MGRE网络的chap认证--ppp认证--tunnel 隧道综合实验
一.要求:
1.R5为Ips只能配置地址。
2.R1--R3建立MGRE环境且用EIGRP学习各自环回。
3.R4 可以正常访问R5环回。
4.R1和R5 进行chap认证,R5为主认证方(不基于主机名)。
二.地址规划:
| 路由器 | 环回地址 |
|---|---|
| R2 | 192.168.2.1/24 |
| R3 |
192.168.3.1/24 |
| R4 | 192.168.4.1/24 |
| R5 | 5.5.5.5/24 |
| 路由器 | 接口 | IP地址 |
|---|---|---|
| R1 | S0/0 | 192.168.1.2/24 |
| R1 | S0/1 | 10.1.1.1/24 |
| R1 | tunnel0 | 20.1.1.1/24 |
| R2 | S0/0 | 10.1.2.2/24 |
| R2 | tunnel0 | 20.1.1.2/24 |
| R3 | S0/0 | 10.1.3.2/24 |
| R3 | tunnel0 | 20.1.1.3/24 |
| R5 | S0/0 | 10.1.1.2/24 |
| R5 | S0/1 | 10.1.2.1/24 |
| R5 | S0/2 | 10.1.3.1/24 |
三.拓扑图
四.配置
R1
**R1配置**
r1#show running-config
Building configuration...
Current configuration : 1934 bytes
!
! Last configuration change at 05:01:14 CET Sun Dec 16 2018
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Tunnel0
ip address 20.1.1.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 100
tunnel source Serial0/1
tunnel mode gre multipoint
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
serial restart-delay 0
!
interface Serial0/1
ip address 10.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ppp chap hostname R5
ppp chap password 0 123
serial restart-delay 0
!
interface Serial0/2
no ip address
ip nat outside
ip virtual-reassembly in
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
! !
router eigrp 100
network 20.0.0.0
network 192.168.1.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Serial0/1 overload
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
control-plane
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
!
end
R2
**R2配置**
r2#show running-config
Building configuration...
Current configuration : 1666 bytes
!
! Last configuration change at 04:34:52 CET Sun Dec 16 2018
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
ip address 20.1.1.2 255.255.255.0
no ip redirects
ip nhrp map 20.1.1.1 10.1.1.1
ip nhrp map multicast 10.1.1.1
ip nhrp network-id 100
ip nhrp nhs 20.1.1.1
tunnel source Serial0/0
tunnel mode gre multipoint
!
interface Serial0/0
ip address 10.1.2.2 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp 100
network 20.0.0.0
network 192.168.2.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.2.1
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
end
R3
**R3配置**
r3#show running-config
Building configuration...
Current configuration : 1648 bytes
!
! Last configuration change at 04:40:51 CET Sun Dec 16 2018
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
redundancy
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface Tunnel0
ip address 20.1.1.3 255.255.255.0
no ip redirects
ip nhrp map 20.1.1.1 10.1.1.1
ip nhrp map multicast 10.1.1.1
ip nhrp network-id 100
ip nhrp nhs 20.1.1.1
tunnel source Serial0/0
tunnel mode gre multipoint
!
interface Serial0/0
ip address 10.1.3.2 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp 100
network 20.0.0.0
network 192.168.3.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.3.1
!
control-plane
!
line cosice 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
!
end R4
**R4配置**
r4#show running-config Building configuration...
Current configuration : 1423 bytes
!
! Last configuration change at 04:42:51 CET Sun Dec 16 2018
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r4
!
boot-start-marker
boot-end-marker
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
interface Loopback0
ip address 192.168.4.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp 100
network 192.168.1.0
network 192.168.4.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!
control-plane
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
! R5
**R5配置**
r5#show running-config
Building configuration...
Current configuration : 1425 bytes
!
! Last configuration change at 05:02:14 CET Sun Dec 16 2018
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r5
!
boot-start-marker
boot-end-marker
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
username R5 password 0 123
!
redundancy
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Serial0/0
ip address 10.1.1.2 255.255.255.0
encapsulation ppp
ppp authentication chap
serial restart-delay 0
!
interface Serial0/1
ip address 10.1.2.1 255.255.255.0
serial restart-delay 0
!
interface Serial0/2
ip address 10.1.3.1 255.255.255.0
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
!
end
五.总结
1.路由器之间不能使用Ethernet接口,Ethernet接口不能改封装模式为PPP.
2.Tunnel隧道地址不能和公网配置在同一网段,EIGRP宣告后会造成Tunnel超时而路由翻滚。
3.模拟器GNS3不支持NAT和Tunnel在同一接口。(1以下版本,1以上未尝试。欢迎评论求解)