa]local-user r2 service-type ppp
[ISP]interface s3/0/1 [r2-Serial4/0/0]ppp chap password cipher 123 [r2- Serial4/0/0]ppp chap user r2 [r2]interface s4/0/0
[ISP-Serial3/0/1]ppp authentication-mode chap


5. HDLC packaging is used between R3 and R5
[r3]interface s4/0/0
[r3-Serial4/0/0 ]link-protocol hdlc
[ISP]interface s4/0/0
[ISP-Serial4/0/0]link-protocol hdlc

6. R1/R2/R3 build an MGRE environment (point-to-multipoint), R1 is the central site, and R1 and R4 are point-to-point GRE
Analysis: quite To convert the three private network segments of R1/R2/R3 into one private network segment
Configure the 192.168.5.0 network segment for the private network segment, create a tunnel port, and R1 is the central site
[r1]interface t0/0/0
[r1-Tunnel0/0/0]ip address 192.168.5.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp
[r1-Tunnel0/0/0]source 15.0.0.1
[r1-Tunnel0 /0/0]nhrp network-id 100 (create an id of 100)
[r1-Tunnel0/0/0]nhrp entry multicast dynamic

[r2]interface t0/0/0
[r2-Tunnel0/0/0]ip address 192.168.5.2 24
[r2- Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source Serial 4/0/0
[r2-Tunnel0/ 0/0]nhrp network-id 100
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register (IP address of central site and IP address of interface)

[r3]interface t0/0/0
[r3-Tunnel0/0/0]ip address 192.168.5.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source s4/0/0
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register

7. Point-to-point GRE between R1 and R4
In the same way, it is equivalent to turning the two private network segments between R1 and R4 into one private network. Segment
Configure the 192.168.6.0 network segment for the private network segment, create a tunnel port, and R1 is the central site
[r1]interface t0/0/1< /span> [r1-Tunnel0/0/1]tunnel-protocol gre
[r1-Tunnel0/0/1]ip address 192.168.6.1 24 [r1-Tunnel0/0/1]destination 45.0.0.2 (G0/0/0 interface IP of R4)


[r4]interface t0/0/0
[r4-Tunnel0/0/0]ip address 192.168.6.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.2
[r4-Tunnel0/0/0]destination 15.0.0.1

8. The private network is reachable by the entire network based on RIP (only the private network segment is announced)
[r1]rip
[r1-rip -1]v 2
[r1-rip-1]network 192.168.1.0
[r1-rip-1]network 192.168.5.0< a i=5> [r1-rip-1]network 192.168.6.0

[r2]rip
[r2-rip-1]v 2
[r2-rip-1]network 192.168.2.0
[r2-rip-1]network 192.168.5.0

[r3]rip
[r3-rip-1]v 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 192.168.5.0

[r4]rip
[r4-rip-1]v 2
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 192.168.6.0

Problem: R2 and R3 only obtain network segments 1.0 and 6.0
The reason is that in MGRE R1 will send routing information to R2 and R3, but because of the RIP split horizon mechanism Resulting in incomplete information transmission
Solution: Enter the central site Tunnel port to disable RIP's split horizon mechanism
[r1-Tunnel0/0/0]undo rip split-horizon< /span>

9. The PC is equipped with IP and can access the loopback of R5
Analysis: NAT needs to be done on each border router (i.e. the outgoing interface of R1/R2/R3/R4)< /span> [r1-Serial4/0/0]nat outbound 2000 [ r1]interface s4/0/0 [r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
Insert image description here
Insert image description here
Insert image description here
Insert image description here
[r1]acl 2000


[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[r2]interface s4/0/0
[r2-Serial4/0/0]nat outbound 2000

In the same way, R3 and R4 are the same

Guess you like

Origin blog.csdn.net/FlightDiarys/article/details/122432251
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com