21/1/55

PE_Router of IP-SEC-SSO tunnel protection project

ต่อจาก LAB1 เดิม ในส่วน ของ CE router ที่ลูกค้า ต้องการme ipsec tunnel protection ระหว่าง site PE4 กับ PE7 โดยส่วนแรก ต้อง configure PE-4 กับ PE7 ขึ้นมาก่อน เพื่อสร้าง MPLS VPN ขึ้นมาระหว่าง สอง site นี้ จากนั้น จึงทำการ CE router ต่อไป

MPLS-PE-4 ************************************************
hostname PE4
!
ip cef
!
ip vrf IPSEC
rd 100:2
route-target export 100:2
route-target import 100:2
!
mpls label protocol ldp
mpls ldp neighbor 10.1.1.11 password cisco
mpls ldp neighbor 10.1.1.22 password cisco
!
interface Loopback0
ip address 10.1.1.4 255.255.255.255
!
interface Loopback100
description # For sham-link vrf IPSEC #
ip vrf forwarding IPSEC
ip address 10.10.10.4 255.255.255.255
!
interface Ethernet1/0
description # To P1 e1/3 #
ip address 192.168.1.14 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/1
description # To P2 e1/3 #
ip address 192.168.1.46 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/2
description # To SW IPSEC R1-R2 #
ip vrf forwarding IPSEC
ip address 172.16.1.1 255.255.255.248
half-duplex
!
router ospf 10 vrf IPSEC
router-id 10.10.10.4
log-adjacency-changes
area 0 sham-link 10.10.10.4 10.10.10.7
redistribute bgp 100 subnets
network 172.16.1.1 0.0.0.0 area 0
!
router ospf 1
router-id 10.1.1.4
log-adjacency-changes
max-metric router-lsa on-startup wait-for-bgp
max-metric router-lsa on-startup 360
timers throttle lsa all 0 20 5000
timers lsa arrival 15
timers pacing flood 15
timers throttle spf 50 50 5000
ispf
area 0 authentication message-digest
network 10.1.1.4 0.0.0.0 area 0
network 192.168.1.14 0.0.0.0 area 0
network 192.168.1.46 0.0.0.0 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.1.1.11 remote-as 100
neighbor 10.1.1.11 password cisco
neighbor 10.1.1.11 update-source Loopback0
neighbor 10.1.1.22 remote-as 100
neighbor 10.1.1.22 password cisco
neighbor 10.1.1.22 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community
no auto-summary
no synchronization
network 10.1.1.4 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community extended
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community extended
exit-address-family
!
address-family ipv4 vrf IPSEC
redistribute ospf 10 vrf IPSEC match internal external 1 external 2
no synchronization
network 10.10.10.4 mask 255.255.255.255
exit-address-family
!
mpls ldp router-id Loopback0 force
!
MPLS-PE-7 ************************************************
hostname PE7
!
ip cef
!
ip vrf IPSEC
rd 100:2
route-target export 100:2
route-target import 100:2
!
mpls label protocol ldp
mpls ldp neighbor 10.1.1.11 password cisco
mpls ldp neighbor 10.1.1.22 password cisco
!
interface Loopback0
ip address 10.1.1.7 255.255.255.255
!
interface Loopback100
description # For sham-link vrf IPSEC #
ip vrf forwarding IPSEC
ip address 10.10.10.7 255.255.255.255
!
interface Ethernet1/0
description # To P1 e2/1 #
ip address 192.168.1.22 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/1
description # To P2 e2/1 #
ip address 192.168.1.54 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/2
description # To SW IPSEC R3 #
ip vrf forwarding IPSEC
ip address 172.16.1.9 255.255.255.248
half-duplex
!
router ospf 10 vrf IPSEC
router-id 10.10.10.7
log-adjacency-changes
area 0 sham-link 10.10.10.7 10.10.10.4
redistribute bgp 100 subnets
network 172.16.1.9 0.0.0.0 area 0
!
router ospf 1
router-id 10.1.1.7
log-adjacency-changes
max-metric router-lsa on-startup wait-for-bgp
max-metric router-lsa on-startup 360
timers throttle lsa all 0 20 5000
timers lsa arrival 15
timers pacing flood 15
timers throttle spf 50 50 5000
ispf
area 0 authentication message-digest
network 10.1.1.7 0.0.0.0 area 0
network 192.168.1.22 0.0.0.0 area 0
network 192.168.1.54 0.0.0.0 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.1.1.11 remote-as 100
neighbor 10.1.1.11 password cisco
neighbor 10.1.1.11 update-source Loopback0
neighbor 10.1.1.22 remote-as 100
neighbor 10.1.1.22 password cisco
neighbor 10.1.1.22 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community
no auto-summary
no synchronization
network 10.1.1.7 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community extended
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community extended
exit-address-family
!
address-family ipv4 vrf IPSEC
redistribute ospf 10 vrf IPSEC match internal external 1 external 2
no synchronization
network 10.10.10.7 mask 255.255.255.255
exit-address-family
!
mpls ldp router-id Loopback0 force
!
เขียนโดย ที่

ไม่มีความคิดเห็น:

แสดงความคิดเห็น

สมัครสมาชิก: ส่งความคิดเห็น (Atom)