实验要求及拓扑图如下：

网段划分完后的拓扑图如下：

配置各个路由器接口IP

R1

[r1]interface Serial 4/0/0[r1-Serial4/0/0]ip address 15.0.0.1 24[r1-Serial4/0/0]q[r1]interface GigabitEthernet 0/0/0[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24[r1-GigabitEthernet0/0/0]q[r1]display ip interface brief*down: administratively down^down: standby(l): loopback(s): spoofingThe number of interface that is UP in Physical is 3The number of interface that is DOWN in Physical is 3The number of interface that is UP in Protocol is 3The number of interface that is DOWN in Protocol is 3InterfaceIP Address/MaskPhysical Protocol GigabitEthernet0/0/0 192.168.1.1/24 up up GigabitEthernet0/0/1 unassigned down downGigabitEthernet0/0/2 unassigned down downNULL0 unassigned up up(s)Serial4/0/0 15.0.0.1/24up up Serial4/0/1 unassigned down down

R2

[r2]interface Serial 4/0/0[r2-Serial4/0/0]ip address 25.0.0.2 24[r2-Serial4/0/0]q[r2]interface GigabitEthernet 0/0/0[r2-GigabitEthernet0/0/0]ip address 192.168.2.1 24[r2-GigabitEthernet0/0/0]q[r2]display ip interface brief*down: administratively down^down: standby(l): loopback(s): spoofingThe number of interface that is UP in Physical is 3The number of interface that is DOWN in Physical is 3The number of interface that is UP in Protocol is 3The number of interface that is DOWN in Protocol is 3InterfaceIP Address/MaskPhysical Protocol GigabitEthernet0/0/0 192.168.2.1/24 up up GigabitEthernet0/0/1 unassigned down downGigabitEthernet0/0/2 unassigned down downNULL0 unassigned up up(s)Serial4/0/0 25.0.0.2/24up up Serial4/0/1 unassigned down down

R3

[r3]interface Serial 4/0/0[r3-Serial4/0/0]ip address 35.0.0.2 24[r3-Serial4/0/0]q[r3]interface GigabitEthernet 0/0/0[r3-GigabitEthernet0/0/0]ip address 192.168.3.1 24[r3-GigabitEthernet0/0/0]q[r3]display ip interface brief*down: administratively down^down: standby(l): loopback(s): spoofingThe number of interface that is UP in Physical is 3The number of interface that is DOWN in Physical is 3The number of interface that is UP in Protocol is 3The number of interface that is DOWN in Protocol is 3InterfaceIP Address/MaskPhysical Protocol GigabitEthernet0/0/0 192.168.3.1/24 up up GigabitEthernet0/0/1 unassigned down downGigabitEthernet0/0/2 unassigned down downNULL0 unassigned up up(s)Serial4/0/0 35.0.0.2/24up up Serial4/0/1 unassigned down down

R4

[r4]interface GigabitEthernet 0/0/0[r4-GigabitEthernet0/0/0]ip address 45.0.0.2 24[r4-GigabitEthernet0/0/0]q[r4]interface GigabitEthernet 0/0/1[r4-GigabitEthernet0/0/1]ip address 192.168.4.1 24[r4-GigabitEthernet0/0/1]q[r4]display ip interface brief*down: administratively down^down: standby(l): loopback(s): spoofingThe number of interface that is UP in Physical is 3The number of interface that is DOWN in Physical is 1The number of interface that is UP in Protocol is 3The number of interface that is DOWN in Protocol is 1InterfaceIP Address/MaskPhysical Protocol GigabitEthernet0/0/0 45.0.0.2/24up up GigabitEthernet0/0/1 192.168.4.1/24 up up GigabitEthernet0/0/2 unassigned down downNULL0 unassigned up up(s)

[r5]interface Serial 3/0/0[r5-Serial3/0/0]ip address 15.0.0.2 24[r5-Serial3/0/0]q[r5]interface Serial 3/0/1[r5-Serial3/0/1]ip address 25.0.0.1 24[r5-Serial3/0/1]q[r5]interface Serial 4/0/0[r5-Serial4/0/0]ip address 35.0.0.1 24[r5-Serial4/0/0]q[r5]interface GigabitEthernet 0/0/0[r5-GigabitEthernet0/0/0]ip address 45.0.0.1 24[r5-GigabitEthernet0/0/0]q[r5]interface loopback 0[r5-LoopBack0]ip address 5.5.5.5 24[r5-LoopBack0]q[r5]display ip interface brief*down: administratively down^down: standby(l): loopback(s): spoofingThe number of interface that is UP in Physical is 6The number of interface that is DOWN in Physical is 3The number of interface that is UP in Protocol is 6The number of interface that is DOWN in Protocol is 3InterfaceIP Address/MaskPhysical Protocol GigabitEthernet0/0/0 45.0.0.1/24up up GigabitEthernet0/0/1 unassigned down downGigabitEthernet0/0/2 unassigned down downLoopBack05.5.5.5/24 up up(s)NULL0 unassigned up up(s)Serial3/0/0 15.0.0.2/24up up Serial3/0/1 25.0.0.1/24up up Serial4/0/0 35.0.0.1/24up up Serial4/0/1 unassigned down down

R1~R4路由配置缺省

[r1]ip route-static 0.0.0.0 0 15.0.0.2[r2]ip route-static 0.0.0.0 0 25.0.0.1[r3]ip route-static 0.0.0.0 0 35.0.0.1[r4]ip route-static 0.0.0.0 0 45.0.0.1

R1和R5间使用PPP的PAP认证，R5为主认证方

R5配置认证类型及认证信息（主认证方）

[r5]aaa[r5-aaa]local-user admin password cipher 123456[r5-aaa]local-user admin service-type ppp[r5-aaa]q[r5]interface Serial 3/0/0[r5-Serial3/0/0]ppp authentication-mode pap [r5-Serial3/0/0]q

R1配置登录认证（被认证方）

[r1]interface Serial 4/0/0[r1-Serial4/0/0]ppp pap local-user admin password cipher 123456[r1-Serial4/0/0]q

R2于R5之间使用PPP的chap认证，R5为主认证方

R5指定认证类型

[r5]interface Serial 3/0/1[r5-Serial3/0/1]ppp authentication-mode chap[r5-Serial3/0/1]q

R2配置登录认证

[r2]interface Serial 4/0/0[r2-Serial4/0/0]ppp chap password cipher 123456

R3于R5之间使用HDLC封装

R3修改为HDLC

[r3]interface Serial 4/0/0[r3-Serial4/0/0]link-protocol hdlc Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y

R5也修改为HDLC

[r5]interface Serial 4/0/0[r5-Serial4/0/0]link-protocol hdlc Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:y

R1/R2/R3构建一个MGRE环境，R1为中心站点

R1~R3创建tunnel接口配置IP

[r1]int Tunnel 0/0/0[r1-Tunnel0/0/0]ip address 192.168.5.1 24[r2]interface Tunnel 0/0/0[r2-Tunnel0/0/0]ip address 192.168.5.2 24[r3]interface Tunnel 0/0/0[r3-Tunnel0/0/0]ip address 192.168.5.3 24

R1选择隧道类型、配置源IP、再根据nhrp建立一个域、开启伪广播

[r1-Tunnel0/0/0]tunnel-protocol gre p2mp [r1-Tunnel0/0/0]source 15.0.0.1[r1-Tunnel0/0/0]nhrp network[r1-Tunnel0/0/0]nhrp network-id 100[r1-Tunnel0/0/0]nhrp entry multicast dynamic

R2

[r2-Tunnel0/0/0]tunnel-protocol gre p2mp [r2-Tunnel0/0/0]source Serial 4/0/0[r2-Tunnel0/0/0]nhrp network-id 100[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register

R3

[r3-Tunnel0/0/0]tunnel-protocol gre p2mp [r3-Tunnel0/0/0]source Serial 4/0/0[r3-Tunnel0/0/0]nhrp network-id 100[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register

R1、R4间为点到点的GRE

R1

[r1]int t 0/0/1[r1-Tunnel0/0/1]ip add 192.168.6.1 24[r1-Tunnel0/0/1]tunnel-protocol gre [r1-Tunnel0/0/1]source 15.0.0.1[r1-Tunnel0/0/1]destination 45.0.0.1

R4

[r4]int t 0/0/0[r4-Tunnel0/0/0]ip add 192.168.6.2 24[r4-Tunnel0/0/0]tunnel-protocol gre [r4-Tunnel0/0/0]source 45.0.0.1[r4-Tunnel0/0/0]destination 15.0.0.1

整个私有网络基于RIP全网可达

R1

[r1]rip[r1-rip-1]v 2[r1-rip-1]network 1.0.0.0[r1-rip-1]network 192.168.6.0[r1-rip-1]network 192.168.5.0[r1]int t 0/0/0[r1-Tunnel0/0/0]undo rip split-horizon

R2

[r2]rip[r2-rip-1] v 2[r2-rip-1]network 2.0.0.0[r2-rip-1]network 192.168.5.0

R3

[r3]rip [r3-rip-1]v 2[r3-rip-1]network 3.0.0.0[r3-rip-1]network 192.168.5.0

R4

[r4]rip [r4-rip-1]v 2[r4-rip-1]network 4.0.0.0[r4-rip-1]network 192.168.6.0

所有pc设置私有Ip为源IP，可以访问R5环回

R1

[r1]acl 2000[r1-acl-basic-2000]rule permit source 1.0.0.0 0.255.255.255[r1-acl-basic-2000]int s 4/0/0[r1-Serial4/0/0]nat outbound 2000

R2

[r2]acl 2000[r2-acl-basic-2000]rule permit source 2.0.0.0 0.255.255.255[r2-acl-basic-2000]int s 4/0/0[r2-Serial4/0/0]nat outbound 2000

R3

[r3]acl 2000[r3-acl-basic-2000]rule permit source 3.0.0.0 0.255.255.255[r3-acl-basic-2000]int s 4/0/0[r3-Serial4/0/0]nat outbound 2000

R4

[r4]acl 2000[r4-acl-basic-2000]rule permit source 4.0.0.0 0.255.255.255[r4-acl-basic-2000]int g 0/0/0[r4-Serial4/0/0]nat outbound 2000