table of Contents
Topology design
Topological structures
Configuration
Ground floor
routing
test
Tactics
Comprehensive test:
1. topology design
1) ip address planning
R1-R4 14.1.1.0/24
R2 - R4 24.1.1.0/24
R3—R4 34.1.1.0/24
PC1 network segment 192.168.1.0/24
PC2 network segment 192.168.2.0/24
PC3 network segment 192.168.3.0/24
Tunnel: 10.1.1.0/24
2. topological structures
3. Configuration
1 ) the underlying
# Because the use of string lines, so the first module plus crosstalk, specific steps:
Router Settings - View --ensp support interface cards --2SA-- blank shown in FIG drag to
# Ip address with each device
To R4, for example:
[r4]interface Serial 4/0/0
[r4-Serial4/0/0]ip address 14.1.1.2 24
2) routing
# Public network
In an example R1, R2 / R3 same operation, but different next hops.
[r1]ip route-static 0.0.0.0 0 14.1.1.2
# Private route, three private networks allow public network communication.
Solution, configuration MGRE environment, as follows.
R1- Center
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 10.1.1.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp //定义点到多点gre模式
[r1-Tunnel0/0/0]source 14.1.1.1 //流量走隧道头部要分装公有源ip,
[r1-Tunnel0/0/0]nhrp entry multicast dynamic //成为NHRP服务器,分支访问其它节点,先找我要注册层表
[r1-Tunnel0/0/0]nhrp network-id 100 //隧道的工作范围
[r1-Tunnel0/0/0]nhrp authentication cipher hcip //为了安全,加入mgre环境需要认证
R2—分支
[r2]interface Tunnel 0/0/0
[r2-Tunnel0/0/0]ip address 10.1.1.2 24
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp
[r2-Tunnel0/0/0]source Serial 4/0/0
[r2-Tunnel0/0/0]nhrp entry 10.1.1.1 14.1.1.1 register //访问别的节点,先找nhrp服务点注册,如何找到nhrp服务点。通过隧道找10.1.1.1,如何到10.1.1.1呢?先找14.1.1.1公网。
[r2-Tunnel0/0/0]nhrp authentication cipher hcip
[r2-Tunnel0/0/0]nhrp network-id 100
R3—分支
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]IP address 10.1.1.3
[r3-Tunnel0/0/0]IP address 10.1.1.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source Serial 4/0/1
[r3-Tunnel0/0/0]nhrp entry 10.1.1.1 14.1.1.1 register
[r3-Tunnel0/0/0]nhrp authentication cipher hcip
[r3-Tunnel0/0/0]nhrp network-id 100
#私网通信的环境已搭建,还需要相互学习,此处要么使用静态,要么使用动态,根据题设要求,使用动态协议,故用RIP.
R1:
[r1]RIP 1 //进程号
[r1-rip-1]version 2 //版本号
[r1-rip-1]undo summary //关闭自动汇总
[r1-rip-1]network 10.0.0.0 // 宣告隧道地址
[r1-rip-1]network 192.168.1.0// 宣告私网,此处类似引流,把流量引进隧道
[r1]interface Tunnel 0/0/0
[r1-Tunnel0/0/0]undo rip split-horizon //关闭水平分割,应在隧道口进行,而不是物理口。
为什么要关闭水平分隔?
根据实验现象,发现R2与R3不通信,即R2的流量到R1的隧道口,不会将流量从该隧道口转发至R3,解决此类问题,有两中方案,要么关掉水平分割,要么使用mgre的多中心方式。
3)测试全网可达
4)策略
#R1—R2使用HDLC 封装
R1:
R4:
[r4]interface Serial 4/0/0
[r4-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:Y
结果
R4—R2/R3
[r4]aaa
[r4-aaa]local-user haha password cipher hcip
Info: Add a new user. ///添加认证用户和密码
[r4-aaa]local-user haha service-type ppp
R4—-R2
[r4]interface Serial 4/0/1
[r4-Serial4/0/1]link-protocol ppp //分装模式ppp
[r4-Serial4/0/1]ppp authentication-mode pap ///认证方式pap
R2:
[r2]interface Serial 4/0/0
[r2-Serial4/0/0]link-protocol ppp
[r2-Serial4/0/0]ppp pap local-user haha password cipher hcip
R4—-R3
[r4]interface Serial 3/0/0
[r4-Serial3/0/0]link-protocol ppp
[r4-Serial3/0/0]ppp authentication-mode chap ///认证方式chap
R3
[r3]interface Serial 4/0/1
[r3-Serial4/0/1]link-protocol PPP
[r3-Serial4/0/1]PPP chap user haha
[r3-Serial4/0/1]ppp chap password cipher hcip
4.综合测试: