1、在HQ和Branch之间的s1/0接口部署CHAP 2、在HQ和Branch上部署GRE tunnel ,使用动态路由协议做到全网互通
拓扑图
PC1的配置(基本配置):
Router>enable //用户模式进入特权模式
Router#configure terminal //特权模式进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
PC1(config)#hostname PC1 //设备命名为PC 1
PC1(config)#no ip routing //关闭路由功能
PC1(config)#ip default-gateway 10.1.10.254 //默认网关为10.1.10.254
PC1(config)#interface ethernet 0/1 //进入接口E0/1
PC1(config-if)#ip address 10.1.10.100 255.255.255.0 //IP地址配置为10.1.10.100/24
PC1(config-if)#no shutdown //开启接口
*Oct 26 23:59:31.864: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Oct 26 23:59:32.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up
PC1(config-if)#exit
PC2的配置(基本配置):
Router>enable //用户模式进入特权模式
Router#configure terminal //特权模式进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname PC2 //设备命名为PC 2
PC2(config)#no ip routing //关闭路由功能
PC2(config)#interface ethernet 0/1 //进入接口E0/1
PC2(config-if)#ip add dhcp //DHCP开启获取ip地址
PC2(config-if)#no shutdown //开启接口
*Oct 27 00:08:30.621: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Oct 27 00:08:31.629: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up
PC2(config-if)#exit
SW1的配置(基本配置):
Switch>enable //用户模式进入特权模式
Switch#configure terminal //特权模式进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1 //设备命名为SW1
SW1(config)#vlan 10 //创建vlan10
SW1(config-vlan)#exit
SW1(config)#vlan 20 //创建vlan20
SW1(config-vlan)#exit
SW1(config)#interface ethernet 0/0 //进入接口E0/0
SW1(config-if)#switchport trunk encapsulation dot1q //接口封装DOT1Q
SW1(config-if)#switchport mode trunk //接口模式为trunk
SW1(config-if)#no shutdown //开启接口
SW1(config-if)#exit
SW1(config)#interface ethernet 0/1 //进入接口E0/1
SW1(config-if)#switchport mode access //接口配置为access
SW1(config-if)#switchport access vlan 10 //接口配置vlan10通过
SW1(config-if)#no shutdown //开启接口
SW1(config-if)#exit
SW1(config)#interface ethernet 0/2 //进入接口E0/2
SW1(config-if)#switchport trunk encapsulation dot1q //接口封装DOT1Q
SW1(config-if)#switchport mode trunk //接口模式为trunk
SW1(config-if)#no shutdown //开启接口
SW1(config-if)#exit
SW2的配置(基本配置):
Switch>enable //用户模式进入特权模式
Switch#configure terminal //特权模式进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW2 //设备命名为SW2
SW2(config)#vlan 10 //创建vlan10
SW2(config-vlan)#exit
SW2(config)#vlan 20 //创建vlan20
SW2(config-vlan)#exit
SW2(config)#interface ethernet 0/1 //进入接口E0/1
SW2(config-if)#switchport mode access //接口配置为access
SW2(config-if)#switchport access vlan 20 //接口配置vlan20通过
SW2(config-if)#no shut //开启接口
SW2(config-if)#exit
SW2(config)#interface ethernet 0/2 //进入接口E0/2
SW2(config-if)#switchport trunk encapsulation dot1q //接口封装DOT1Q
SW2(config-if)#switchport mode trunk //接口模式为trunk
SW2(config-if)#no shut //开启接口
SW2(config-if)#exit
SW2(config)#
Branch的配置(基本配置):
Router>enable //用户模式进入特权模式
Router#configure terminal //特权模式进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Branch //设备命名为Branch
Branch(config)#interface s1/0 //进入接口S1/0
Branch(config-if)#ip address 202.100.1.1 255.255.255.0 //IP地址配置为202.100.1.1/24
Branch(config-if)#no shutdown //开启接口
Branch(config-if)#ip ospf 110 area 0 //接口运行OSPF动态路由协议
Branch(config-if)#
*Oct 27 00:50:10.770: %OSPF-5-ADJCHG: Process 110, Nbr 202.100.1.2 on Serial1/0 from LOADING to FULL, Loading Done
Branch(config-if)#exit
Branch(config)#interface ethernet 0/0 //进入接口E0/0
Branch(config-if)#no shutdown //开启接口
*Oct 27 00:50:37.516: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Oct 27 00:50:38.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Branch(config-if)#interface ethernet 0/0.10 //进入子接口E0/0.10
Branch(config-subif)#encapsulation dot1q 10 //子接口封装dot1q
Branch(config-subif)#ip address 10.1.10.254 255.255.255.0 //子接口配置IP地址
Branch(config-subif)#ip ospf 110 area 0 //子接口运行OSPF协议
Branch(config-subif)#no shutdown // 开启接口
Branch(config-subif)#interface ethernet 0/0.20 //进入子接口E0/0.20
Branch(config-subif)#encapsulation dot1q 20 //子接口封装dot1q
Branch(config-subif)#ip address 10.1.20.254 255.255.255.0 //子接口配置IP地址
Branch(config-subif)#ip ospf 110 area 0 //子接口运行OSPF协议
Branch(config-subif)#ip helper-address 172.16.1.2 //dhcp中继代理开启
Branch(config-subif)#no shutdown //开启接口
Branch(config-subif)#
HQ的配置:
Router>enable //用户模式进入特权模式
Router#configure terminal //特权模式进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname HQ //设备命名为HQ
HQ(config)#interface ethernet 0/0 //进入接口E0/0
HQ(config-if)#ip address 172.16.1.1 255.255.255.0 // 接口配置IP
HQ(config-if)#no shutdown //开启接口
HQ(config-if)# ip ospf 110 area 0 //接口运行OSPF协议
*Oct 27 00:44:15.029: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Oct 27 00:44:16.034: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
HQ(config-if)#exit
HQ(config)#interface s1/0 //进入接口S1/0
HQ(config-if)#ip address 202.100.1.2 255.255.255.0 //接口配置IP地址
HQ(config-if)#no shutdown //开启接口
*Oct 27 00:45:10.178: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
*Oct 27 00:45:11.185: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
HQ(config-if)#ip ospf 110 area 0 //接口运行OSPF协议
HQ(config-if)#
*Oct 27 00:46:03.504: %OSPF-5-ADJCHG: Process 110, Nbr 172.16.1.2 on Ethernet0/0 from LOADING to FULL, Loading Done
HQ(config-if)#exit
HQ(config)#
Server的配置:
Router>enable //用户模式进入特权模式
Router#configure terminal //特权模式进入到全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Server // 设备命名为Server
Server(config)#ip dhcp pool vlan20 //创建地址池vlan20
Server(dhcp-config)#network 10.1.20.0 255.255.255.0 //创建地址池范围
Server(config)#ip dhcp excluded-address 10.1.20.1 10.1.20.199 //排除个别地址范围
Server(config)#interface ethernet 0/0 // 进入接口E0/0
Server(config-if)#ip address 172.16.1.2 255.255.255.0 //接口配置IP地址
Server(config-if)#no shutdown // 开启接口
Server(config-if)#exit
*Oct 27 00:35:44.503: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Oct 27 00:35:45.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Server(config)#interface ethernet 0/0 //进入接口E0/0
Server(config-if)#ip ospf 110 area 0 //接口运行ospf协议
PC1设备ping测试Server
PC1#ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/212/1018 ms
PC1#
PC2设备ping测试Server
PC2(config)#do ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/214/1019 ms
HQ和Branch设备添加的配置有以下:(双向认证)
HQ设备配置:
HQ设备配置
添加以下配置:
添加配置
Branch设备配置:
Branch设备配置
添加以下配置:
添加配置
测试结果:Branch和HQ
yi
Branch
HQ
LAB2:
在HQ和Branch上部署GRE tunnel ,使用动态路由协议做到全网互通
Branch设备的配置:
Branch(config)#interface tunnel 1
*Oct 27 08:04:56.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
Branch(config-if)#ip address 12.1.1.1 255.255.255.0
Branch(config-if)#no shutdown
Branch(config-if)#ip ospf 110 area 0
Branch(config-if)#tunnel source s1/0
Branch(config-if)#tunnel destination 202.100.1.2
Branch(config-if)#
*Oct 27 08:09:45.177: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Branch(config-if)#
*Oct 27 08:10:16.259: %OSPF-5-ADJCHG: Process 110, Nbr 202.100.1.2 on Tunnel1 from LOADING to FULL, Loading Done
HQ设备的配置:
HQ(config)#interface tunnel 1
*Oct 27 08:08:12.573: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
HQ(config-if)#ip add 12.1.1.2 255.255.255.0
HQ(config-if)#ip ospf 110 area 0
HQ(config-if)#tunnel sour s1/0
HQ(config-if)#tunnel destination 202.100.1.1
HQ(config-if)#
*Oct 27 08:10:16.219: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
*Oct 27 08:10:16.268: %OSPF-5-ADJCHG: Process 110, Nbr 202.100.1.1 on Tunnel1 from LOADING to FULL, Loading Done
Branch验证:
HQ验证:
