21/1/55

CE_Router of DMVPN Customer Project.

Configure สำหรับ CE ตาม Diagram LAB 1 


ลูกค้า ใช้ R1,R2 เป็น Hub DMVPN และ R3,R4 เป็น Spoke โดย Hub เป็นแบบ redundancy dmvpn โดยตย. นี้ มีการทำ qos บน DMVPN ด้วย




R1-DMVPN (Hub)

!
class-map match-all CPP
    match access-group name CPP
!
class-map match-all PRIORITY
   match ip dscp af43
!
policy-map PRIORITY_QOS
   class PRIORITY
      priority 512
!
policy-map WEST_QOS
   class class-default
      shape average 1000000
!
policy-map EAST_QOS
   class class-default
      shape average 1000000
      service-policy PRIORITY_QOS
!
policy-map CPP
   class CPP
      police rate 10000000 conform-action transmit exceed-action drop violate-action drop
!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
   mode transport
!
crypto ipsec profile DMVPN
   set transform-set dmvpn_base
!
interface Tunnel1
desc # DMVPN Tunnel #
ip address 100.1.1.1 255.255.255.0
no ip redirects
ip mtu 1428
no ip next-hop-self eigrp 10
ip nhrp authentication thaiciscoclub
ip nhrp map multicast dynamic
ip nhrp network-id 1000
ip nhrp holdtime 550
no ip split-horizon eigrp 10
delay 1000
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 1000
tunnel protection ipsec profile DMVPN
ip nhrp map group EAST service-policy output EAST_QOS
ip nhrp map group WEST service-policy output WEST_QOS
!
interface Ethernet0/0
desc # Interface CE to PE #
ip address 10.1.1.2 255.255.255.252
!
interface Ethernet0/1
desc # Internal interface #
ip address 10.1.2.2 255.255.255.0
standby 1 ip 10.1.2.1
standby 1 timers msec 200 msec 600
standby 1 priority 120
standby 1 preempt delay minimum 180
standby 1 name dmvpn
standby 1 track Ethernet0/0 30
standby 1 authentication md5 key-string 24991
!
router eigrp 10
variance 4
network 10.1.2.0 0.0.0.255
network 100.1.1.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.2 0.0.0.0 area 0
!
ip access-list extended CPP
permit ospf any any
permit eigrp any any
permit icmp any any
!
control-plane
service-policy input CPP
!
!


R2-DMVPN (Hub)


!
class-map match-all CPP
match access-group name CPP
!
class-map match-all PRIORITY
match ip dscp af43
!
policy-map PRIORITY_QOS
class PRIORITY
priority 512
!
policy-map WEST_QOS
class class-default
shape average 1000000
!
policy-map EAST_QOS
class class-default
shape average 1000000
service-policy PRIORITY_QOS
!
policy-map CPP
class CPP
police rate 10000000 conform-action transmit exceed-action drop violate-action drop
!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
interface Tunnel1
desc # DMVPN Tunnel #
ip address 100.1.2.1 255.255.255.0
no ip redirects
ip mtu 1428
no ip next-hop-self eigrp 10
ip nhrp authentication thaiciscoclub
ip nhrp map multicast dynamic
ip nhrp network-id 1001
ip nhrp holdtime 600
no ip split-horizon eigrp 10
delay 1000
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 1001
tunnel protection ipsec profile DMVPN
ip nhrp map group EAST service-policy output EAST_QOS
ip nhrp map group WEST service-policy output WEST_QOS
!
interface Ethernet0/0
desc # Interface CE to PE #
ip address 10.1.1.6 255.255.255.252
!
interface Ethernet0/1
desc # Internal interface #
ip address 10.1.2.3 255.255.255.0
standby 1 ip 10.1.2.1
standby 1 timers msec 200 msec 600
standby 1 preempt delay minimum 180
standby 1 name dmvpn
standby 1 authentication md5 key-string 24991
!
router eigrp 10
variance 4
network 10.1.2.0 0.0.0.255
network 100.1.2.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.6 0.0.0.0 area 0
!
ip access-list extended CPP
permit ospf any any
permit eigrp any any
permit icmp any any
!
control-plane
service-policy input CPP
!


R3-DMVPN   (DMVPN-SPOKE (EAST SITE))
!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
interface Tunnel1
description to HUB-1
ip address 100.1.1.3 255.255.255.0
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.2
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp network-id 1000
ip nhrp holdtime 300
ip nhrp nhs 100.1.1.1
tunnel source Ethernet0/0
tunnel destination 10.1.1.2
tunnel key 1000
tunnel protection ipsec profile DMVPN
ip nhrp group EAST
!
interface Tunnel2
description to HUB-2
ip address 100.1.2.3 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.6
ip nhrp map 100.1.2.1 10.1.1.6
ip nhrp network-id 1001
ip nhrp holdtime 300
ip nhrp nhs 100.1.2.1
delay 1000
tunnel source Ethernet0/0
tunnel destination 10.1.1.6
tunnel key 1001
tunnel protection ipsec profile DMVPN
ip nhrp group EAST
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.252
!
interface Ethernet0/1
ip address 10.3.3.1 255.255.255.0
!
router eigrp 10
variance 4
network 10.3.3.0 0.0.0.255
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.10 0.0.0.0 area 0
!
!


R4-DMVPN  (DMVPN-SPOKE (WEST SITE))

!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
interface Tunnel1
description to HUB-1
ip address 100.1.1.4 255.255.255.0
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.2
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp network-id 1000
ip nhrp holdtime 300
ip nhrp nhs 100.1.1.1
tunnel source Ethernet0/0
tunnel destination 10.1.1.2
tunnel key 1000
tunnel protection ipsec profile DMVPN
ip nhrp group WEST
!
interface Tunnel2
description to HUB-2
ip address 100.1.2.4 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.6
ip nhrp map 100.1.2.1 10.1.1.6
ip nhrp network-id 1001
ip nhrp holdtime 300
ip nhrp nhs 100.1.2.1
delay 1000
tunnel source Ethernet0/0
tunnel destination 10.1.1.6
tunnel key 1001
tunnel protection ipsec profile DMVPN
ip nhrp group WEST
!
interface Ethernet0/0
ip address 10.1.1.14 255.255.255.252
!
interface Ethernet0/1
ip address 10.4.4.1 255.255.255.0
!
router eigrp 10
variance 4
network 10.4.4.0 0.0.0.255
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.14 0.0.0.0 area 0
!


##################################################################################
show dmvpn detail
show ip nhrp group-map
show policy-map multipoint
show crypto ipsec sa
show crypto isakmp sa
##################################################################################
เขียนโดย ที่

ไม่มีความคิดเห็น:

แสดงความคิดเห็น

สมัครสมาชิก: ส่งความคิดเห็น (Atom)