Mô hình mạng



Mô tả
R1: đại diện cho đám mây nhà cung cấp dịch vụ ISP, kết nối với các router của doanh nghiệp thông qua đường MPLS VPN ( không để cấp đến trong bài lab này)
R2,R3: các router CE ở văn phòng chính của doanh nghiệp, có vai trò là HUB trong mô hình spoke-to-spoke DMVPN. R1 là primary HUB, R2 dùng để dự phòng khi HUB1 down, hoặc có sự cố kết nối với ISP.
Ngòai ra R2, R3 sử dụng giao thức VRRP để đảm bảo cho tính dự phòng Gateway cho mạng LAN trong văn phòng chính. R2 là mater, R3 là backup.
R4,R5: là các router CE ở các 2 chi nhánh (remote Site), có chức năng là các spoke trong DMPVN.
R6: đại diện cho mạng LAN trong văn phòng chính của doanh nghiệp
Giao thức định tuyến: sử dụng OSPF đơn vùng giữa các tunnel interface R2, R3, R4 và R5. R2 đóng vai trò DR, R2 là BDR, con R3 và R4 là các DROTHER router.

File cầu hình
===========>R1
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
multilink bundle-name authenticated
archive
log config
hidekeys
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.12.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.13.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.14.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
ip address 192.168.15.1 255.255.255.252
serial restart-delay 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
=========>R2
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local

multilink bundle-name authenticated
archive
log config
hidekeys
track 1 interface Tunnel0 line-protocol
!
track 2 interface FastEthernet0/0 line-protocol
interface Tunnel0
bandwidth 1000
ip address 10.0.0.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp shortcut
ip nhrp redirect
ip ospf network broadcast
ip ospf priority 255
delay 10000
tunnel source Serial1/0
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 172.16.0.2 255.255.255.0
duplex auto
speed auto
vrrp 1 ip 172.16.0.1
vrrp 1 authentication test
vrrp 1 track 1 decrement 50
vrrp 1 track 2 decrement 40
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.12.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
passive-interface default
no passive-interface Tunnel0
network 10.0.0.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.12.1
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End

========>R3
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
multilink bundle-name authenticated
archive
log config
hidekeys
interface Tunnel0
bandwidth 1000
ip address 10.0.0.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp map 10.0.0.2 192.168.12.2
ip nhrp map multicast 192.168.12.2
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp nhs 10.0.0.2
ip nhrp shortcut
ip nhrp redirect
ip ospf network broadcast
ip ospf priority 254
delay 10000
tunnel source Serial1/0
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 172.16.0.3 255.255.255.0
ip ospf cost 1000
duplex auto
speed auto
vrrp 1 ip 172.16.0.1
vrrp 1 priority 90
vrrp 1 authentication test
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.13.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
passive-interface default
no passive-interface Tunnel0
network 10.0.0.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.13.1
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
============>R4
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys

!
interface Loopback0
ip address 172.16.4.4 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 10.0.0.4 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 10.0.0.2 192.168.12.2
ip nhrp map multicast 192.168.12.2
ip nhrp map 10.0.0.3 192.168.13.2
ip nhrp map multicast 192.168.13.2
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp nhs 10.0.0.2
ip nhrp nhs 10.0.0.3
ip nhrp shortcut
ip nhrp redirect
ip ospf network broadcast
ip ospf priority 0
delay 10000
tunnel source Serial1/0
tunnel mode gre multipoint
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.14.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
passive-interface default
no passive-interface Tunnel0
network 10.0.0.0 0.0.0.255 area 0
network 172.16.4.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.14.1
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
================>R5
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys

!
interface Loopback0
ip address 172.16.5.5 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 10.0.0.5 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 10.0.0.2 192.168.12.2
ip nhrp map multicast 192.168.12.2
ip nhrp map 10.0.0.3 192.168.13.2
ip nhrp map multicast 192.168.13.2
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp nhs 10.0.0.2
ip nhrp nhs 10.0.0.3
ip nhrp shortcut
ip nhrp redirect
ip ospf network broadcast
ip ospf priority 0
delay 10000
tunnel source Serial1/0
tunnel mode gre multipoint
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.15.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
passive-interface default
no passive-interface Tunnel0
network 10.0.0.0 0.0.0.255 area 0
network 172.16.5.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.15.1
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
===================>R6
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
!
multilink bundle-name authenticated
archive
log config
hidekeys
interface FastEthernet0/0
ip address 172.16.0.6 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.0.1
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

Test kết quả
Shutdown f0/0 hoặc TUN0 trên HUB1(R2) để kiểm tra VRRP.
Shutdown HUB1(R2), trên R3, R4, R5 dùng lệng clear ip nhrp, chờ khỏang thời gian để các R3, R4 đăng kí lại với HUB2(R3).
Sau đó dùng lệnh ping trên các spoke để kiểm tra kết nối với các mạng LAN với nhau, dùng tracroute để kiểm tra đường đi.