PPPOE拨号及GRE tunnel隧道配置方案
GRE tunnel隧道配置方案配置ISP(运营商)PPPoE服务端<Huawei>system-viewsysnameISPinterfaceloopback 0//创建环回口模拟公网IPipaddress 100.100.100.100 32quitippool R1//创建IP地址池为虚模板引用gateway-list200.1.1.1//配置网关地址network200.1.1.0 mask 29//配置网段掩码为29位dns-list114.114.114.114 8.8.8.8//配置DNSquitippool R2gateway-list200.1.2.1network200.1.2.0 mask 29dns-list114.114.114.114 8.8.8.8quitinterfacevirtual-template 1//创建虚拟模板接口(逻辑接口)pppauthentication-mode pap//配置PPP链路认证模式为PAP协议ipaddress 200.1.1.1 29//配置接口地址及掩码remoteaddress pool R1//远程地址引用地址池 R1(为对端提供协商IP地址)interfacevirtual-template 2pppauthentication-mode papipaddress 200.1.2.1 29remoteaddress pool R2quitinterfaceGigabitethernet 0/0/0//进入GE 0/0/0物理接口视图pppoe-serverbind virtual-template 1//配置PPPoE服务绑定虚拟模板interfaceGigabitEthernet 0/0/1pppoe-serverbind virtual-template 2quitaaa //AAA视图(准备创建PPPoE客服端认证用户)local-userad123456 password cipher admin1234//创建本地用户 用户名及密码local-userad123456 service-type ppp//用户服务类型为PPPlocal-user ad654321 passwordcipher admin1234local-userad654321 service-type pppquitdisplayip interface brief//查看IP接口概述信息*down:administratively down^down:standby(l):loopback(s):spoofingThenumber of interface that is UP in Physical is 5Thenumber of interface that is DOWN in Physical is 1Thenumber of interface that is UP in Protocol is 1Thenumber of interface that is DOWN in Protocol is 5 Interface IP Address/Mask PhysicalProtocolGigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 unassigned up down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) Virtual-Template1 200.1.1.1/29 up down Virtual-Template2 200.1.2.1/29 up down display interfacevirtual-template//查看虚拟模板接口信息Virtual-Template1current state : UPLine protocol current state :DOWNDescription:HUAWEI,AR Series, Virtual-Template1 InterfaceRoutePort,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)Internet Address is 200.1.1.1/29Link layer protocol is PPPLCP initialPhysicalis NoneCurrentsystem time: 2020-08-07 14:55:26-08:00 Last 300 seconds input rate 0 bits/sec, 0packets/sec Last 300 seconds output rate 0 bits/sec, 0packets/sec Realtime 0 seconds input rate 0 bits/sec, 0packets/sec Realtime 0 seconds output rate 0 bits/sec,0 packets/sec Input: 0 bytes Output:0 bytes Input bandwidth utilization: 0% Output bandwidth utilization : 0% Virtual-Template2current state : UPLine protocol current state : DOWNDescription:HUAWEI,AR Series, Virtual-Template2 InterfaceRoutePort,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)Internet Address is 200.1.2.1/29Link layer protocol is PPPLCP initialPhysicalis NoneCurrentsystem time: 2020-08-07 14:55:26-08:00 Last 300 seconds input rate 0 bits/sec, 0packets/sec Last 300 seconds output rate 0 bits/sec, 0packets/sec Realtime 0 seconds input rate 0 bits/sec, 0packets/sec Realtime 0 seconds output rate 0 bits/sec,0 packets/sec Input: 0 bytes Output:0 bytes Input bandwidth utilization: 0%Output bandwidth utilization : 0% 配置R1 DHCP业务及Dialer拨号<Huawei>system-viewsysnamer1dhcpenable//全局DHCP开启ippool zurkj//创建地址池gateway-list192.168.10.1network192.168.10.0 mask 24excluded-ip-address192.168.10.200 192.168.10.254//配置不参与分配地址(保留地址)leaseday 0 hour 12 minute 0//配置地址租约dns-list114.114.114.114 8.8.8.8//配置DNSquitinterfaceGigabitEthernet 0/0/1//进入GE 0/0/1物理接口视图ipaddress 192.168.10.1 24//配置接口地址dhcpselect global//配置接口选择调用全局DHCPquitdialer-rule //创建拨号规则dialer-rule1 ip permit//拨号规则1 允许IP流量触发拨号规则quitinterfacedialer 1//创建拨号接口1(逻辑接口)dialeruser zurkj//定义拨号接口的用户名(非PPPoE拨号帐号)dialer-group1//配置拨号组dialerbundle 1//配置拨号绑定 1ppppap local-user ad123456 password simple admin1234//配置PPP拨号用户信息ipaddress ppp-negotiate//配置本拨号接口IP地址为PPP协议协商分配pppipcp default-route//配置配置PPP同时协商一条默认路由quitinterfaceGigabitEthernet 0/0/0//进入GE 0/0/0物理接口视图pppoe-clientdial-bundle-number 1 //配置接口为PPPoE客户端绑定拨号规则1(引用前面的bundle 1)quitdisplayip interface brief*down:administratively down^down:standby(l):loopback(s):spoofingThenumber of interface that is UP in Physical is 4Thenumber of interface that is DOWN in Physical is 1Thenumber of interface that is UP in Protocol is 3Thenumber of interface that is DOWN in Protocol is 2 Interface IP Address/Mask PhysicalProtocolDialer1 200.1.1.6/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 192.168.10.1/24 up up GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) 配置Easy IP(即NAT转换)acl2000//创建基本访问控制列表 rule5 permit source any//规则5 放通所有源IP通行quitinterfaceDialer 1//进入拨号接口 1natoutbound 2000//在出站方向调用ACL2000规则quit 配置R2 DHCP业务及Dialer拨号<Huawei>system-viewsysnamer2dhcpenableippool zurkjgateway-list192.168.20.1network192.168.20.0 mask 24excluded-ip-address192.168.20.200 192.168.20.254leaseday 0 hour 12 minute 0dns-list114.114.114.114 8.8.8.8quitinterfaceGigabitEthernet 0/0/1ipaddress 192.168.20.1 24 dhcpselect globalquitdialer-ruledialer-rule1 ip permitquitinterfacedialer 1dialeruser r2dialer-group1dialerbundle 1ppppap local-user ad654321 password simple admin1234ipaddress ppp-negotiatepppipcp default-routequitinterfaceGigabitEthernet 0/0/0pppoe-clientdial-bundle-number 1 quitdisplayip interface brief*down:administratively down^down:standby(l):loopback(s):spoofingThenumber of interface that is UP in Physical is 4Thenumber of interface that is DOWN in Physical is 1Thenumber of interface that is UP in Protocol is 3Thenumber of interface that is DOWN in Protocol is 2 Interface IP Address/Mask PhysicalProtocolDialer1 200.1.2.6/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 192.168.20.1/24 up up GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) acl2000rule5 permit source any quitinterfaceDialer 1natoutbound 2000quit 使用R1与R2的PC访问公网地址:100.100.100.100PC>ping100.100.100.100 Ping100.100.100.100: 32 data bytes, Press Ctrl_C to breakFrom100.100.100.100: bytes=32 seq=1 ttl=254 time=109 msFrom100.100.100.100: bytes=32 seq=2 ttl=254 time=16 msFrom100.100.100.100: bytes=32 seq=3 ttl=254 time=15 msFrom100.100.100.100: bytes=32 seq=4 ttl=254 time=32 msFrom100.100.100.100: bytes=32 seq=5 ttl=254 time=15 ms ---100.100.100.100 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 15/37/109 ms PC>ping100.100.100.100 Ping100.100.100.100: 32 data bytes, Press Ctrl_C to breakFrom100.100.100.100: bytes=32 seq=1 ttl=254 time=47 msFrom100.100.100.100: bytes=32 seq=2 ttl=254 time=16 msFrom100.100.100.100: bytes=32 seq=3 ttl=254 time=15 msFrom100.100.100.100: bytes=32 seq=4 ttl=254 time<1 msFrom100.100.100.100: bytes=32 seq=5 ttl=254 time=16 ms ---100.100.100.100 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 0/18/47 ms 配置GRE tunnel 实现R1与R2私网互访interfacetunnel 0/0/0//创建隧道接口(逻辑接口)tunnel-protocolgre//配置隧道协议为GREsource200.1.1.6//配置源IP地址(本端出站公网IP)destination200.1.2.6//配置目标IP地址(对端入站公网IP)ipaddress 172.16.12.1 24//配置隧道接口IP地址(与对端需在一个网段内)quit也可以在Dialer 1端口进配置默认路由,下一跳指向Dialer1出接口;(没有配置PPP协商默认路由的情况下) 对端设备做镜像配置interfacetunnel 0/0/0 tunnel-protocolgre source200.1.2.6destination200.1.1.6ipaddress 172.16.12.2 24 quit 测试GRE tunne 隧道通信ping172.16.12.2PING 172.16.12.2: 56data bytes, press CTRL_C to break Reply from 172.16.12.2: bytes=56 Sequence=1ttl=255 time=350 ms Reply from 172.16.12.2: bytes=56 Sequence=2ttl=255 time=20 ms Reply from 172.16.12.2: bytes=56 Sequence=3ttl=255 time=40 ms Reply from 172.16.12.2: bytes=56 Sequence=4ttl=255 time=30 ms Reply from 172.16.12.2: bytes=56 Sequence=5ttl=255 time=30 ms --- 172.16.12.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 20/94/350 ms 配置RIP路由协议现在可以把R1与R2两个隔着公网的路由当成局域网来配置相关的动态路由协议rip1//创建RIP路由协议version2//V2版本undosummary//不执行自动路由汇总network172.16.0.0//配置参与网段(隧道网段)network192.168.10.0//路由下PC所在子网quit rip1version2undosummary network172.16.0.0network192.168.20.0quit查看路由表displayip routing-table RouteFlags: R - relay, D - download to fib------------------------------------------------------------------------------RoutingTables: Public Destinations : 14 Routes : 14 Destination/Mask ProtoPreCost Flags NextHop Interface 0.0.0.0/0Unr 600 D 200.1.1.1 Dialer1 127.0.0.0/8 Direct 0 0 D127.0.0.1 InLoopBack0 127.0.0.1/32Direct 0 0 D127.0.0.1 InLoopBack0127.255.255.255/32Direct 0 0 D127.0.0.1 InLoopBack0 172.16.12.0/24Direct 0 0 D172.16.12.1 Tunnel0/0/0 172.16.12.1/32Direct 0 0 D127.0.0.1 Tunnel0/0/0172.16.12.255/32Direct 0 0 D127.0.0.1 Tunnel0/0/0 192.168.10.0/24Direct 0 0 D192.168.10.1 GigabitEthernet0/0/1 192.168.10.1/32Direct 0 0 D127.0.0.1 GigabitEthernet0/0/1 192.168.10.255/32Direct 0 0 D127.0.0.1 GigabitEthernet0/0/1 192.168.20.0/24RIP 100 1 D 172.16.12.2 Tunnel0/0/0 200.1.1.1/32Direct 0 0 D200.1.1.1 Dialer1 200.1.1.6/32Direct 0 0 D127.0.0.1 Dialer1255.255.255.255/32Direct 0 0 D127.0.0.1 InLoopBack0v displayip routing-table RouteFlags: R - relay, D - download to fib------------------------------------------------------------------------------RoutingTables: Public Destinations : 14 Routes : 14 Destination/Mask ProtoPreCost Flags NextHop Interface 0.0.0.0/0Unr 60 0 D 200.1.2.1 Dialer1 127.0.0.0/8 Direct 0 0 D127.0.0.1 InLoopBack0 127.0.0.1/32Direct 0 0 D127.0.0.1 InLoopBack0127.255.255.255/32Direct 0 0 D127.0.0.1 InLoopBack0 172.16.12.0/24Direct 0 0 D172.16.12.2 Tunnel0/0/0 172.16.12.2/32Direct 0 0 D127.0.0.1 Tunnel0/0/0172.16.12.255/32Direct 0 0 D127.0.0.1 Tunnel0/0/0 192.168.10.0/24RIP 100 1 D 172.16.12.1 Tunnel0/0/0 192.168.20.0/24Direct0 0 D 192.168.20.1 GigabitEthernet0/0/1 192.168.20.1/32Direct 0 0 D127.0.0.1 GigabitEthernet0/0/1 192.168.20.255/32Direct 0 0 D127.0.0.1 GigabitEthernet0/0/1 200.1.2.1/32Direct 0 0 D200.1.2.1 Dialer1 200.1.2.6/32Direct 0 0 D127.0.0.1 Dialer1255.255.255.255/32Direct 0 0 D127.0.0.1 InLoopBack0 测试PC到PC之间的私网连通性PC>ping192.168.20.199 Ping192.168.20.199: 32 data bytes, Press Ctrl_C to breakFrom192.168.20.199: bytes=32 seq=1 ttl=126 time=32 msFrom192.168.20.199: bytes=32 seq=2 ttl=126 time=31 msFrom192.168.20.199: bytes=32 seq=3 ttl=126 time=16 msFrom192.168.20.199: bytes=32 seq=4 ttl=126 time=16 msFrom192.168.20.199: bytes=32 seq=5 ttl=126 time=31 ms ---192.168.20.199 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 16/25/32 ms
页:
[1]
