CCNP2 experiment: CHAP authentication, MGRE Technology

Article directory

CCNP2 experiment: CHAP authentication, MGRE Technology

Note: the topology of the experiment is as follows: R2 acts as ISP, which requires that these three LANs be connected to a LAN through MGRE. The specific experimental requirements are shown in the figure:

1. Planning IP:

Public network IP 12.1.1.1/24 23.1.1.1/24 34.1.1.1/24
MGRE 10.1.1.1/24 10.1.1.2/24 10.1.1.3/24

2. Configuration:

(1) bottom layer:

The bottom layer is configured as shown in the figure. The public IP is randomly configured. I'm here for convenience.

(2) route:

① configuration default:

R1(config)#ip route 0.0.0.0 0.0.0.0 12.1.1.2
R3(config)#ip route 0.0.0.0 0.0.0.0 23.1.1.2
R4(config)#ip route 0.0.0.0 0.0.0.0 24.1.1.2
R5(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

② setting up MGRE environment:

R1(config)#int tunnel 0
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#tunnel source 12.1.1.1
R1(config-if)#tunnel mode gre multipoint 
R1(config-if)#ip nhrp map multicast dynamic 
R1(config-if)#ip nhrp network-id 100
R1(config-if)#no ip split-horizon eigrp 90

R3(config)#int tunnel 0
R3(config-if)#ip add 10.1.1.2 255.255.255.0
R3(config-if)#tunnel source s0/0 
R3(config-if)#tunnel mode gre multipoint 
R3(config-if)#ip nhrp nhs 10.1.1.1
R3(config-if)#ip nhrp map 10.1.1.1 12.1.1.1
R3(config-if)#ip nhrp network-id 100
R3(config-if)#ip nhrp map multicast 12.1.1.1
R4 with R3 To configure

③ route announcement:

R5(config)#router eigrp 90
R5(config-router)#no auto-summary 
R5(config-router)#network 192.168.1.0
R5(config-router)#network 192.168.4.0

R3(config)#router eigrp 90
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.1.0
R3(config-router)#networ 10.0.0.0
R4 ellipsis

To do this, we can set up the MGRE loan book. Let's check the route table of R4:

Then use the ping command to detect:

④ NAT on R1:

R1(config)#access-list 1 permit 192.168.0.0 0.0.255.255

R1(config)#ip nat inside source list 1 int s0/1 overload 

R1(config)#int s0/0
R1(config-if)#ip nat inside 
R1(config-if)#int s0/1
R1(config-if)#ip nat outside 

R5 for testing:

⑤ CHAP authentication:

R2(config)#int s0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
R2(config)#username ccnp2 password cisco123

R1(config)#int s0/1
R1(config-if)#encapsulation ppp
R1(config-if)#ppp chap hostname ccnp2
R1(config-if)#ppp chap password cisco123

This is the end of the experiment. If you don't understand, you can also refer to my article in addition to leaving a message in the background:
CCNP2: two layer technology, PPP, HDLC, GRE (Tunnel), MGRE Technology

Tags: network

Posted on Sun, 10 Nov 2019 10:11:18 -0500 by PHP Monkeh