ISCW系列實驗三:GRE VPN的配置

实验三:GRE VPN的配置
环境:三台路由器串口相连,接口配置如图
要求:在R1和R3之间建立GRE隧道,地址如图



    		    ISCW系列實驗三:GRE VPN的配置
步骤一:接口配置连通性,
R1(config)#int s0
R1(config-if)#ip add 20.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int lo0
R1(config-if)#ip add 10.1.1.1 255.255.255.0 à虚拟私有网络
R1(config)#ip route 0.0.0.0 0.0.0.0 20.1.1.2 à上互联网的缺省路由
ISP(config)#int s0 àISP路由器虚拟互联网
ISP(config-if)#ip add 30.1.1.1 255.255.255.0
ISP(config-if)#cl ra 64000
ISP(config-if)#no sh
ISP(config-if)#int s1
ISP(config-if)#ip add 20.1.1.2 255.255.255.0
ISP(config-if)#cl ra 64000
ISP(config-if)#no sh
R3(config)#int s1
R3(config-if)#ip add 30.1.1.2 255.255.255.0
R3(config-if)#no sh
R3(config-if)#int loo 0
R3(config-if)#ip add 40.1.1.1 255.255.255.0 à虚拟私有网络
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 30.1.1.2 à上互联网的缺省路由
步骤二:测试哪些可达,哪些不可达
R3#ping 10.1.1.1 à由于ISP没有私网的路由
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R3#ping 20.1.1.1 à合法地址是能够通讯的
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/60/64 ms
步骤三:实施GRE隧道技术
R1(config)#int tunnel 0 à进入隧道接口
R1(config-if)#ip add 100.1.1.1 255.255.255.0 à指定IP地址,两端要在一个网段
R1(config-if)#tunnel source s0 à指定承载隧道的源和目的接口
R1(config-if)#tunnel destination 30.1.1.2
R1(config-if)#no sh
R1(config)#ip route 40.1.1.0 255.255.255.0 tunnel0 à为私有网络指路由走tunnel接口
R3(config)#int tunnel 0
R3(config-if)#ip add 100.1.1.2 255.255.255.0
R3(config-if)#tunnel source s1 à互指源和目的
R3(config-if)#tunnel destination 20.1.1.1
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#ip route 10.1.1.0 255.255.255.0 tunnel 0 à指对端的私有网络
步骤四:做PING测试
R1#ping 40.1.1.1 à都已PING通,证明GRE隧道已建立
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/72/76 ms
R1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/72/76 ms
步骤五:验证结果
R1#show int tunnel 0
Tunnel0 is up, line protocol is up àtunnel接口已经UP
Hardware is Tunnel
Internet address is 100.1.1.1/24
R3#show int tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 100.1.1.2/24
R1#show int tunnel 0 accounting àtunnel接口的统计信息,包的统计
Tunnel0
Protocol Pkts In Chars In Pkts Out Chars Out
IP 10 1000 10 1000
R3#show int tunnel 0 accounting
Tunnel0
Protocol Pkts In Chars In Pkts Out Chars Out
IP 10 1000 10 1000
步骤六:显示当前配置
R1#show run
hostname R1
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Tunnel0
ip address 100.1.1.1 255.255.255.0
tunnel source Serial0
tunnel destination 30.1.1.2
!
interface Serial0
ip address 20.1.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 20.1.1.2
ip route 40.1.1.0 255.255.255.0 Tunnel0
!
End
ISP#show run
hostname ISP
!
interface Serial0
ip address 30.1.1.1 255.255.255.0
clockrate 64000
!
interface Serial1
ip address 20.1.1.2 255.255.255.0
clockrate 64000
!
end
R3#show run
hostname R3
!
interface Loopback0
ip address 40.1.1.1 255.255.255.0
!
interface Tunnel0
ip address 100.1.1.2 255.255.255.0
tunnel source s1
tunnel destination 20.1.1.1
!
interface Serial1
ip address 30.1.1.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 30.1.1.2
ip route 10.1.1.0 255.255.255.0 Tunnel0
!
end
更多相关文章
一周排行