|
GRE tunnel隧道配置方案
配置ISP(运营商)PPPoE服务端 <Huawei>system-view [Huawei]sysnameISP [ISP]interfaceloopback 0 //创建环回口模拟公网IP [ISP-LoopBack0]ipaddress 100.100.100.100 32 [ISP-LoopBack0]quit [ISP]ippool R1 //创建IP地址池为虚模板引用 [ISP-ip-pool-R1]gateway-list200.1.1.1 //配置网关地址 [ISP-ip-pool-R1]network200.1.1.0 mask 29 //配置网段掩码为29位 [ISP-ip-pool-R1]dns-list114.114.114.114 8.8.8.8 //配置DNS [ISP-ip-pool-R1]quit [ISP]ippool R2 [ISP-ip-pool-R2]gateway-list200.1.2.1 [ISP-ip-pool-R2]network200.1.2.0 mask 29 [ISP-ip-pool-R2]dns-list114.114.114.114 8.8.8.8 [ISP-ip-pool-R2]quit [ISP]interfacevirtual-template 1 //创建虚拟模板接口(逻辑接口) [ISP-Virtual-Template1]pppauthentication-mode pap //配置PPP链路认证模式为PAP协议 [ISP-Virtual-Template1]ipaddress 200.1.1.1 29 //配置接口地址及掩码 [ISP-Virtual-Template1]remoteaddress pool R1 //远程地址引用地址池 R1(为对端提供协商IP地址) [ISP-Virtual-Template1]interfacevirtual-template 2 [ISP-Virtual-Template2]pppauthentication-mode pap [ISP-Virtual-Template2]ipaddress 200.1.2.1 29 [ISP-Virtual-Template2]remoteaddress pool R2 [ISP-Virtual-Template2]quit [ISP]interfaceGigabitethernet 0/0/0 //进入GE 0/0/0物理接口视图 [ISP-GigabitEthernet0/0/0]pppoe-serverbind virtual-template 1 //配置PPPoE服务绑定虚拟模板 [ISP-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1 [ISP-GigabitEthernet0/0/1]pppoe-serverbind virtual-template 2 [ISP-GigabitEthernet0/0/1]quit [ISP]aaa //AAA视图(准备创建PPPoE客服端认证用户) [ISP-aaa]local-userad123456 password cipher admin1234 //创建本地用户 用户名及密码 [ISP-aaa]local-userad123456 service-type ppp //用户服务类型为PPP [ISP-aaa]local-user ad654321 passwordcipher admin1234 [ISP-aaa]local-userad654321 service-type ppp [ISP-aaa]quit [ISP]displayip interface brief //查看IP接口概述信息 *down:administratively down ^down:standby (l):loopback (s):spoofing Thenumber of interface that is UP in Physical is 5 Thenumber of interface that is DOWN in Physical is 1 Thenumber of interface that is UP in Protocol is 1 Thenumber of interface that is DOWN in Protocol is 5 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 unassigned up down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) Virtual-Template1 200.1.1.1/29 up down Virtual-Template2 200.1.2.1/29 up down [ISP]display interfacevirtual-template //查看虚拟模板接口信息 Virtual-Template1current state : UP Line protocol current state  OWN Description:HUAWEI,AR Series, Virtual-Template1 Interface RoutePort,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 200.1.1.1/29 Link layer protocol is PPP LCP initial Physicalis None Currentsystem time: 2020-08-07 14:55:26-08:00 Last 300 seconds input rate 0 bits/sec, 0packets/sec Last 300 seconds output rate 0 bits/sec, 0packets/sec Realtime 0 seconds input rate 0 bits/sec, 0packets/sec Realtime 0 seconds output rate 0 bits/sec,0 packets/sec Input: 0 bytes Output:0 bytes Input bandwidth utilization : 0% Output bandwidth utilization : 0% Virtual-Template2current state : UP Line protocol current state : DOWN Description:HUAWEI,AR Series, Virtual-Template2 Interface RoutePort,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 200.1.2.1/29 Link layer protocol is PPP LCP initial Physicalis None Currentsystem time: 2020-08-07 14:55:26-08:00 Last 300 seconds input rate 0 bits/sec, 0packets/sec Last 300 seconds output rate 0 bits/sec, 0packets/sec Realtime 0 seconds input rate 0 bits/sec, 0packets/sec Realtime 0 seconds output rate 0 bits/sec,0 packets/sec Input: 0 bytes Output:0 bytes Input bandwidth utilization : 0% Output bandwidth utilization : 0% 配置R1 DHCP业务及Dialer拨号 <Huawei>system-view [Huawei]sysnamer1 [r1]dhcpenable //全局DHCP开启 [r1]ippool zurkj //创建地址池 [r1-ip-pool-zurkj]gateway-list192.168.10.1 [r1-ip-pool-zurkj]network192.168.10.0 mask 24 [r1-ip-pool-zurkj]excluded-ip-address192.168.10.200 192.168.10.254 //配置不参与分配地址(保留地址) [r1-ip-pool-zurkj]leaseday 0 hour 12 minute 0 //配置地址租约 [r1-ip-pool-zurkj]dns-list114.114.114.114 8.8.8.8 //配置DNS [r1-ip-pool-zurkj]quit [r1]interfaceGigabitEthernet 0/0/1 //进入GE 0/0/1物理接口视图 [r1-GigabitEthernet0/0/1]ipaddress 192.168.10.1 24 //配置接口地址 [r1-GigabitEthernet0/0/1]dhcpselect global //配置接口选择调用全局DHCP [r1-GigabitEthernet0/0/1]quit [r1]dialer-rule //创建拨号规则 [r1-dialer-rule]dialer-rule1 ip permit //拨号规则1 允许IP流量触发拨号规则 [r1-dialer-rule]quit [r1]interfacedialer 1 //创建拨号接口1(逻辑接口) [r1-Dialer1]dialeruser zurkj //定义拨号接口的用户名(非PPPoE拨号帐号) [r1-Dialer1]dialer-group1 //配置拨号组 [r1-Dialer1]dialerbundle 1 //配置拨号绑定 1 [r1-Dialer1]ppppap local-user ad123456 password simple admin1234 //配置PPP拨号用户信息 [r1-Dialer1]ipaddress ppp-negotiate //配置本拨号接口IP地址为PPP协议协商分配 [r1-Dialer1]pppipcp default-route //配置配置PPP同时协商一条默认路由 [r1-Dialer1]quit [r1]interfaceGigabitEthernet 0/0/0 //进入GE 0/0/0物理接口视图 [r1-GigabitEthernet0/0/0]pppoe-clientdial-bundle-number 1 //配置接口为PPPoE客户端绑定拨号规则1(引用前面的bundle 1) [r1-GigabitEthernet0/0/0]quit [r1]displayip interface brief *down:administratively down ^down:standby (l):loopback (s):spoofing Thenumber of interface that is UP in Physical is 4 Thenumber of interface that is DOWN in Physical is 1 Thenumber of interface that is UP in Protocol is 3 Thenumber of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol Dialer1 200.1.1.6/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 192.168.10.1/24 up up GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) 配置Easy IP(即NAT转换) [r1]acl2000 //创建基本访问控制列表 [r1-acl-basic-2000]rule5 permit source any //规则5 放通所有源IP通行 [r1-acl-basic-2000]quit [r1]interfaceDialer 1 //进入拨号接口 1 [r1-Dialer1]natoutbound 2000 //在出站方向调用ACL2000规则 [r1-Dialer1]quit 配置R2 DHCP业务及Dialer拨号 <Huawei>system-view [Huawei]sysnamer2 [r2]dhcpenable [r2]ippool zurkj [r2-ip-pool-zurkj]gateway-list192.168.20.1 [r2-ip-pool-zurkj]network192.168.20.0 mask 24 [r2-ip-pool-zurkj]excluded-ip-address192.168.20.200 192.168.20.254 [r2-ip-pool-zurkj]leaseday 0 hour 12 minute 0 [r2-ip-pool-zurkj]dns-list114.114.114.114 8.8.8.8 [r2-ip-pool-zurkj]quit [r2]interfaceGigabitEthernet 0/0/1 [r2-GigabitEthernet0/0/1]ipaddress 192.168.20.1 24 [r2-GigabitEthernet0/0/1]dhcpselect global [r2-GigabitEthernet0/0/1]quit [r2]dialer-rule [r2-dialer-rule]dialer-rule1 ip permit [r2-dialer-rule]quit [r2]interfacedialer 1 [r2-Dialer1]dialeruser r2 [r2-Dialer1]dialer-group1 [r2-Dialer1]dialerbundle 1 [r2-Dialer1]ppppap local-user ad654321 password simple admin1234 [r2-Dialer1]ipaddress ppp-negotiate [r2-Dialer1]pppipcp default-route [r2-Dialer1]quit [r2]interfaceGigabitEthernet 0/0/0 [r2-GigabitEthernet0/0/0]pppoe-clientdial-bundle-number 1 [r2-GigabitEthernet0/0/0]quit [r2]displayip interface brief *down:administratively down ^down:standby (l):loopback (s):spoofing Thenumber of interface that is UP in Physical is 4 Thenumber of interface that is DOWN in Physical is 1 Thenumber of interface that is UP in Protocol is 3 Thenumber of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol Dialer1 200.1.2.6/32 up up(s) GigabitEthernet0/0/0 unassigned up down GigabitEthernet0/0/1 192.168.20.1/24 up up GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [r2]acl2000 [r2-acl-basic-2000]rule5 permit source any [r2-acl-basic-2000]quit [r2]interfaceDialer 1 [r2-Dialer1]natoutbound 2000 [r2-Dialer1]quit 使用R1与R2的PC访问公网地址:100.100.100.100 PC>ping100.100.100.100 Ping100.100.100.100: 32 data bytes, Press Ctrl_C to break From100.100.100.100: bytes=32 seq=1 ttl=254 time=109 ms From100.100.100.100: bytes=32 seq=2 ttl=254 time=16 ms From100.100.100.100: bytes=32 seq=3 ttl=254 time=15 ms From100.100.100.100: bytes=32 seq=4 ttl=254 time=32 ms From100.100.100.100: bytes=32 seq=5 ttl=254 time=15 ms ---100.100.100.100 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/37/109 ms PC>ping100.100.100.100 Ping100.100.100.100: 32 data bytes, Press Ctrl_C to break From100.100.100.100: bytes=32 seq=1 ttl=254 time=47 ms From100.100.100.100: bytes=32 seq=2 ttl=254 time=16 ms From100.100.100.100: bytes=32 seq=3 ttl=254 time=15 ms From100.100.100.100: bytes=32 seq=4 ttl=254 time<1 ms From100.100.100.100: bytes=32 seq=5 ttl=254 time=16 ms ---100.100.100.100 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 0/18/47 ms 配置GRE tunnel 实现R1与R2私网互访 [r1]interfacetunnel 0/0/0 //创建隧道接口(逻辑接口) [r1-Tunnel0/0/0]tunnel-protocolgre //配置隧道协议为GRE [r1-Tunnel0/0/0]source200.1.1.6 //配置源IP地址(本端出站公网IP) [r1-Tunnel0/0/0]destination200.1.2.6 //配置目标IP地址(对端入站公网IP) [r1-Tunnel0/0/0]ipaddress 172.16.12.1 24 //配置隧道接口IP地址(与对端需在一个网段内) [r1-Tunnel0/0/0]quit 也可以在Dialer 1端口进配置默认路由,下一跳指向Dialer1出接口;(没有配置PPP协商默认路由的情况下) 对端设备做镜像配置 [r2]interfacetunnel 0/0/0 [r2-Tunnel0/0/0]tunnel-protocolgre [r2-Tunnel0/0/0]source200.1.2.6 [r2-Tunnel0/0/0]destination200.1.1.6 [r2-Tunnel0/0/0]ipaddress 172.16.12.2 24 [r2-Tunnel0/0/0]quit 测试GRE tunne 隧道通信 [r1]ping172.16.12.2 PING 172.16.12.2: 56 data bytes, press CTRL_C to break Reply from 172.16.12.2: bytes=56 Sequence=1ttl=255 time=350 ms Reply from 172.16.12.2: bytes=56 Sequence=2ttl=255 time=20 ms Reply from 172.16.12.2: bytes=56 Sequence=3ttl=255 time=40 ms Reply from 172.16.12.2: bytes=56 Sequence=4ttl=255 time=30 ms Reply from 172.16.12.2: bytes=56 Sequence=5ttl=255 time=30 ms --- 172.16.12.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/94/350 ms 配置RIP路由协议 现在可以把R1与R2两个隔着公网的路由当成局域网来配置相关的动态路由协议 [r1]rip1 //创建RIP路由协议 [r1-rip-1]version2 //V2版本 [r1-rip-1]undosummary //不执行自动路由汇总 [r1-rip-1]network172.16.0.0 //配置参与网段(隧道网段) [r1-rip-1]network192.168.10.0 //路由下PC所在子网 [r1-rip-1]quit [r2]rip1 [r2-rip-1]version2 [r2-rip-1]undosummary [r2-rip-1]network172.16.0.0 [r2-rip-1]network192.168.20.0 [r2-rip-1]quit 查看路由表 [r1]displayip routing-table RouteFlags: R - relay, D - download to fib ------------------------------------------------------------------------------ RoutingTables: Public Destinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Unr 60 0 D 200.1.1.1 Dialer1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.12.0/24 Direct 0 0 D 172.16.12.1 Tunnel0/0/0 172.16.12.1/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0 172.16.12.255/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0 192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet 0/0/1 192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 192.168.20.0/24 RIP 100 1 D 172.16.12.2 Tunnel0/0/0 200.1.1.1/32 Direct 0 0 D 200.1.1.1 Dialer1 200.1.1.6/32 Direct 0 0 D 127.0.0.1 Dialer1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0v [r2]displayip routing-table RouteFlags: R - relay, D - download to fib ------------------------------------------------------------------------------ RoutingTables: Public Destinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Unr 60 0 D 200.1.2.1 Dialer1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.12.0/24 Direct 0 0 D 172.16.12.2 Tunnel0/0/0 172.16.12.2/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0 172.16.12.255/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0 192.168.10.0/24 RIP 100 1 D 172.16.12.1 Tunnel0/0/0 192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet 0/0/1 192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 200.1.2.1/32 Direct 0 0 D 200.1.2.1 Dialer1 200.1.2.6/32 Direct 0 0 D 127.0.0.1 Dialer1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 测试PC到PC之间的私网连通性 PC>ping192.168.20.199 Ping192.168.20.199: 32 data bytes, Press Ctrl_C to break From192.168.20.199: bytes=32 seq=1 ttl=126 time=32 ms From192.168.20.199: bytes=32 seq=2 ttl=126 time=31 ms From192.168.20.199: bytes=32 seq=3 ttl=126 time=16 ms From192.168.20.199: bytes=32 seq=4 ttl=126 time=16 ms From192.168.20.199: bytes=32 seq=5 ttl=126 time=31 ms ---192.168.20.199 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/25/32 ms | 
|Archiver|手机版|小黑屋|祖瑞科技 全国计算机 网络IT运维社区!
( 沪ICP备16021636号-2 )
发表于 2021-2-27 22:16:47
