祖瑞科技 全国计算机 网络IT运维社区!

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
热搜: 活动 交友 discuz
查看: 6931|回复: 0

PPPOE拨号及GRE tunnel隧道配置方案

[复制链接]

7

主题

12

帖子

142

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
142
发表于 2021-2-27 22:16:47 | 显示全部楼层 |阅读模式
GRE tunnel隧道配置方案

                              
配置ISP(运营商)PPPoE服务端
<Huawei>system-view
[Huawei]sysnameISP
[ISP]interfaceloopback 0  //创建环回口模拟公网IP
[ISP-LoopBack0]ipaddress 100.100.100.100 32
[ISP-LoopBack0]quit
[ISP]ippool R1  //创建IP地址池为虚模板引用
[ISP-ip-pool-R1]gateway-list200.1.1.1  //配置网关地址
[ISP-ip-pool-R1]network200.1.1.0 mask 29  //配置网段掩码为29位
[ISP-ip-pool-R1]dns-list114.114.114.114 8.8.8.8  //配置DNS
[ISP-ip-pool-R1]quit
[ISP]ippool R2
[ISP-ip-pool-R2]gateway-list200.1.2.1
[ISP-ip-pool-R2]network200.1.2.0 mask 29
[ISP-ip-pool-R2]dns-list114.114.114.114 8.8.8.8
[ISP-ip-pool-R2]quit
[ISP]interfacevirtual-template 1  //创建虚拟模板接口(逻辑接口)
[ISP-Virtual-Template1]pppauthentication-mode pap  //配置PPP链路认证模式为PAP协议
[ISP-Virtual-Template1]ipaddress 200.1.1.1 29  //配置接口地址及掩码
[ISP-Virtual-Template1]remoteaddress pool R1  //远程地址引用地址池 R1(为对端提供协商IP地址)
[ISP-Virtual-Template1]interfacevirtual-template 2  
[ISP-Virtual-Template2]pppauthentication-mode pap
[ISP-Virtual-Template2]ipaddress 200.1.2.1 29
[ISP-Virtual-Template2]remoteaddress pool R2
[ISP-Virtual-Template2]quit
[ISP]interfaceGigabitethernet 0/0/0  //进入GE 0/0/0物理接口视图
[ISP-GigabitEthernet0/0/0]pppoe-serverbind virtual-template 1  //配置PPPoE服务绑定虚拟模板
[ISP-GigabitEthernet0/0/0]interfaceGigabitEthernet 0/0/1
[ISP-GigabitEthernet0/0/1]pppoe-serverbind virtual-template 2
[ISP-GigabitEthernet0/0/1]quit
[ISP]aaa //AAA视图(准备创建PPPoE客服端认证用户)
[ISP-aaa]local-userad123456 password cipher admin1234  //创建本地用户 用户名及密码
[ISP-aaa]local-userad123456 service-type ppp  //用户服务类型为PPP
[ISP-aaa]local-user ad654321 passwordcipher admin1234
[ISP-aaa]local-userad654321 service-type ppp
[ISP-aaa]quit
[ISP]displayip interface brief  //查看IP接口概述信息
*down:administratively down
^down:standby
(l):loopback
(s):spoofing
Thenumber of interface that is UP in Physical is 5
Thenumber of interface that is DOWN in Physical is 1
Thenumber of interface that is UP in Protocol is 1
Thenumber of interface that is DOWN in Protocol is 5
Interface                         IP Address/Mask      Physical  Protocol  
GigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              unassigned           up         down      
GigabitEthernet0/0/2              unassigned           down       down     
NULL0                             unassigned           up         up(s)     
Virtual-Template1                 200.1.1.1/29         up         down      
Virtual-Template2                 200.1.2.1/29         up         down      
[ISP]display interfacevirtual-template  //查看虚拟模板接口信息
Virtual-Template1current state : UP
Line protocol current state OWN
Description:HUAWEI,AR Series, Virtual-Template1 Interface
RoutePort,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 200.1.1.1/29
Link layer protocol is PPP
LCP initial
Physicalis None
Currentsystem time: 2020-08-07 14:55:26-08:00
    Last 300 seconds input rate 0 bits/sec, 0packets/sec
    Last 300 seconds output rate 0 bits/sec, 0packets/sec
    Realtime 0 seconds input rate 0 bits/sec, 0packets/sec
    Realtime 0 seconds output rate 0 bits/sec,0 packets/sec
    Input: 0 bytes
    Output:0 bytes
    Input bandwidth utilization  :    0%
    Output bandwidth utilization :    0%
Virtual-Template2current state : UP
Line protocol current state : DOWN
Description:HUAWEI,AR Series, Virtual-Template2 Interface
RoutePort,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 200.1.2.1/29
Link layer protocol is PPP
LCP initial
Physicalis None
Currentsystem time: 2020-08-07 14:55:26-08:00
    Last 300 seconds input rate 0 bits/sec, 0packets/sec
    Last 300 seconds output rate 0 bits/sec, 0packets/sec
    Realtime 0 seconds input rate 0 bits/sec, 0packets/sec
    Realtime 0 seconds output rate 0 bits/sec,0 packets/sec
    Input: 0 bytes
    Output:0 bytes
    Input bandwidth utilization  :    0%
Output bandwidth utilization :    0%
配置R1 DHCP业务及Dialer拨号
<Huawei>system-view
[Huawei]sysnamer1
[r1]dhcpenable  //全局DHCP开启
[r1]ippool zurkj  //创建地址池
[r1-ip-pool-zurkj]gateway-list192.168.10.1  
[r1-ip-pool-zurkj]network192.168.10.0 mask 24
[r1-ip-pool-zurkj]excluded-ip-address192.168.10.200 192.168.10.254  //配置不参与分配地址(保留地址)
[r1-ip-pool-zurkj]leaseday 0 hour 12 minute 0  //配置地址租约
[r1-ip-pool-zurkj]dns-list114.114.114.114 8.8.8.8  //配置DNS
[r1-ip-pool-zurkj]quit
[r1]interfaceGigabitEthernet 0/0/1  //进入GE 0/0/1物理接口视图
[r1-GigabitEthernet0/0/1]ipaddress 192.168.10.1 24  //配置接口地址
[r1-GigabitEthernet0/0/1]dhcpselect global  //配置接口选择调用全局DHCP
[r1-GigabitEthernet0/0/1]quit
[r1]dialer-rule //创建拨号规则
[r1-dialer-rule]dialer-rule1 ip permit  //拨号规则1 允许IP流量触发拨号规则
[r1-dialer-rule]quit
[r1]interfacedialer 1  //创建拨号接口1(逻辑接口)
[r1-Dialer1]dialeruser zurkj  //定义拨号接口的用户名(非PPPoE拨号帐号)
[r1-Dialer1]dialer-group1  //配置拨号组
[r1-Dialer1]dialerbundle 1  //配置拨号绑定 1
[r1-Dialer1]ppppap local-user ad123456 password simple admin1234  //配置PPP拨号用户信息
[r1-Dialer1]ipaddress ppp-negotiate  //配置本拨号接口IP地址为PPP协议协商分配
[r1-Dialer1]pppipcp default-route  //配置配置PPP同时协商一条默认路由
[r1-Dialer1]quit
[r1]interfaceGigabitEthernet 0/0/0  //进入GE 0/0/0物理接口视图
[r1-GigabitEthernet0/0/0]pppoe-clientdial-bundle-number 1   //配置接口为PPPoE客户端绑定拨号规则1(引用前面的bundle 1)
[r1-GigabitEthernet0/0/0]quit
[r1]displayip interface brief  
*down:administratively down
^down:standby
(l):loopback
(s):spoofing
Thenumber of interface that is UP in Physical is 4
Thenumber of interface that is DOWN in Physical is 1
Thenumber of interface that is UP in Protocol is 3
Thenumber of interface that is DOWN in Protocol is 2
Interface                         IP Address/Mask      Physical  Protocol  
Dialer1                           200.1.1.6/32         up         up(s)     
GigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              192.168.10.1/24      up        up        
GigabitEthernet0/0/2              unassigned           down       down     
NULL0                             unassigned           up         up(s)     
配置Easy IP(即NAT转换)
[r1]acl2000  //创建基本访问控制列表
[r1-acl-basic-2000]rule5 permit source any  //规则5 放通所有源IP通行
[r1-acl-basic-2000]quit
[r1]interfaceDialer 1  //进入拨号接口 1
[r1-Dialer1]natoutbound 2000  //在出站方向调用ACL2000规则
[r1-Dialer1]quit
配置R2 DHCP业务及Dialer拨号
<Huawei>system-view
[Huawei]sysnamer2
[r2]dhcpenable
[r2]ippool zurkj
[r2-ip-pool-zurkj]gateway-list192.168.20.1
[r2-ip-pool-zurkj]network192.168.20.0 mask 24
[r2-ip-pool-zurkj]excluded-ip-address192.168.20.200 192.168.20.254
[r2-ip-pool-zurkj]leaseday 0 hour 12 minute 0
[r2-ip-pool-zurkj]dns-list114.114.114.114 8.8.8.8
[r2-ip-pool-zurkj]quit
[r2]interfaceGigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ipaddress 192.168.20.1 24
[r2-GigabitEthernet0/0/1]dhcpselect global
[r2-GigabitEthernet0/0/1]quit
[r2]dialer-rule
[r2-dialer-rule]dialer-rule1 ip permit
[r2-dialer-rule]quit
[r2]interfacedialer 1
[r2-Dialer1]dialeruser r2
[r2-Dialer1]dialer-group1
[r2-Dialer1]dialerbundle 1
[r2-Dialer1]ppppap local-user ad654321 password simple admin1234
[r2-Dialer1]ipaddress ppp-negotiate
[r2-Dialer1]pppipcp default-route
[r2-Dialer1]quit
[r2]interfaceGigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]pppoe-clientdial-bundle-number 1
[r2-GigabitEthernet0/0/0]quit
[r2]displayip interface brief
*down:administratively down
^down:standby
(l):loopback
(s):spoofing
Thenumber of interface that is UP in Physical is 4
Thenumber of interface that is DOWN in Physical is 1
Thenumber of interface that is UP in Protocol is 3
Thenumber of interface that is DOWN in Protocol is 2
Interface                         IP Address/Mask      Physical  Protocol  
Dialer1                           200.1.2.6/32         up         up(s)     
GigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              192.168.20.1/24      up        up        
GigabitEthernet0/0/2              unassigned           down       down     
NULL0                             unassigned           up         up(s)     
[r2]acl2000
[r2-acl-basic-2000]rule5 permit source any
[r2-acl-basic-2000]quit
[r2]interfaceDialer 1
[r2-Dialer1]natoutbound 2000
[r2-Dialer1]quit
使用R1与R2的PC访问公网地址:100.100.100.100
PC>ping100.100.100.100
Ping100.100.100.100: 32 data bytes, Press Ctrl_C to break
From100.100.100.100: bytes=32 seq=1 ttl=254 time=109 ms
From100.100.100.100: bytes=32 seq=2 ttl=254 time=16 ms
From100.100.100.100: bytes=32 seq=3 ttl=254 time=15 ms
From100.100.100.100: bytes=32 seq=4 ttl=254 time=32 ms
From100.100.100.100: bytes=32 seq=5 ttl=254 time=15 ms
---100.100.100.100 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 15/37/109 ms
PC>ping100.100.100.100
Ping100.100.100.100: 32 data bytes, Press Ctrl_C to break
From100.100.100.100: bytes=32 seq=1 ttl=254 time=47 ms
From100.100.100.100: bytes=32 seq=2 ttl=254 time=16 ms
From100.100.100.100: bytes=32 seq=3 ttl=254 time=15 ms
From100.100.100.100: bytes=32 seq=4 ttl=254 time<1 ms
From100.100.100.100: bytes=32 seq=5 ttl=254 time=16 ms
---100.100.100.100 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 0/18/47 ms
配置GRE tunnel 实现R1与R2私网互访
[r1]interfacetunnel 0/0/0  //创建隧道接口(逻辑接口)
[r1-Tunnel0/0/0]tunnel-protocolgre  //配置隧道协议为GRE
[r1-Tunnel0/0/0]source200.1.1.6  //配置源IP地址(本端出站公网IP)
[r1-Tunnel0/0/0]destination200.1.2.6  //配置目标IP地址(对端入站公网IP)
[r1-Tunnel0/0/0]ipaddress 172.16.12.1 24  //配置隧道接口IP地址(与对端需在一个网段内)
[r1-Tunnel0/0/0]quit
也可以在Dialer 1端口进配置默认路由,下一跳指向Dialer1出接口;(没有配置PPP协商默认路由的情况下)
对端设备做镜像配置
[r2]interfacetunnel 0/0/0
[r2-Tunnel0/0/0]tunnel-protocolgre
[r2-Tunnel0/0/0]source200.1.2.6
[r2-Tunnel0/0/0]destination200.1.1.6
[r2-Tunnel0/0/0]ipaddress 172.16.12.2 24
[r2-Tunnel0/0/0]quit
测试GRE tunne 隧道通信
[r1]ping172.16.12.2
  PING 172.16.12.2: 56  data bytes, press CTRL_C to break
    Reply from 172.16.12.2: bytes=56 Sequence=1ttl=255 time=350 ms
    Reply from 172.16.12.2: bytes=56 Sequence=2ttl=255 time=20 ms
    Reply from 172.16.12.2: bytes=56 Sequence=3ttl=255 time=40 ms
    Reply from 172.16.12.2: bytes=56 Sequence=4ttl=255 time=30 ms
    Reply from 172.16.12.2: bytes=56 Sequence=5ttl=255 time=30 ms
  --- 172.16.12.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
round-trip min/avg/max = 20/94/350 ms
配置RIP路由协议
现在可以把R1与R2两个隔着公网的路由当成局域网来配置相关的动态路由协议
[r1]rip1  //创建RIP路由协议
[r1-rip-1]version2  //V2版本
[r1-rip-1]undosummary  //不执行自动路由汇总
[r1-rip-1]network172.16.0.0  //配置参与网段(隧道网段)
[r1-rip-1]network192.168.10.0  //路由下PC所在子网
[r1-rip-1]quit
[r2]rip1
[r2-rip-1]version2
[r2-rip-1]undosummary
[r2-rip-1]network172.16.0.0
[r2-rip-1]network192.168.20.0
[r2-rip-1]quit
查看路由表
[r1]displayip routing-table
RouteFlags: R - relay, D - download to fib
------------------------------------------------------------------------------
RoutingTables: Public
         Destinations : 14       Routes : 14      
Destination/Mask    Proto  Pre  Cost      Flags NextHop         Interface
        0.0.0.0/0  Unr     60  0           D   200.1.1.1       Dialer1
      127.0.0.0/8   Direct 0    0           D  127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct 0    0           D  127.0.0.1       InLoopBack0
127.255.255.255/32  Direct 0    0           D  127.0.0.1       InLoopBack0
    172.16.12.0/24  Direct 0    0           D  172.16.12.1     Tunnel0/0/0
    172.16.12.1/32  Direct 0    0           D  127.0.0.1       Tunnel0/0/0
  172.16.12.255/32  Direct 0    0           D  127.0.0.1       Tunnel0/0/0
   192.168.10.0/24  Direct 0    0           D  192.168.10.1    GigabitEthernet
0/0/1
   192.168.10.1/32  Direct 0    0           D  127.0.0.1       GigabitEthernet
0/0/1
192.168.10.255/32  Direct 0    0           D  127.0.0.1       GigabitEthernet
0/0/1
   192.168.20.0/24  RIP     100 1           D   172.16.12.2     Tunnel0/0/0
      200.1.1.1/32  Direct 0    0           D  200.1.1.1       Dialer1
      200.1.1.6/32  Direct 0    0           D  127.0.0.1       Dialer1
255.255.255.255/32  Direct 0    0           D  127.0.0.1       InLoopBack0v
[r2]displayip routing-table
RouteFlags: R - relay, D - download to fib
------------------------------------------------------------------------------
RoutingTables: Public
         Destinations : 14       Routes : 14      
Destination/Mask    Proto  Pre  Cost      Flags NextHop         Interface
        0.0.0.0/0  Unr     60   0          D   200.1.2.1       Dialer1
      127.0.0.0/8   Direct 0    0           D  127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct 0    0           D  127.0.0.1       InLoopBack0
127.255.255.255/32  Direct 0    0           D  127.0.0.1       InLoopBack0
    172.16.12.0/24  Direct 0    0           D  172.16.12.2     Tunnel0/0/0
    172.16.12.2/32  Direct 0    0           D  127.0.0.1       Tunnel0/0/0
  172.16.12.255/32  Direct 0    0           D  127.0.0.1       Tunnel0/0/0
   192.168.10.0/24  RIP     100 1           D   172.16.12.1     Tunnel0/0/0
   192.168.20.0/24  Direct  0   0           D   192.168.20.1    GigabitEthernet
0/0/1
   192.168.20.1/32  Direct 0    0           D  127.0.0.1       GigabitEthernet
0/0/1
192.168.20.255/32  Direct 0    0           D  127.0.0.1       GigabitEthernet
0/0/1
      200.1.2.1/32  Direct 0    0           D  200.1.2.1       Dialer1
      200.1.2.6/32  Direct 0    0           D  127.0.0.1       Dialer1
255.255.255.255/32  Direct 0    0           D  127.0.0.1       InLoopBack0
测试PC到PC之间的私网连通性
PC>ping192.168.20.199
Ping192.168.20.199: 32 data bytes, Press Ctrl_C to break
From192.168.20.199: bytes=32 seq=1 ttl=126 time=32 ms
From192.168.20.199: bytes=32 seq=2 ttl=126 time=31 ms
From192.168.20.199: bytes=32 seq=3 ttl=126 time=16 ms
From192.168.20.199: bytes=32 seq=4 ttl=126 time=16 ms
From192.168.20.199: bytes=32 seq=5 ttl=126 time=31 ms
---192.168.20.199 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 16/25/32 ms

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
祖瑞(上海)网络科技有限公司
我们在全国范围提供企业IT运维、网络工程、弱电安装、监控安防、计算机产品收售、办公设备耗材等服务!
期待与您的合作!
邮箱:sanne@zurkj.com
电话:021-51850021 18918292296
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

公司网站

QQ|Archiver|手机版|小黑屋|祖瑞科技 全国计算机 网络IT运维社区! ( 沪ICP备16021636号-2 )

GMT+8, 2024-7-23 22:35 , Processed in 0.046032 second(s), 19 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表