Lab về DMVPN potx

Spoke2config-if# ip nhrp hold-time 600Spoke2config-if# ip nhs 10.0.0.1 Spoke2config-if# no ip next-hop-self eigrp 1 Spoke2config-if# ip map multicast 172.30.2.1 Spoke2config-if# ip nhrp

Trang 1

Lab về DMVPN

Tác giả: Vi Thị Mưu

Các bước thực hiện cho cấu hình:

Bước 1 : Cấu hình cho các Router thấy nhau

Spoke 1:

Router#config terminal

Router(config)# hostname Spoke1

Spoke1(config)# interface f0/0

Spoke1(config-if)# ip address 172.30.1.1 255.255.255.0

Spoke1(config-if)# no shutdown

Spoke1(config-if)# exit

Spoke1(config-if)# no shutdown

Spoke1(config)# ip route 0.0.0.0 0.0.0.0 172.30.1.2

Spoke 2:

Router# config terminal

Router(config)# hostname Spoke2

Trang 2

Spoke2(config-if)# ip address 172.30.3.1 255.255.255.0 Spoke2(config-if)# no shutdown

Spoke2(config-if)# ip address 192.168.2.1 255.255.255.0 Spoke2(config-if)# no shutdown

Spoke2(config)# ip route 0.0.0.0 0.0.0.0 172.30.3.2

HUB

Router#config terminal

Router(config)# hostname Hub

Hub(config)# interface f0/0

Hub(config-if)# ip address 172.30.2.1 255.255.255.0

Hub(config-if)# no shutdown

Hub(config-if)# exit

Hub(config)# interface loop back 0

Hub(config-if)# ip address 192.168.0.1 255.255.255.0

Hub(config-if)# no shutdown

Hub(config)# ip route 0.0.0.0 0.0.0.0 172.30.2.2

Thực hiện cấu hình đối với Spoke1

Bước 2: cấu hình phase 1 cho Spoke1

Spoke1(config)# crypto isakmp enable

Spoke1(config)# crypto isakmp policy 1

Spoke1(config-isakmp)# authentication pre-share

Spoke1(config-isakmp)# hash md5

Spoke1(config-isakmp)# exit

Spoke1(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

Bước 3: cấu hình dmvpn cho Spoke1

Spoke1(config)# interface tunnel 0

Spoke1(config-if)# ip mtu 1400

Spoke1(config-if)# ip nhrp authentication cisco47

Spoke1(config-if)# ip nhrp map 10.0.0.1 172.30.2.1

Spoke1(config-if)# ip nhrp hold-time 600

Spoke1(config-if)# ip nhs 10.0.0.1

Spoke1(config-if)# no ip next-hop-self eigrp 1

Spoke1(config-if)# ip map multicast 172.30.2.1

Trang 3

Spoke1(config-if)# ip nhrp network-id 100

Spoke1(config-if)# tunnel source f0/0

Spoke1(config-if)# tunnel key 1000

Spoke1(config-if)# tunnel mode gre multipoint

Spoke1(config-if)# tunnel protection ipsec profile dmvpn

Spoke1(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac

Spoke1(config)# crypto map dmvpn local-address f0/0

Spoke1(config)# crypto map dmvpn 10 ipsec-isakmp

Spoke1(config-crypto-map)# set peer 172.30.2.1

Spoke1(config-crypto-map)# set security-association level per-host

Spoke1(config-crypto-map)# set transform-set myset

Spoke1(config-crypto-map)# match address 101

Spoke1(config-crypto-map)# exit

Spoke1(config)# access-list 101 permit gre 172.30.1.0 0.0.0.255 host 172.30.2.1

Bước 5: định tuyến dùng giao thức EIGRP

Spoke1(config)# router eigrp 1

Spoke1(config-router)# network 10.0.0.0 0.0.0.255

Spoke1(config-router)# no auto-summary

Thực hiện cấu hình đối với Spoke2

Spoke2(config)# crypto isakmp enable

Spoke2(config)# crypto isakmp policy 1

Spoke2(config-isakmp)# authentication pre-share

Spoke2(config-isakmp)# hash md5

Spoke2(config-isakmp)# exit

Spoke2(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

Bước 3: cấu hình dmvpn cho Spoke2

Spoke2(config)# interface tunnel 0

Spoke2(config-if)# ip mtu 1400

Spoke2(config-if)# ip nhrp authentication cisco47

Spoke2(config-if)# ip nhrp map 10.0.0.1 172.30.2.1

Trang 4

Spoke2(config-if)# ip nhrp hold-time 600

Spoke2(config-if)# ip nhs 10.0.0.1

Spoke2(config-if)# no ip next-hop-self eigrp 1

Spoke2(config-if)# ip map multicast 172.30.2.1

Spoke2(config-if)# ip nhrp network-id 100

Spoke2(config-if)# tunnel source f0/0

Spoke2(config-if)# tunnel key 1000

Spoke2(config-if)# tunnel mode gre multipoint

Spoke2(config-if)# tunnel protection ipsec profile dmvpn

Bước 4: cấu hình phase 2 cho spoke2

Spoke2(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac

Spoke2(config)# crypto map dmvpn local-address f0/0

Spoke2(config)# crypto map dmvpn 10 ipsec-isakmp

Spoke2(config-crypto-map)# set peer 172.30.2.1

Spoke2(config-crypto-map)# set security-association level per-host

Spoke2(config-crypto-map)# set transform-set myset

Spoke2(config-crypto-map)# match address 101

Spoke2(config-crypto-map)# exit

Spoke2(config)# access-list 101 permit gre 172.30.3.0 0.0.0.255 host 172.30.2.1

Bước 5: định tuyến dùng giao thức EIGRP

Spoke2(config)# router eigrp 1

Spoke2(config-router)# no auto-summary

Thực hiện cấu hình cho HUB

Router(config)# hostname Hub

Hub(config)# crypto isakmp enable

Hub(config)# crypto isakmp policy 1

Hub(config-isakmp)# authentication pre-share

Hub(config-isakmp)# hash md5

Hub(config-isakmp)# exit

Hub(config)# crypto isakmp key cisco47 address 0.0.0.0 0.0.0.0

Hub(config)# crypto ipsec transform-set myset des esp-md5-hmac

# tạo IPSec profile

Hub(config)# crypto ipsec profile dmvpn

Trang 5

Hub(config-profile)# set transform-set myset

Hub(config)# interface tunnel 0

# cấu hình dmvpn

Hub(config-if)# ip address 10.0.0.1 255.255.255.0 Hub(config-if)# ip mtu 1400

Hub(config-if)# ip nhrp authentication cisco47

Hub(config-if)# ip nhrp multicast dynamic

Hub(config-if)# ip nhrp hold-time 600

Hub(config-if)# tunnel source f0/0

Hub(config-if)# tunnel mode gre multipoint

Hub(config-if)# tunnel key 1000

Hub(config-if)# tunnel protection ipsec profile dmvpn Hub(config-if)# exit

Hub(config-if)# ip address 192.168.0.1 255.255.255.0 Hub(config-if)# no shutdown

Hub(config-if)# ip address 172.30.2.1 255.255.255.0 Hub(config-if)# no shutdown

# định tuyến dùng giao thức EIGRP

Hub(config)# router eigrp 1

Hub(config-router)# network 10.0.0.0 0.0.0.255 Hub(config-router)# network 192.168.0.0 0.0.0.255 Hub(config-router)# no auto-summary

Kiểm tra kết quả

Thực hiện ping từ PC1 đến PC2

Trang 6

Thực hiện Ping từ PC1 đến 192.168.0.1

Tiêu đề	Lab về DMVPN
Tác giả	Vi Thị Mưu
Trường học	University of Science and Technology of Hanoi
Chuyên ngành	Computer Networks
Thể loại	Lab report
Năm xuất bản	2023
Thành phố	Hanoi

Định dạng
Số trang	6
Dung lượng	143 KB