MGRE comprehensive experiment

MGRE principle ：
You need to select a device with a fixed physical address of the outgoing interface in the private network as NHS（NHS—— Next hop to the resolution server ）, All remaining branches should know the tunnel address and physical address of the center , then NHRP All branches are required to have their own physical interfaces and tunnel interfaces ip The mapping relationship of the address is sent to NHS, If the physical address changes , You need to resend , such NHS You can get the mapping relationship of the addresses of all branches .

MGRE Comprehensive experiment

To configure ip
R1:
S 4/0/0 15.0.0.1
G 0/0/0 192.168.1.1
R2:
S 4/0/0 25.0.0.1
G 0/0/0 192.168.2.1
R3:
S 4/0/0 35.0.0.1
G 0/0/0 192.168.3.1
R4:
G 0/0/0 45.0.0.1
G 0/0/1 192.168.4.1
R5:
S 3/0/0 15.0.0.2
S 3/0/0 25.0.0.2
S 4/0/0 35.0.0.2
G 0/0/0 45.0.0.2

All boundary devices have 1 By default, the bar points to ISP

[r4]ip route-static 0.0.0.0 0 45.0.0.2

demand 1 Completed .

demand 2：
R1 and R5 Used between PPP Of PAP authentication ,R5 Main certifier
stay R5(ISP) On :

[isp-aaa]local-user admin password cipher 123456  # Create a user admin
[isp-aaa]local-user admin service-type ppp  # Authentication type ppp
[isp-Serial3/0/0]ppp authentication-mode pap # Open at the corresponding interface pap authentication 

stay R1 On ：

[r1-Serial4/0/0]ppp pap local-user admin password cipher 123456

because PPP Your conversation is one-time , After the session is established successfully , Then modify the parameters （ Authentication information ） Does not affect the conversation , That is, the conversation keeps opening .R1 and R5 The authentication type between is also PPP, So in order to verify PPP Of PAP Whether the certification is established successfully , First disconnect the session and then re-establish .

[r1-Serial4/0/0]shutdown 
[r1-Serial4/0/0]undo shutdown 

Check the routing information after re establishment

[r1-Serial4/0/0]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 3

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.1.1/24       up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial4/0/0                       15.0.0.1/24          up         up        
Serial4/0/1                       unassigned           down       down      
[r1-Serial4/0/0]ping 15.0.0.2
  PING 15.0.0.2: 56  data bytes, press CTRL_C to break
    Reply from 15.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 15.0.0.2: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 15.0.0.2: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 15.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
    Reply from 15.0.0.2: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 15.0.0.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/30/50 ms
# Sure ping through ,R1 and R5 Between PPP Of PAP Authentication success 

R2 and R5 Used between PPP Of CHAP authentication ,R5 Main certifier
stay R5 On ：

[isp-Serial3/0/1]ppp authentication-mode chap # Turn on CHAP authentication 

stay R2 On ：

[r2-Serial4/0/0]ppp chap user admin
[r2-Serial4/0/0]ppp chap password cipher 123456  # establish chap authentication , user admin, Set the password 

Also shutdown Again undo shutdown, Verify the authentication connection .

[r2-Serial4/0/0]ping 25.0.0.2
  PING 25.0.0.2: 56  data bytes, press CTRL_C to break
    Reply from 25.0.0.2: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 25.0.0.2: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 25.0.0.2: bytes=56 Sequence=3 ttl=255 time=20 ms
    Reply from 25.0.0.2: bytes=56 Sequence=4 ttl=255 time=20 ms
    Reply from 25.0.0.2: bytes=56 Sequence=5 ttl=255 time=30 ms

  --- 25.0.0.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/28/50 ms
    # Sure Ping through , Authentication success 

R3 And R5 Used between HDLC encapsulation .（ Huawei defaults to PPP, It only needs to be modified as HDLC that will do ）
stay R3 On ：

[r3-Serial4/0/0]link-protocol hdlc 
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y

[r3-Serial4/0/0]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 4

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.3.1/24       up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial4/0/0                       35.0.0.1/24          up         down      
Serial4/0/1                       unassigned           down       down      
# Only in R3 After modifying the packaging method on, the interface up&down（ because R5 still PPP encapsulation , So you can't communicate ）

stay R5 On ：

[isp-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y

[isp-Serial4/0/0]display ip interface brief 
     
Serial4/0/0                       35.0.0.2/24          up         up        
# View route information , Has been restored to double up state 

demand 2 Completed

demand 3：
R1（ Central site ）
stay R1 Create a tunnel interface on , To configure ip

[r1]int Tunnel 0/0/0 # Create a tunnel 
[r1-Tunnel0/0/0]ip address 192.168.5.1 24  # Configure for tunnel interface ip
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp  # Define the encapsulation type GRE
[r1-Tunnel0/0/0]source 15.0.0.1  # Source ip（ Central site , Fix ）
Jul 11 2022 21:49:59-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[r1-Tunnel0/0/0]nhrp network-id 100 # establish nhrp Domain （ overall situation ）

stay R2 On

[r2]interface Tunnel 0/0/0  # Create a tunnel 
[r2-Tunnel0/0/0]ip address 192.168.5.2 24  # Configure the tunnel interface ip
[r2-Tunnel0/0/0]tunnel-protocol gre p2mp  # Agreement for GRE, One to many ,P2MP
[r2-Tunnel0/0/0]source s 4/0/0 # Source ip Unfixed , So write the interface 
Jul 11 2022 21:54:46-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[r2-Tunnel0/0/0]nhrp network-id 100  # Join in nhrp Domain 
[r2-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register # Inform the virtual center ip And reality ip

stay R3 On （ Same as R2）：

[r3]int t 0/0/0
[r3-Tunnel0/0/0]ip address 192.168.5.3 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source s 4/0/0
Jul 11 2022 22:00:35-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry 192.168.5.1 15.0.0.1 register

stay R1 Check out ：

[r1-Tunnel0/0/0]display nhrp peer all
------------------------------------------------------------------------------- 
Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag         
------------------------------------------------------------------------------- 
192.168.5.2     32    25.0.0.1        192.168.5.2     dynamic      route tunnel 
------------------------------------------------------------------------------- 
Tunnel interface: Tunnel0/0/0
Created time    : 00:02:48
Expire time     : 01:57:12
------------------------------------------------------------------------------- 
Protocol-addr   Mask  NBMA-addr       NextHop-addr    Type         Flag         
------------------------------------------------------------------------------- 
192.168.5.3     32    35.0.0.1        192.168.5.3     dynamic      route tunnel 
------------------------------------------------------------------------------- 
Tunnel interface: Tunnel0/0/0
Created time    : 00:00:07
Expire time     : 01:59:53

Number of nhrp peers: 2

R1 and R4 Point to point GRE
stay R1 On ：

[r1]interface t 0/0/1
[r1-Tunnel0/0/1]ip address 192.168.6.1 24
[r1-Tunnel0/0/1]tunnel-protocol gre # Point to point GRE
[r1-Tunnel0/0/1]source 15.0.0.1  # Source ip
[r1-Tunnel0/0/1]destination 45.0.0.1  # The goal is ip （ Because it's point-to-point , So fixed ）
Jul 11 2022 22:04:43-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/1 has entered the UP state. 

stay R4 On （ Empathy R1）：

[r4]int t 0/0/0
[r4-Tunnel0/0/0]ip address 192.168.6.2 24
[r4-Tunnel0/0/0]tunnel-protocol gre
[r4-Tunnel0/0/0]source 45.0.0.1
[r4-Tunnel0/0/0]destination 15.0.0.1
Jul 11 2022 22:05:35-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface Tunnel0/0/0 has entered the UP state. 

demand 4：
stay R1 On ：

[r1-Tunnel0/0/0]nhrp entry multicast dynamic # Enable pseudo broadcast 

[r1]rip  # To configure RIP agreement 
[r1-rip-1]version 2  # edition 
[r1-rip-1]network 192.168.1.0  # Declare 
[r1-rip-1]network 192.168.5.0
[r1-rip-1]network 192.168.6.0

[r1-Tunnel0/0/0]undo rip split-horizon # Turn off horizontal split （ If it's not relevant, it will not be received due to the horizontal segmentation mechanism R2 and R3 Routing information for ）

stay R2 On ：

[r2]rip
[r2-rip-1]version 2
[r2-rip-1]network 192.168.5.0
[r2-rip-1]network 192.168.2.0

stay R3 On ：

[r3]rip
[r3-rip-1]v 2
[r3-rip-1]network 192.168.3.0
[r3-rip-1]network 192.168.5.0

stay R4 On ：

[r4]rip
[r4-rip-1]v 2
[r4-rip-1]ne	
[r4-rip-1]network 192.168.4.0
[r4-rip-1]network 192.168.6.0

demand 5：
To all PC To configure ip
Here to PC4 For example ：

At each boundary device （R1/R2/R3/R4） Make one on nat

[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]q
[r1]int s 4/0/0
[r1-Serial4/0/0]nat outbound 2000

Here to PC2 For example , Before configuration PC2 Can't be with R5 signal communication , After configuration, you can ping through 5.5.5.5
Complete all experimental requirements .