拓扑图
配置过程:
[R1]dis cu
#
version 5.20, Alpha 1011
#
sysname R1
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user R2
service-type ppp
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user R1
ppp chap password cipher <*Z>0;XEABJII^GP+;Y'.Q!!
ppp mp Mp-group 0
#
interface Serial0/2/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user R1
ppp chap password cipher <*Z>0;XEABJII^GP+;Y'.Q!!
ppp mp Mp-group 0
#
interface Mp-group0
ip address 20.1.1.1 255.255.255.0
#
interface Mp-group1
#
interface NULL0
#
interface LoopBack0
ip address 10.0.0.1 255.255.255.255
#
rip 1
undo summary
version 2
network 10.0.0.0
network 20.0.0.0
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R1] dis ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
10.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
20.1.1.0/24 Direct 0 0 20.1.1.1 Mp-group0
20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
20.1.1.2/32 Direct 0 0 20.1.1.2 Mp-group0
40.1.1.0/24 RIP 100 1 20.1.1.2 Mp-group0
40.1.1.2/32 RIP 100 1 20.1.1.2 Mp-group0
50.1.1.0/24 RIP 100 1 20.1.1.2 Mp-group0
50.1.1.2/32 RIP 100 1 20.1.1.2 Mp-group0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.1/32 RIP 100 1 20.1.1.2 Mp-group0
[R2]dis cu
#
version 5.20, Alpha 1011
#
sysname R2
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user R1
service-type ppp
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user R2
ppp chap password cipher <*Z>0;XEABJII^GP+;Y'.Q!!
ppp mp Mp-group 1
#
interface Serial0/2/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user R2
ppp chap password cipher <*Z>0;XEABJII^GP+;Y'.Q!!
ppp mp Mp-group 1
#
interface Serial0/2/2
link-protocol ppp
ip address 40.1.1.1 255.255.255.0
#
interface Serial0/2/3
link-protocol ppp
ip address 50.1.1.1 255.255.255.0
#
interface Mp-group1
ip address 20.1.1.2 255.255.255.0
#
interface NULL0
#
ospf 1
import-route direct
import-route rip 1 type 1
area 0.0.0.0
network 40.1.1.0 0.0.0.255
network 50.1.1.0 0.0.0.255
#
rip 1
undo summary
version 2
network 20.0.0.0
import-route direct
import-route ospf 1
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R2] dis ip routing-table
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
10.0.0.1/32 RIP 100 1 20.1.1.1 Mp-group1
20.1.1.0/24 Direct 0 0 20.1.1.2 Mp-group1
20.1.1.1/32 Direct 0 0 20.1.1.1 Mp-group1
20.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
40.1.1.0/24 Direct 0 0 40.1.1.1 S0/2/2
40.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
40.1.1.2/32 Direct 0 0 40.1.1.2 S0/2/2
50.1.1.0/24 Direct 0 0 50.1.1.1 S0/2/3
50.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
50.1.1.2/32 Direct 0 0 50.1.1.2 S0/2/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.1/32 OSPF 10 1562 50.1.1.2 S0/2/3
[R3]dis cu
#
version 5.20, Alpha 1011
#
sysname R3
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
nat address-group 0 40.1.1.3 40.1.1.3
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.0.255
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol ppp
nat outbound 2001 address-group 0
ip address 40.1.1.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 192.168.0.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 40.1.1.0 0.0.0.255
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R3] dis ip routing-table
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost NextHop Interface
10.0.0.1/32 O_ASE 150 1563 40.1.1.1 S0/2/0
20.1.1.0/24 O_ASE 150 1 40.1.1.1 S0/2/0
20.1.1.1/32 O_ASE 150 1 40.1.1.1 S0/2/0
40.1.1.0/24 Direct 0 0 40.1.1.2 S0/2/0
40.1.1.1/32 Direct 0 0 40.1.1.1 S0/2/0
40.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
50.1.1.0/24 OSPF 10 3124 40.1.1.1 S0/2/0
50.1.1.2/32 O_ASE 150 1 40.1.1.1 S0/2/0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.1/32 OSPF 10 3124 40.1.1.1 S0/2/0
192.168.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[R4]dis cu
#
version 5.20, Alpha 1011
#
sysname R4
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
acl number 3001
rule 0 deny tcp source 10.0.0.0 0.0.0.255 destination 172.16.0.0 0.0.0.255 destination-port eq www
rule 5 permit tcp destination-port eq www
#
interface Ethernet0/1/0
port link-mode route
#
interface Serial0/2/0
link-protocol ppp
firewall packet-filter 3001 inbound
ip address 50.1.1.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 172.16.0.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 50.1.1.0 0.0.0.255
network 172.16.0.1 0.0.0.0
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
#
Return
[R4] dis ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
10.0.0.1/32 O_ASE 150 1563 50.1.1.1 S0/2/0
20.1.1.0/24 O_ASE 150 1 50.1.1.1 S0/2/0
20.1.1.1/32 O_ASE 150 1 50.1.1.1 S0/2/0
40.1.1.0/24 OSPF 10 3124 50.1.1.1 S0/2/0
40.1.1.2/32 O_ASE 150 1 50.1.1.1 S0/2/0
50.1.1.0/24 Direct 0 0 50.1.1.2 S0/2/0
50.1.1.1/32 Direct 0 0 50.1.1.1 S0/2/0
50.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.1/32 Direct 0 0 127.0.0.1 InLoop0
