DATACOM

自拨号发起L2TP隧道连接

作者ericwong,发布于 留下评论

自拨号发起L2TP隧道连接

1.拓扑图

原始图

image-20250709101702899

ENSP

image-20250709164200215

2.环境配置

2.1.保证R2能够正常PING通R3,设置好路由

R1

<Huawei>sys
[Huawei]sys R1
[R1]int GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip add 20.1.1.2 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 20.1.2.2 24
[R1-GigabitEthernet0/0/1]quit

R2

<Huawei>sys
[Huawei]sys R2
[R2-GigabitEthernet0/0/0]ip add 20.1.1.1 24
[R2-GigabitEthernet0/0/0]int vlanif1
[R2-Vlanif1]ip add 10.1.1.1 24
[R2-Vlanif1]quit
[R2]ip route-static 20.1.2.0 24 20.1.1.2

R3

<Huawei>sys
[Huawei]sys R3
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 20.1.2.1 24
[R3-GigabitEthernet0/0/0]
[R3-GigabitEthernet0/0/0]int vlanif1
[R3-Vlanif1]ip add 10.1.2.1 24
[R3]ip route-static 20.1.1.0 24 20.1.2.2
image-20250709102005884

2.2.R2-添加用户

[R2]aaa
[R2-aaa]local-user wong password cipher 91xueit
[R2-aaa]local-user wong service-type ppp
[R2-aaa]quit

2.3.R2-添加地址池

[R2]ip pool remoteNet
[R2-ip-pool-remoteNet]network 10.1.3.0 mask 24
[R2-ip-pool-remoteNet]gateway-list 10.1.3.1
[R2-ip-pool-remoteNet]QUIT

2.4.R2-制作虚拟接口登录模板

[R2]interface Virtual-Template 1
[R2-Virtual-Template1]ppp authentication-mode chap
[R2-Virtual-Template1]remote address pool remoteNet
[R2-Virtual-Template1]ip address 10.1.3.1 24
[R2-Virtual-Template1]quit

2.5.R2-配置l2tp组

[R2]l2tp enable
[R2]l2tp-group 1
[R2-l2tp1]tunnel name lns
[R2-l2tp1]allow l2tp virtual-template 1 remote lac #lac为拨号的路由器名字
[R2-l2tp1]tunnel authentication 
[R2-l2tp1]tunnel password simple huawei
[R2-l2tp1]quit
image-20250709103445971

2.6.R2-添加路由

[R2]ip route-static 10.1.2.0 24 Virtual-Template 1

2.7.R3-配置拨号方式

[R3]l2tp enable
[R3]l2tp-group 1
[R3-l2tp1]tunnel name lac
[R3-l2tp1]start l2tp ip 20.1.1.1 fullusername wong
[R3-l2tp1]tunnel authentication 
[R3-l2tp1]tunnel password simple huawei
[R3-l2tp1]quit

2.8.R3-创建虚拟拨号模板

[R3]interface Virtual-Template 1
[R3-Virtual-Template1]ppp chap user wong
[R3-Virtual-Template1]ppp chap password cipher 91xueit
[R3-Virtual-Template1]ip address ppp-negotiate 
[R3-Virtual-Template1]l2tp-auto-client enable
[R3-Virtual-Template1]quit

2.9.R3-添加路由

[R3]ip route-static 10.1.1.0 24 Virtual-Template 1

3.测试

image-20250709131824907

image-20250709131930481

4.添加新网段

4.1.拓扑图

image-20250709153117469

4.2.配置路由器

<R2>sys
Enter system view, return user view with Ctrl+Z.
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 20.1.4.1 24
[R2]ip route-static 10.1.4.0 24 20.1.4.2

<Huawei>sys
[Huawei]sys R4
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 20.1.4.2 24
[R4-GigabitEthernet0/0/0]int vlanif 1
[R4-Vlanif1]ip add 10.1.4.1 24
[R4]ip route-static 10.1.2.0 24 20.1.4.1

<R3>sys
[R3]ip route-static 10.1.4.0 24 Virtual-Template 1

4.3.测试

image-20250709152948819

5.增加设备

5.1.拓扑图

image-20250709153205632

增加云朵

image-20250709153220538

5.2.配置路由器

[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 20.1.3.1 24
[R3]ip route-static 10.1.3.0 24 20.1.2.2

[R1]ip route-static 20.1.3.0 24 20.1.2.1

[R2]ip route-static 20.1.3.0 24 20.1.1.2

5.3.修改WIN7 IP地址

image-20250709160939705

5.4.连通性测试

WIN7 PING 20.1.1.1

image-20250709161516749

5.5.配置华为VPN-CLIENT

image-20250709161843673

image-20250709153930940

image-20250709161938188

5.6.测试-访问内网

分配的地址

image-20250709162020964

image-20250709162127208

image-20250709162401962

由于有一条路由,使得10.1.3.254与10.1.1.0变成直连,因而,其实不用隧道,仅靠静态路由也是能够实现访问内网

image-20250709163222880

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注