GRE和MGRE综合实验

实验拓扑图

实验思路

根据图中所属网段，配置ip地址和网关
R1,R2,R3,R4配置缺省路由，可以是公网互通
使用ppp验证，R1与R5为PAP验证，R5:aaa地址池，创建用户名以及密码，同时进行pap服务认证，同时在R1-R5连接直连，R5端口认证该用户。R1：s4/0/0端口输入账号，密码，进行认证。
R2-R5的CHAP与PAP认证相识，只是认证协议不同，以及R2端口认证配置不同。
R3-R5之间的端口，使用link-protocol hdlc进行封装。
R1、R2、R3用MGRE环境，创建tunnel0/0/0,配置使用协议，源ip,目标ip.
R1、R4用GRE环境，创建tunnel0/0/1,源ip,目标ip,
R1、R5间用RIP宣告网段，使网络互通；

R1、R2、R3不仅要宣告网段，还要在中心上开启伪广播，为了只有中心获取到分支的路由信息，但是分支并没有获取到中心的路由信息；每个路由器关闭接口的水平分割，因为分支在中心开启伪广播后，分支只能获取到中心的路由信息，但是无法获取分支之间的路由信息。

实验IP配置

[R1-GigabitEthernet0/0/0]ip ad 192.168.1.254 24[R1-GigabitEthernet0/0/0]int s 4/0/0[R1-Serial4/0/0]ip ad 15.1.1.1 24[R1-Serial4/0/0]int t0/0/0[R1-Tunnel0/0/0]ip ad 10.1.2.1 24[R1-Tunnel0/0/0]int t0/0/1[R1-Tunnel0/0/1]ip ad 10.1.1.1 24[R1-Tunnel0/0/1]q[R1]dis ip in b*down: administratively down^down: standby(l): loopback(s): spoofingThe number of interface that is UP in Physical is 5The number of interface that is DOWN in Physical is 3The number of interface that is UP in Protocol is 3The number of interface that is DOWN in Protocol is 5Interface                         IP Address/Mask      Physical   Protocol GigabitEthernet0/0/0              192.168.1.254/24     up         up       GigabitEthernet0/0/1              unassigned           down       down     GigabitEthernet0/0/2              unassigned           down       down     NULL0                             unassigned           up         up(s)    Serial4/0/0                       15.1.1.1/24          up         up       Serial4/0/1                       unassigned           down       down     Tunnel0/0/0                       10.1.2.1/24          up         down     Tunnel0/0/1                       10.1.1.1/24          up         down

[R2]int g0/0/0[R2-GigabitEthernet0/0/0]ip ad 192.168.2.254 24Mar 30 2024 18:26:59-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IPon the interface GigabitEthernet0/0/0 has entered the UP state.[R2-GigabitEthernet0/0/0]int s 4/0/0[R2-Serial4/0/0]ip ad 25.1.1.2 24[R2-Serial4/0/0]int t0/0/0[R2-Tunnel0/0/0]ip ad 10.1.2.2 24

[R3]int g0/0/0[R3-GigabitEthernet0/0/0]ip ad 192.168.3.254 24Mar 30 2024 18:29:24-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IPon the interface GigabitEthernet0/0/0 has entered the UP state.[R3-GigabitEthernet0/0/0]int s 4/0/0[R3-Serial4/0/0]ip ad 35.1.1.3 24[R3-Serial4/0/0]int t0/0/0[R3-Tunnel0/0/0]ip ad  10.1.2.3 24[R3-Tunnel0/0/0]

[R4-GigabitEthernet0/0/0]ip ad 45.1.1.4 24Mar 30 2024 18:32:01-08:00 R4 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IPon the interface GigabitEthernet0/0/0 has entered the UP state.[R4-GigabitEthernet0/0/0]int g0/0/1[R4-GigabitEthernet0/0/1]ip ad 192.168.4.254 24[R4-GigabitEthernet0/0/1]int t0/0/1[R4-Tunnel0/0/1]ip ad 10.1.1.4 24

[R5]int s 4/0/1[R5-Serial4/0/1]ip ad 15.1.1.5 24[R5-Serial4/0/1][R5-Serial4/0/1]int s 3/0/1[R5-Serial3/0/1]ip ad 25.1.1.5 24[R5-Serial3/0/1]int s 4/0/0[R5-Serial4/0/0]ip ad 35.1.1.5 24[R5-Serial4/0/0]int g0/0/0[R5-GigabitEthernet0/0/0]ip ad 45.1.1.5 24[R5-LoopBack0]ip ad 5.5.5.5 24

实验配置

实现公私网互通

[R1]ip route-static 0.0.0.0 0 15.1.1.5[R2]ip route-static 0.0.0.0 0 25.1.1.5[R3]ip route-static 0.0.0.0 0  35.1.1.5[R4]ip route-static 0.0.0.0 0 45.1.1.5[R1]ping 25.1.1.2PING 25.1.1.2: 56  data bytes, press CTRL_C to breakReply from 25.1.1.2: bytes=56 Sequence=1 ttl=254 time=60 msReply from 25.1.1.2: bytes=56 Sequence=2 ttl=254 time=30 msReply from 25.1.1.2: bytes=56 Sequence=3 ttl=254 time=20 msReply from 25.1.1.2: bytes=56 Sequence=4 ttl=254 time=20 msReply from 25.1.1.2: bytes=56 Sequence=5 ttl=254 time=20 ms

2、

（1）R1和R5间使用PPP的PAP认证，R5为主认证方；

[R5]aaa[R5-aaa]local-user zhangdaye password cipher zdy12345Info: Add a new user.[R5-aaa]local-user zhangdaye service-type ppp[R5-aaa]q[R5]int s 4/0/1[R5-Serial4/0/1]ppp authentication-mode pap

[R1]int s 4/0/0[R1-Serial4/0/0]ppp pap local-user zhangdaye password cipher zdy12345

测试

[R1-Serial4/0/0]shutdown[R1-Serial4/0/0]undo shutdown[R1-Serial4/0/0]Mar 30 2024 18:56:39-08:00 R1 %%01IFPDT/4/IF_STATE(l)[5]:Interface Serial4/0/0 has turned into UP state.[R1-Serial4/0/0]Mar 30 2024 18:56:42-08:00 R1 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol PPPon the interface Serial4/0/0 has entered the UP state.[R1-Serial4/0/0]Mar 30 2024 18:56:42-08:00 R1 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PPPIPCP on the interface Serial4/0/0 has entered the UP state.

（2）R2与R5之间使用ppp的CHAP认证，R5为主认证方;

[R5]aaa[R5-aaa]local-user wangdaye password cipher wdy12345Info: Add a new user.[R5-aaa]local-user wangdaye service-type ppp.[R5-aaa]q[R5]int s 3/0/1[R5-Serial3/0/1]ppp authentication-mode chap

[R2]int s 4/0/0[R2-Serial4/0/0]ppp chap user wangdaye[R2-Serial4/0/0]ppp chap password cipher wdy12345[R2-Serial4/0/0]shutdown[R2-Serial4/0/0]undo shutdown[R2-Serial4/0/0]Mar 30 2024 19:04:38-08:00 R2 %%01IFPDT/4/IF_STATE(l)[5]:Interface Serial4/0/0 has turned into UP state.[R2-Serial4/0/0]Mar 30 2024 19:04:41-08:00 R2 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol PPPon the interface Serial4/0/0 has entered the UP state.[R2-Serial4/0/0]Mar 30 2024 19:04:41-08:00 R2 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PPPIPCP on the interface Serial4/0/0 has entered the UP state.

（3）R3与R5之间使用HDLC封装;

[R5-Serial4/0/0]link-protocol hdlcWarning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:yMar 30 2024 19:13:29-08:00 R5 %%01IFNET/4/CHANGE_ENCAP(l)[8]:The user performedthe configuration that will change the encapsulation protocol of the link and then selected Y.[R5-Serial4/0/0][R5-Serial4/0/0]Mar 30 2024 19:13:29-08:00 R5 %%01PPP/4/PHYSICALDOWN(l)[9]:On the interface Serial4/0/0, PPP link was closed because the status of the physical layer was Down.[R5-Serial4/0/0]Mar 30 2024 19:13:29-08:00 R5 %%01IFNET/4/LINK_STATE(l)[10]:The line protocol PPP on the interface Serial4/0/0 has entered the DOWN state.[R5-Serial4/0/0]Mar 30 2024 19:13:29-08:00 R5 %%01IFNET/4/LINK_STATE(l)[11]:The line protocol PPP IPCP on the interface Serial4/0/0 has entered the DOWN state.[R5-Serial4/0/0]Mar 30 2024 19:13:29-08:00 R5 %%01IFPDT/4/IF_STATE(l)[12]:Interface Serial4/0/0has turned into DOWN state.[R5-Serial4/0/0]Mar 30 2024 19:13:29-08:00 R5 %%01IFPDT/4/IF_STATE(l)[13]:Interface Serial4/0/0has turned into UP state.[R5-Serial4/0/0]Mar 30 2024 19:13:29-08:00 R5 %%01IFNET/4/LINK_STATE(l)[14]:The line protocol IPon the interface Serial4/0/0 has entered the UP state.[R5-Serial4/0/0]Mar 30 2024 19:14:29-08:00 R5 %%01IFNET/4/LINK_STATE(l)[15]:The line protocol IPon the interface Serial4/0/0 has entered the DOWN state.

[R3-Serial4/0/0]link-protocol hdlcWarning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:Mar 30 2024 19:14:15-08:00 R3 %%01PPP/4/TIMEOUT(l)[0]:On the interface Serial4/0/0, PPP link was closed because the keepalive timer expired.[R3-Serial4/0/0]Mar 30 2024 19:14:15-08:00 R3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPPon the interface Serial4/0/0 has entered the DOWN state.[R3-Serial4/0/0]Mar 30 2024 19:14:15-08:00 R3 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPPIPCP on the interface Serial4/0/0 has entered the DOWN state.[R3-Serial4/0/0]Mar 30 2024 19:14:15-08:00 R3 %%01RM/4/IPV4_DEFT_RT_CHG(l)[3]:IPV4 default Routeis changed. (ChangeType=Delete, InstanceId=0, Protocol=Static, ExitIf=Unknown,Nexthop=35.1.1.5, Neighbour=0.0.0.0, Preference=1006632960, Label=NULL, Metric=0)[R3-Serial4/0/0][R3-Serial4/0/0]Mar 30 2024 19:15:21-08:00 R3 %%01IFNET/4/CHANGE_ENCAP(l)[4]:The user performedthe configuration that will change the encapsulation protocol of the link and then selected N.

3、

（1）R1、R2、R3构建一个MGRE环境，

[R1-Tunnel0/0/0]tunnel-protocol gre p2mp[R1-Tunnel0/0/0]source 15.1.1.1Mar 30 2024 19:36:08-08:00 R1 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IPon the interface Tunnel0/0/0 has entered the UP state.[R1-Tunnel0/0/0]nhrp network-id 100

[R2-Tunnel0/0/0]tunnel-protocol gre p2mp[R2-Tunnel0/0/0]source Serial 4/0/0[R2-Tunnel0/0/0]nhrp network-id 100 [R2-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register

[R3-Tunnel0/0/0]tunnel-protocol gre p2mp[R3-Tunnel0/0/0]source Serial 4/0/0Mar 30 2024 19:49:41-08:00 R3 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol IPon the interface Tunnel0/0/0 has entered the UP state.[R3-Tunnel0/0/0]nhrp network-id 100[R3-Tunnel0/0/0]nhrp entry 10.1.2.1 15.1.1.1 register

（2）R1为中心站点，R1、R4间为点到点的GRE;

[R1-Tunnel0/0/1]tunnel-protocol gre[R1-Tunnel0/0/1]source 15.1.1.1[R1-Tunnel0/0/1]destination 45.1.1.4Mar 30 2024 19:31:31-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IPon the interface Tunnel0/0/1 has entered the DOWN state.

[R4-Tunnel0/0/1]tunnel-protocol gre[R4-Tunnel0/0/1]source 45.1.1.4[R4-Tunnel0/0/1]destination 15.1.1.1Mar 30 2024 19:33:12-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IPon the interface Tunnel0/0/1 has entered the UP state.

4、整个私有网络基本RIP全网可达，

[R1]rip 1[R1-rip-1]v 2[R1-rip-1]undo summary[R1-rip-1]net 192.168.1.0[R1-rip-1]net 10.0.0.0[R1-rip-1]q[R1]int t0/0/0[R1-Tunnel0/0/0]nhrp entry multicast dynamic[R1-Tunnel0/0/0]undo rip split-horizon

[R2]rip 1[R2-rip-1]v 2[R2-rip-1]undo summary[R2-rip-1]net 192.168.2.0[R2-rip-1]net 10.0.0.0[R2-rip-1]q[R2]int t0/0/0[R2-Tunnel0/0/0]undo rip s [R2-Tunnel0/0/0]undo rip split-horizon

[R3]rip 1[R3-rip-1]v 2[R3-rip-1]undo summary[R3-rip-1]net 192.168.3.0[R3-rip-1]net 10.0.0.0[R3-Tunnel0/0/0]undo rip split-horizon

在p1 p2 p3中互ping ,达到实验效果。

[R1]dis nhrp peer all-------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.2        32    25.1.1.2        10.1.2.2        dynamic      route tunnel-------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:23:07Expire time     : 01:36:53-------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.3        32    35.1.1.3        10.1.2.3        dynamic      route tunnel-------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:22:25Expire time     : 01:37:35

[R2]dis nhrp peer all-------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.1        32    15.1.1.1        10.1.2.1        static       hub         -------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:21:33Expire time     : ---------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.3        32    35.1.1.3        10.1.2.3        dynamic      route tunnel-------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:02:23Expire time     : 01:57:37-------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.2        32    25.1.1.2        10.1.2.2        dynamic      local       -------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:02:23Expire time     : 01:57:37Number of nhrp peers: 3

[R3]dis nhrp peer all-------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.1        32    15.1.1.1        10.1.2.1        static       hub         -------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:21:11Expire time     : ---------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.2        32    25.1.1.2        10.1.2.2        dynamic      route tunnel-------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:02:43Expire time     : 01:57:17-------------------------------------------------------------------------------Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag        -------------------------------------------------------------------------------10.1.2.3        32    35.1.1.3        10.1.2.3        dynamic      local       -------------------------------------------------------------------------------Tunnel interface: Tunnel0/0/0Created time    : 00:02:43Expire time     : 01:57:17Number of nhrp peers: 3

5、所有pc设置私有IP为源IP，可以访问R5环回,达到全网通

[R1]acl 2000[R1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255[R1-acl-basic-2000]q[R1]int s 4/0/0][R1-Serial4/0/0]nat outbound 2000

[R2]acl 2000[R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255[R2-acl-basic-2000]q[R2]int s 4/0/0[R2-Serial4/0/0]nat outbound 2000

[R3]acl 2000[R3-acl-basic-2000]rule permit source 192.168.3.0 0.0.0.255[R3-acl-basic-2000]q[R3]int s 4/0/0[R3-Serial4/0/0]nat outbound 2000

[R4]acl 2000[R4-acl-basic-2000]rule permit source 192.168.4.0 0.0.0.255[R4-acl-basic-2000]q[R4]int g0/0/0[R4-GigabitEthernet0/0/0]nat outbound 2000

测试

PC1

ping 5.5.5.5Ping 5.5.5.5: 32 data bytes, Press Ctrl_C to breakFrom 5.5.5.5: bytes=32 seq=1 ttl=254 time=16 msFrom 5.5.5.5: bytes=32 seq=2 ttl=254 time<1 msFrom 5.5.5.5: bytes=32 seq=3 ttl=254 time<1 msFrom 5.5.5.5: bytes=32 seq=4 ttl=254 time=15 msFrom 5.5.5.5: bytes=32 seq=5 ttl=254 time=16 ms