Xin chào ! Nếu đây là lần đầu tiên bạn đến với diễn đàn, xin vui lòng danh ra một phút bấm vào đây để đăng kí và tham gia thảo luận cùng VnPro.

Announcement

Collapse
No announcement yet.

Lab về DMVPN

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Lab về DMVPN

    Lab về DMVPN


    Tác giả: Vi Thị Mưu



    Các bước thực hiện cho cấu hình:

    Bước 1 : Cấu hình cho các Router thấy nhau

    Spoke 1:
    Router#config terminal
    Router(config)# hostname Spoke1
    Spoke1(config)# interface f0/0
    Spoke1(config-if)# ip address 172.30.1.1 255.255.255.0
    Spoke1(config-if)# no shutdown
    Spoke1(config-if)# exit
    Spoke1(config)# interface f0/1
    Spoke1(config-if)# ip address 192.168.1.1 255.255.255.0
    Spoke1(config-if)# no shutdown
    Spoke1(config-if)# exit
    Spoke1(config)# ip route 0.0.0.0 0.0.0.0 172.30.1.2

    Spoke 2:
    Router# config terminal
    Router(config)# hostname Spoke2
    Spoke2(config)# interface f0/0
    Spoke2(config-if)# ip address 172.30.3.1 255.255.255.0
    Spoke2(config-if)# no shutdown
    Spoke2(config-if)# exit
    Spoke2(config)# interface f0/1
    Spoke2(config-if)# ip address 192.168.2.1 255.255.255.0
    Spoke2(config-if)# no shutdown
    Spoke2(config-if)# exit
    Spoke2(config)# ip route 0.0.0.0 0.0.0.0 172.30.3.2

    HUB

    Router#config terminal
    Router(config)# hostname Hub
    Hub(config)# interface f0/0
    Hub(config-if)# ip address 172.30.2.1 255.255.255.0
    Hub(config-if)# no shutdown
    Hub(config-if)# exit
    Hub(config)# interface loop back 0
    Hub(config-if)# ip address 192.168.0.1 255.255.255.0
    Hub(config-if)# no shutdown
    Hub(config-if)# exit
    Hub(config)# ip route 0.0.0.0 0.0.0.0 172.30.2.2

    Thực hiện cấu hình đối với Spoke1

    Bước 2: cấu hình phase 1 cho Spoke1

    Spoke1(config)# crypto isakmp enable
    Spoke1(config)# crypto isakmp policy 1
    Spoke1(config-isakmp)# authentication pre-share
    Spoke1(config-isakmp)# hash md5
    Spoke1(config-isakmp)# exit
    Spoke1(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

    Bước 3: cấu hình dmvpn cho Spoke1

    Spoke1(config)# interface tunnel 0
    Spoke1(config-if)# ip address 10.0.0.2 255.255.255.0
    Spoke1(config-if)# ip mtu 1400
    Spoke1(config-if)# ip nhrp authentication cisco47
    Spoke1(config-if)# ip nhrp map 10.0.0.1 172.30.2.1
    Spoke1(config-if)# ip nhrp hold-time 600
    Spoke1(config-if)# ip nhs 10.0.0.1
    Spoke1(config-if)# no ip next-hop-self eigrp 1
    Spoke1(config-if)# ip map multicast 172.30.2.1
    Spoke1(config-if)# ip nhrp network-id 100
    Spoke1(config-if)# tunnel source f0/0
    Spoke1(config-if)# tunnel key 1000
    Spoke1(config-if)# tunnel mode gre multipoint
    Spoke1(config-if)# tunnel protection ipsec profile dmvpn

    Bước 4: cấu hình phase 2 cho Spoke1

    Spoke1(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
    Spoke1(config)# crypto map dmvpn local-address f0/0
    Spoke1(config)# crypto map dmvpn 10 ipsec-isakmp
    Spoke1(config-crypto-map)# set peer 172.30.2.1
    Spoke1(config-crypto-map)# set security-association level per-host
    Spoke1(config-crypto-map)# set transform-set myset
    Spoke1(config-crypto-map)# match address 101
    Spoke1(config-crypto-map)# exit
    Spoke1(config)# access-list 101 permit gre 172.30.1.0 0.0.0.255 host 172.30.2.1

    Bước 5: định tuyến dùng giao thức EIGRP

    Spoke1(config)# router eigrp 1
    Spoke1(config-router)# network 10.0.0.0 0.0.0.255
    Spoke1(config-router)# network 192.168.1.0 0.0.0.255
    Spoke1(config-router)# no auto-summary

    Thực hiện cấu hình đối với Spoke2

    Bước 2: cấu hình phase 1 cho Spoke2

    Spoke2(config)# crypto isakmp enable
    Spoke2(config)# crypto isakmp policy 1
    Spoke2(config-isakmp)# authentication pre-share
    Spoke2(config-isakmp)# hash md5
    Spoke2(config-isakmp)# exit
    Spoke2(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

    Bước 3: cấu hình dmvpn cho Spoke2

    Spoke2(config)# interface tunnel 0
    Spoke2(config-if)# ip address 10.0.0.3 255.255.255.0
    Spoke2(config-if)# ip mtu 1400
    Spoke2(config-if)# ip nhrp authentication cisco47
    Spoke2(config-if)# ip nhrp map 10.0.0.1 172.30.2.1
    Spoke2(config-if)# ip nhrp hold-time 600
    Spoke2(config-if)# ip nhs 10.0.0.1
    Spoke2(config-if)# no ip next-hop-self eigrp 1
    Spoke2(config-if)# ip map multicast 172.30.2.1
    Spoke2(config-if)# ip nhrp network-id 100
    Spoke2(config-if)# tunnel source f0/0
    Spoke2(config-if)# tunnel key 1000
    Spoke2(config-if)# tunnel mode gre multipoint
    Spoke2(config-if)# tunnel protection ipsec profile dmvpn

    Bước 4: cấu hình phase 2 cho spoke2

    Spoke2(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
    Spoke2(config)# crypto map dmvpn local-address f0/0
    Spoke2(config)# crypto map dmvpn 10 ipsec-isakmp
    Spoke2(config-crypto-map)# set peer 172.30.2.1
    Spoke2(config-crypto-map)# set security-association level per-host
    Spoke2(config-crypto-map)# set transform-set myset
    Spoke2(config-crypto-map)# match address 101
    Spoke2(config-crypto-map)# exit
    Spoke2(config)# access-list 101 permit gre 172.30.3.0 0.0.0.255 host 172.30.2.1

    Bước 5: định tuyến dùng giao thức EIGRP

    Spoke2(config)# router eigrp 1
    Spoke2(config-router)# network 10.0.0.0 0.0.0.255
    Spoke2(config-router)# network 192.168.2.0 0.0.0.255
    Spoke2(config-router)# no auto-summary

    Thực hiện cấu hình cho HUB

    Router(config)# hostname Hub
    Hub(config)# crypto isakmp enable
    Hub(config)# crypto isakmp policy 1
    Hub(config-isakmp)# authentication pre-share
    Hub(config-isakmp)# hash md5
    Hub(config-isakmp)# exit
    Hub(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0
    Hub(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac

    # tạo IPSec profile
    Hub(config)# crypto ipsec profile dmvpn
    Hub(config-profile)# set transform-set myset
    Hub(config)# interface tunnel 0

    # cấu hình dmvpn
    Hub(config-if)# ip address 10.0.0.1 255.255.255.0
    Hub(config-if)# ip mtu 1400
    Hub(config-if)# ip nhrp authentication cisco47
    Hub(config-if)# ip nhrp multicast dynamic
    Hub(config-if)# ip nhrp hold-time 600
    Hub(config-if)# tunnel source f0/0
    Hub(config-if)# tunnel mode gre multipoint
    Hub(config-if)# tunnel key 1000
    Hub(config-if)# tunnel protection ipsec profile dmvpn
    Hub(config-if)# exit
    Hub(config)# interface f0/1
    Hub(config-if)# ip address 192.168.0.1 255.255.255.0
    Hub(config-if)# no shutdown
    Hub(config-if)# exit
    Hub(config)# interface f0/0
    Hub(config-if)# ip address 172.30.2.1 255.255.255.0
    Hub(config-if)# no shutdown
    Hub(config-if)# exit

    # định tuyến dùng giao thức EIGRP
    Hub(config)# router eigrp 1
    Hub(config-router)# network 10.0.0.0 0.0.0.255
    Hub(config-router)# network 192.168.0.0 0.0.0.255
    Hub(config-router)# no auto-summary

    Kiểm tra kết quả
    Thực hiện ping từ PC1 đến PC2



    Thực hiện Ping từ PC1 đến 192.168.0.1


    Đặng Hoàng Khánh
    Email: danghoangkhanh@vnpro.org
    ---------------------------
    VnPro - Cisco Authorised Training
    Discuss about Networking, especially Cisco technology: http://vnpro.org
    Discuss about Wireless: http://wifipro.org or http://wimaxpro.org
    Tags: None
  • #2
    Bài viết hay, thank

    Comment

    • #3
      Hi Khanh ,

      co Labs DMVPN chay cho OSPF ko,
      Hugo

      Comment

      Previous template Next
      Working...
      X