Lab về DMVPN potx

Spoke2config-if# ip nhrp hold-time 600Spoke2config-if# ip nhs 10.0.0.1 Spoke2config-if# no ip next-hop-self eigrp 1 Spoke2config-if# ip map multicast 172.30.2.1 Spoke2config-if# ip nhrp

Trang 1

Lab về DMVPN

Tác giả: Vi Thị Mưu

Các bước thực hiện cho cấu hình:

Bước 1 : Cấu hình cho các Router thấy nhau

Spoke 1:

Router#config terminal

Router(config)# hostname Spoke1

Spoke1(config)# interface f0/0

Spoke1(config-if)# ip address 172.30.1.1 255.255.255.0

Spoke1(config-if)# no shutdown

Spoke1(config-if)# exit

Spoke1(config-if)# no shutdown

Spoke1(config)# ip route 0.0.0.0 0.0.0.0 172.30.1.2

Spoke 2:

Router# config terminal

Router(config)# hostname Spoke2

Trang 2

Spoke2(config-if)# ip address 172.30.3.1 255.255.255.0 Spoke2(config-if)# no shutdown

Spoke2(config-if)# ip address 192.168.2.1 255.255.255.0 Spoke2(config-if)# no shutdown

Spoke2(config)# ip route 0.0.0.0 0.0.0.0 172.30.3.2

HUB

Router#config terminal

Router(config)# hostname Hub

Hub(config)# interface f0/0

Hub(config-if)# ip address 172.30.2.1 255.255.255.0

Hub(config-if)# no shutdown

Hub(config-if)# exit

Hub(config)# interface loop back 0

Hub(config-if)# ip address 192.168.0.1 255.255.255.0

Hub(config-if)# no shutdown

Hub(config)# ip route 0.0.0.0 0.0.0.0 172.30.2.2

Thực hiện cấu hình đối với Spoke1

Bước 2: cấu hình phase 1 cho Spoke1

Spoke1(config)# crypto isakmp enable

Spoke1(config)# crypto isakmp policy 1

Spoke1(config-isakmp)# authentication pre-share

Spoke1(config-isakmp)# hash md5

Spoke1(config-isakmp)# exit

Spoke1(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

Bước 3: cấu hình dmvpn cho Spoke1

Spoke1(config)# interface tunnel 0

Spoke1(config-if)# ip mtu 1400

Spoke1(config-if)# ip nhrp authentication cisco47

Spoke1(config-if)# ip nhrp map 10.0.0.1 172.30.2.1

Spoke1(config-if)# ip nhrp hold-time 600

Spoke1(config-if)# ip nhs 10.0.0.1

Spoke1(config-if)# no ip next-hop-self eigrp 1

Spoke1(config-if)# ip map multicast 172.30.2.1

Trang 3

Spoke1(config-if)# ip nhrp network-id 100

Spoke1(config-if)# tunnel source f0/0

Spoke1(config-if)# tunnel key 1000

Spoke1(config-if)# tunnel mode gre multipoint

Spoke1(config-if)# tunnel protection ipsec profile dmvpn

Spoke1(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac

Spoke1(config)# crypto map dmvpn local-address f0/0

Spoke1(config)# crypto map dmvpn 10 ipsec-isakmp

Spoke1(config-crypto-map)# set peer 172.30.2.1

Spoke1(config-crypto-map)# set security-association level per-host

Spoke1(config-crypto-map)# set transform-set myset

Spoke1(config-crypto-map)# match address 101

Spoke1(config-crypto-map)# exit

Spoke1(config)# access-list 101 permit gre 172.30.1.0 0.0.0.255 host 172.30.2.1

Bước 5: định tuyến dùng giao thức EIGRP

Spoke1(config)# router eigrp 1

Spoke1(config-router)# network 10.0.0.0 0.0.0.255

Spoke1(config-router)# no auto-summary

Thực hiện cấu hình đối với Spoke2

Spoke2(config)# crypto isakmp enable

Spoke2(config)# crypto isakmp policy 1

Spoke2(config-isakmp)# authentication pre-share

Spoke2(config-isakmp)# hash md5

Spoke2(config-isakmp)# exit

Spoke2(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

Bước 3: cấu hình dmvpn cho Spoke2

Spoke2(config)# interface tunnel 0

Spoke2(config-if)# ip mtu 1400

Spoke2(config-if)# ip nhrp authentication cisco47

Spoke2(config-if)# ip nhrp map 10.0.0.1 172.30.2.1

Trang 4

Spoke2(config-if)# ip nhrp hold-time 600

Spoke2(config-if)# ip nhs 10.0.0.1

Spoke2(config-if)# no ip next-hop-self eigrp 1

Spoke2(config-if)# ip map multicast 172.30.2.1

Spoke2(config-if)# ip nhrp network-id 100

Spoke2(config-if)# tunnel source f0/0

Spoke2(config-if)# tunnel key 1000

Spoke2(config-if)# tunnel mode gre multipoint

Spoke2(config-if)# tunnel protection ipsec profile dmvpn

Bước 4: cấu hình phase 2 cho spoke2

Spoke2(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac

Spoke2(config)# crypto map dmvpn local-address f0/0

Spoke2(config)# crypto map dmvpn 10 ipsec-isakmp

Spoke2(config-crypto-map)# set peer 172.30.2.1

Spoke2(config-crypto-map)# set security-association level per-host

Spoke2(config-crypto-map)# set transform-set myset

Spoke2(config-crypto-map)# match address 101

Spoke2(config-crypto-map)# exit

Spoke2(config)# access-list 101 permit gre 172.30.3.0 0.0.0.255 host 172.30.2.1

Bước 5: định tuyến dùng giao thức EIGRP

Spoke2(config)# router eigrp 1

Spoke2(config-router)# no auto-summary

Thực hiện cấu hình cho HUB

Router(config)# hostname Hub

Hub(config)# crypto isakmp enable

Hub(config)# crypto isakmp policy 1

Hub(config-isakmp)# authentication pre-share

Hub(config-isakmp)# hash md5

Hub(config-isakmp)# exit

Hub(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

Hub(config)# crypto ipsec transform-set myset des esp-md5-hmac

# tạo IPSec profile

Hub(config)# crypto ipsec profile dmvpn

Trang 5

Hub(config-profile)# set transform-set myset

Hub(config)# interface tunnel 0

# cấu hình dmvpn

Hub(config-if)# ip address 10.0.0.1 255.255.255.0 Hub(config-if)# ip mtu 1400

Hub(config-if)# ip nhrp authentication cisco47

Hub(config-if)# ip nhrp multicast dynamic

Hub(config-if)# ip nhrp hold-time 600

Hub(config-if)# tunnel source f0/0

Hub(config-if)# tunnel mode gre multipoint

Hub(config-if)# tunnel key 1000

Hub(config-if)# tunnel protection ipsec profile dmvpn Hub(config-if)# exit

Hub(config-if)# ip address 192.168.0.1 255.255.255.0 Hub(config-if)# no shutdown

Hub(config-if)# ip address 172.30.2.1 255.255.255.0 Hub(config-if)# no shutdown

# định tuyến dùng giao thức EIGRP

Hub(config)# router eigrp 1

Hub(config-router)# network 10.0.0.0 0.0.0.255 Hub(config-router)# network 192.168.0.0 0.0.0.255 Hub(config-router)# no auto-summary

Kiểm tra kết quả

Thực hiện ping từ PC1 đến PC2

Trang 6

Thực hiện Ping từ PC1 đến 192.168.0.1

Định dạng
Số trang	6
Dung lượng	143 KB