Configure สำหรับ CE ตาม Diagram LAB 1
ลูกค้า ใช้ R1,R2 เป็น Hub DMVPN และ R3,R4 เป็น Spoke โดย Hub เป็นแบบ redundancy dmvpn โดยตย. นี้ มีการทำ qos บน DMVPN ด้วย
R1-DMVPN (Hub)
!
class-map match-all CPP
match access-group name CPP
!
class-map match-all PRIORITY
match ip dscp af43
!
policy-map PRIORITY_QOS
class PRIORITY
priority 512
!
policy-map WEST_QOS
class class-default
shape average 1000000
!
policy-map EAST_QOS
class class-default
shape average 1000000
service-policy PRIORITY_QOS
!
policy-map CPP
class CPP
police rate 10000000 conform-action transmit exceed-action drop violate-action drop
!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
interface Tunnel1
desc # DMVPN Tunnel #
ip address 100.1.1.1 255.255.255.0
no ip redirects
ip mtu 1428
no ip next-hop-self eigrp 10
ip nhrp authentication thaiciscoclub
ip nhrp map multicast dynamic
ip nhrp network-id 1000
ip nhrp holdtime 550
no ip split-horizon eigrp 10
delay 1000
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 1000
tunnel protection ipsec profile DMVPN
ip nhrp map group EAST service-policy output EAST_QOS
ip nhrp map group WEST service-policy output WEST_QOS
!
interface Ethernet0/0
desc # Interface CE to PE #
ip address 10.1.1.2 255.255.255.252
!
interface Ethernet0/1
desc # Internal interface #
ip address 10.1.2.2 255.255.255.0
standby 1 ip 10.1.2.1
standby 1 timers msec 200 msec 600
standby 1 priority 120
standby 1 preempt delay minimum 180
standby 1 name dmvpn
standby 1 track Ethernet0/0 30
standby 1 authentication md5 key-string 24991
!
router eigrp 10
variance 4
network 10.1.2.0 0.0.0.255
network 100.1.1.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.2 0.0.0.0 area 0
!
ip access-list extended CPP
permit ospf any any
permit eigrp any any
permit icmp any any
!
control-plane
service-policy input CPP
!
!
R2-DMVPN (Hub)
!
class-map match-all CPP
match access-group name CPP
!
class-map match-all PRIORITY
match ip dscp af43
!
policy-map PRIORITY_QOS
class PRIORITY
priority 512
!
policy-map WEST_QOS
class class-default
shape average 1000000
!
policy-map EAST_QOS
class class-default
shape average 1000000
service-policy PRIORITY_QOS
!
policy-map CPP
class CPP
police rate 10000000 conform-action transmit exceed-action drop violate-action drop
!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
interface Tunnel1
desc # DMVPN Tunnel #
ip address 100.1.2.1 255.255.255.0
no ip redirects
ip mtu 1428
no ip next-hop-self eigrp 10
ip nhrp authentication thaiciscoclub
ip nhrp map multicast dynamic
ip nhrp network-id 1001
ip nhrp holdtime 600
no ip split-horizon eigrp 10
delay 1000
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 1001
tunnel protection ipsec profile DMVPN
ip nhrp map group EAST service-policy output EAST_QOS
ip nhrp map group WEST service-policy output WEST_QOS
!
interface Ethernet0/0
desc # Interface CE to PE #
ip address 10.1.1.6 255.255.255.252
!
interface Ethernet0/1
desc # Internal interface #
ip address 10.1.2.3 255.255.255.0
standby 1 ip 10.1.2.1
standby 1 timers msec 200 msec 600
standby 1 preempt delay minimum 180
standby 1 name dmvpn
standby 1 authentication md5 key-string 24991
!
router eigrp 10
variance 4
network 10.1.2.0 0.0.0.255
network 100.1.2.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.6 0.0.0.0 area 0
!
ip access-list extended CPP
permit ospf any any
permit eigrp any any
permit icmp any any
!
control-plane
service-policy input CPP
!
R3-DMVPN (DMVPN-SPOKE (EAST SITE))
!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
interface Tunnel1
description to HUB-1
ip address 100.1.1.3 255.255.255.0
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.2
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp network-id 1000
ip nhrp holdtime 300
ip nhrp nhs 100.1.1.1
tunnel source Ethernet0/0
tunnel destination 10.1.1.2
tunnel key 1000
tunnel protection ipsec profile DMVPN
ip nhrp group EAST
!
interface Tunnel2
description to HUB-2
ip address 100.1.2.3 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.6
ip nhrp map 100.1.2.1 10.1.1.6
ip nhrp network-id 1001
ip nhrp holdtime 300
ip nhrp nhs 100.1.2.1
delay 1000
tunnel source Ethernet0/0
tunnel destination 10.1.1.6
tunnel key 1001
tunnel protection ipsec profile DMVPN
ip nhrp group EAST
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.252
!
interface Ethernet0/1
ip address 10.3.3.1 255.255.255.0
!
router eigrp 10
variance 4
network 10.3.3.0 0.0.0.255
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.10 0.0.0.0 area 0
!
!
R4-DMVPN (DMVPN-SPOKE (WEST SITE))
!
crypto isakmp policy 7
encr aes
authentication pre-share
crypto isakmp key thaiciscoclub address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 20 3
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
interface Tunnel1
description to HUB-1
ip address 100.1.1.4 255.255.255.0
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.2
ip nhrp map 100.1.1.1 10.1.1.2
ip nhrp network-id 1000
ip nhrp holdtime 300
ip nhrp nhs 100.1.1.1
tunnel source Ethernet0/0
tunnel destination 10.1.1.2
tunnel key 1000
tunnel protection ipsec profile DMVPN
ip nhrp group WEST
!
interface Tunnel2
description to HUB-2
ip address 100.1.2.4 255.255.255.0
no ip redirects
ip mtu 1428
ip nhrp authentication thaiciscoclub
ip nhrp map multicast 10.1.1.6
ip nhrp map 100.1.2.1 10.1.1.6
ip nhrp network-id 1001
ip nhrp holdtime 300
ip nhrp nhs 100.1.2.1
delay 1000
tunnel source Ethernet0/0
tunnel destination 10.1.1.6
tunnel key 1001
tunnel protection ipsec profile DMVPN
ip nhrp group WEST
!
interface Ethernet0/0
ip address 10.1.1.14 255.255.255.252
!
interface Ethernet0/1
ip address 10.4.4.1 255.255.255.0
!
router eigrp 10
variance 4
network 10.4.4.0 0.0.0.255
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
no auto-summary
!
router ospf 10
log-adjacency-changes
network 10.1.1.14 0.0.0.0 area 0
!
##################################################################################
show dmvpn detail
show ip nhrp group-map
show policy-map multipoint
show crypto ipsec sa
show crypto isakmp sa
##################################################################################
20/12/54
ACS 5.2
New ACS from Cisco, let us install and test. ^-^
Install on VMware, it's very easy. Step by step to do as installation guide and then test ACS by yourself.
DOWNLOAD ACS 5.2 SOFTWARE
http://www.cisco.com/cisco/software/release.html?mdfid=283107438&catid=268439477&softwareid=282766937&release=5.2.0.26&relind=AVAILABLE&rellifecycle=&reltype=latest
LICENSE 90DAYS
https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y
INSTALLATION GUIDE
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/acs5_2_install_guide.html
After install success, use it very simple as ACS 4.2
username: ACSAdmin
Password: default
You can change password after first login.
Pros and Corn between ACS4.x and ACS5.x .... why decrease features ?
Think about, why we must change 4.x to 5.x ... why why .. I think we still use 4.x that more feature more than 5555.
Install on VMware, it's very easy. Step by step to do as installation guide and then test ACS by yourself.
DOWNLOAD ACS 5.2 SOFTWARE
http://www.cisco.com/cisco/software/release.html?mdfid=283107438&catid=268439477&softwareid=282766937&release=5.2.0.26&relind=AVAILABLE&rellifecycle=&reltype=latest
LICENSE 90DAYS
https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y
INSTALLATION GUIDE
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/installation/guide/acs5_2_install_guide.html
After install success, use it very simple as ACS 4.2
username: ACSAdmin
Password: default
You can change password after first login.
Pros and Corn between ACS4.x and ACS5.x .... why decrease features ?
Think about, why we must change 4.x to 5.x ... why why .. I think we still use 4.x that more feature more than 5555.
10/11/54
MPLS_PE_Router of DMVPN Customer Project.
Configuration of MPLS_PE_Router of DMVPN Customer Project.
As below it will be configuration of MPLS_PE_Router as we configure by using vrf "DMVPN" for being section VPN of this customer.
MPLS-PE-1 ************************************************
hostname PE1
!
ip cef
!
ip vrf DMVPN
rd 100:1
route-target export 100:1
route-target import 100:1
!
mpls label protocol ldp
mpls ldp neighbor 10.1.1.11 password cisco
mpls ldp neighbor 10.1.1.22 password cisco
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Loopback10
ip vrf forwarding DMVPN
ip address 10.10.10.1 255.255.255.255
!
interface Ethernet1/0
description # To P1 e1/0 #
ip address 192.168.1.2 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/1
description # To P2 e1/0 #
ip address 192.168.1.34 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/2
ip vrf forwarding DMVPN
ip address 10.1.1.9 255.255.255.252
!
router ospf 10 vrf DMVPN
log-adjacency-changes
redistribute bgp 100 subnets
network 10.1.1.9 0.0.0.0 area 0
!
router ospf 1
router-id 10.1.1.1
log-adjacency-changes
max-metric router-lsa on-startup wait-for-bgp
max-metric router-lsa on-startup 360
timers throttle lsa all 0 20 5000
timers lsa arrival 15
timers pacing flood 15
timers throttle spf 50 50 5000
ispf
area 0 authentication message-digest
network 10.1.1.1 0.0.0.0 area 0
network 192.168.1.2 0.0.0.0 area 0
network 192.168.1.34 0.0.0.0 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.1.1.11 remote-as 100
neighbor 10.1.1.11 password cisco
neighbor 10.1.1.11 update-source Loopback0
neighbor 10.1.1.22 remote-as 100
neighbor 10.1.1.22 password cisco
neighbor 10.1.1.22 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community
no auto-summary
no synchronization
network 10.1.1.1 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community extended
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community extended
exit-address-family
!
address-family ipv4 vrf DMVPN
redistribute ospf 10 vrf DMVPN match internal external 1 external 2
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!
MPLS-PE-2 ************************************************
hostname PE2
!
ip cef
!
ip vrf DMVPN
rd 100:1
route-target export 100:1
route-target import 100:1
!
mpls label protocol ldp
mpls ldp neighbor 10.1.1.11 password cisco
mpls ldp neighbor 10.1.1.22 password cisco
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
!
interface Loopback10
ip vrf forwarding DMVPN
ip address 10.10.10.2 255.255.255.255
!
interface Ethernet1/0
description # To P1 e1/1 #
ip address 192.168.1.6 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/1
description # To P2 e1/1 #
ip address 192.168.1.38 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/2
ip vrf forwarding DMVPN
ip address 10.1.1.13 255.255.255.252
half-duplex
!
router ospf 10 vrf DMVPN
log-adjacency-changes
redistribute bgp 100 subnets
network 10.1.1.13 0.0.0.0 area 0
!
router ospf 1
router-id 10.1.1.2
log-adjacency-changes
max-metric router-lsa on-startup wait-for-bgp
max-metric router-lsa on-startup 360
timers throttle lsa all 0 20 5000
timers lsa arrival 15
timers pacing flood 15
timers throttle spf 50 50 5000
ispf
area 0 authentication message-digest
network 10.1.1.2 0.0.0.0 area 0
network 192.168.1.6 0.0.0.0 area 0
network 192.168.1.38 0.0.0.0 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.1.1.11 remote-as 100
neighbor 10.1.1.11 password cisco
neighbor 10.1.1.11 update-source Loopback0
neighbor 10.1.1.22 remote-as 100
neighbor 10.1.1.22 password cisco
neighbor 10.1.1.22 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community
no auto-summary
no synchronization
network 10.1.1.2 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community extended
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community extended
exit-address-family
!
address-family ipv4 vrf DMVPN
redistribute ospf 10 vrf DMVPN match internal external 1 external 2
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!
MPLS-PE-8 ************************************************
hostname PE8
!
ip cef
!
ip vrf DMVPN
rd 100:1
route-target export 100:1
route-target import 100:1
!
!
mpls label protocol ldp
mpls ldp neighbor 10.1.1.11 password cisco
mpls ldp neighbor 10.1.1.22 password cisco
!
interface Loopback0
ip address 10.1.1.8 255.255.255.255
!
interface Loopback10
ip vrf forwarding DMVPN
ip address 10.10.10.8 255.255.255.255
!
interface Ethernet1/0
description # To P1 e2/0 #
ip address 192.168.1.18 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/1
description # To P2 e2/0 #
ip address 192.168.1.50 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
half-duplex
mpls ip
!
interface Ethernet1/2
ip vrf forwarding DMVPN
ip address 10.1.1.1 255.255.255.252
half-duplex
!
interface Ethernet1/3
ip vrf forwarding DMVPN
ip address 10.1.1.5 255.255.255.252
half-duplex
!
router ospf 10 vrf DMVPN
log-adjacency-changes
redistribute bgp 100 subnets
network 10.1.1.1 0.0.0.0 area 0
network 10.1.1.5 0.0.0.0 area 0
!
router ospf 1
router-id 10.1.1.8
log-adjacency-changes
max-metric router-lsa on-startup wait-for-bgp
max-metric router-lsa on-startup 360
timers throttle lsa all 0 20 5000
timers lsa arrival 15
timers pacing flood 15
timers throttle spf 50 50 5000
ispf
area 0 authentication message-digest
network 10.1.1.8 0.0.0.0 area 0
network 192.168.1.18 0.0.0.0 area 0
network 192.168.1.50 0.0.0.0 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.1.1.11 remote-as 100
neighbor 10.1.1.11 password cisco
neighbor 10.1.1.11 update-source Loopback0
neighbor 10.1.1.22 remote-as 100
neighbor 10.1.1.22 password cisco
neighbor 10.1.1.22 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community
no auto-summary
no synchronization
network 10.1.1.8 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.11 activate
neighbor 10.1.1.11 send-community extended
neighbor 10.1.1.22 activate
neighbor 10.1.1.22 send-community extended
exit-address-family
!
address-family ipv4 vrf DMVPN
redistribute ospf 10 vrf DMVPN match internal external 1 external 2
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!
MPLS CORE ROUTER (P-1 and P-2)
MPLS CORE ROUTER (P-1 and P-2)
^_^ Setup network connection as last Network Diagram, we use LDP for MPLS label in this Lab. All configurations of MPLS Core Router as below. For fast recovery of OSPF, we use little advanced timer and then tune a little for suitable with real world.
MPLS-P-1 ************************************************
!
ip cef
!
mpls label protocol ldp
mpls ldp neighbor 10.1.1.1 password cisco
mpls ldp neighbor 10.1.1.2 password cisco
mpls ldp neighbor 10.1.1.3 password cisco
mpls ldp neighbor 10.1.1.4 password cisco
mpls ldp neighbor 10.1.1.5 password cisco
mpls ldp neighbor 10.1.1.6 password cisco
mpls ldp neighbor 10.1.1.7 password cisco
mpls ldp neighbor 10.1.1.8 password cisco
!
interface Loopback0
ip address 10.1.1.11 255.255.255.255
!
interface Ethernet1/0
description # To PE1 e1/0 #
ip address 192.168.1.1 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/1
description # To PE2 e1/0 #
ip address 192.168.1.5 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/2
description # To PE3 e1/0 #
ip address 192.168.1.9 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/3
description # To PE4 e1/0 #
ip address 192.168.1.13 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/0
description # To PE8 e1/0 #
ip address 192.168.1.17 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/1
description # To PE7 e1/0 #
ip address 192.168.1.21 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/2
description # To PE6 e1/0 #
ip address 192.168.1.25 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/3
description # To PE5 e1/0 #
ip address 192.168.1.29 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
router ospf 1
router-id 10.1.1.11
log-adjacency-changes
max-metric router-lsa on-startup wait-for-bgp
max-metric router-lsa on-startup 360
timers throttle lsa all 0 20 5000
timers lsa arrival 15
timers pacing flood 15
timers throttle spf 50 50 5000
ispf
area 0 authentication message-digest
network 10.1.1.11 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
network 192.168.1.5 0.0.0.0 area 0
network 192.168.1.9 0.0.0.0 area 0
network 192.168.1.13 0.0.0.0 area 0
network 192.168.1.17 0.0.0.0 area 0
network 192.168.1.21 0.0.0.0 area 0
network 192.168.1.25 0.0.0.0 area 0
network 192.168.1.29 0.0.0.0 area 0
!
router bgp 100
bgp cluster-id 12
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 100
neighbor 10.1.1.1 password cisco
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.2 remote-as 100
neighbor 10.1.1.2 password cisco
neighbor 10.1.1.2 update-source Loopback0
neighbor 10.1.1.3 remote-as 100
neighbor 10.1.1.3 password cisco
neighbor 10.1.1.3 update-source Loopback0
neighbor 10.1.1.4 remote-as 100
neighbor 10.1.1.4 password cisco
neighbor 10.1.1.4 update-source Loopback0
neighbor 10.1.1.5 remote-as 100
neighbor 10.1.1.5 password cisco
neighbor 10.1.1.5 update-source Loopback0
neighbor 10.1.1.6 remote-as 100
neighbor 10.1.1.6 password cisco
neighbor 10.1.1.6 update-source Loopback0
neighbor 10.1.1.7 remote-as 100
neighbor 10.1.1.7 password cisco
neighbor 10.1.1.7 update-source Loopback0
neighbor 10.1.1.8 remote-as 100
neighbor 10.1.1.8 password cisco
neighbor 10.1.1.8 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community
neighbor 10.1.1.6 route-reflector-client
neighbor 10.1.1.7 activate
neighbor 10.1.1.7 send-community
neighbor 10.1.1.7 route-reflector-client
neighbor 10.1.1.8 activate
neighbor 10.1.1.8 send-community
neighbor 10.1.1.8 route-reflector-client
no auto-summary
no synchronization
network 10.1.1.11 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community both
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community both
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community both
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community both
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community both
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community extended
neighbor 10.1.1.6 route-reflector-client
neighbor 10.1.1.7 activate
neighbor 10.1.1.7 send-community both
neighbor 10.1.1.7 route-reflector-client
neighbor 10.1.1.8 activate
neighbor 10.1.1.8 send-community both
neighbor 10.1.1.8 route-reflector-client
exit-address-family
!
!
access-list 1 permit 10.1.1.0 0.0.0.255
!
mpls ldp router-id Loopback0 force
!
MPLS-P-2 ************************************************
!
ip cef
!
mpls label protocol ldp
mpls ldp neighbor 10.1.1.1 password cisco
mpls ldp neighbor 10.1.1.2 password cisco
mpls ldp neighbor 10.1.1.3 password cisco
mpls ldp neighbor 10.1.1.4 password cisco
mpls ldp neighbor 10.1.1.5 password cisco
mpls ldp neighbor 10.1.1.6 password cisco
mpls ldp neighbor 10.1.1.7 password cisco
mpls ldp neighbor 10.1.1.8 password cisco
!
interface Loopback0
ip address 10.1.1.22 255.255.255.255
!
interface Ethernet1/0
description # To PE1 e1/1 #
ip address 192.168.1.33 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/1
description # To PE2 e1/1 #
ip address 192.168.1.37 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/2
description # To PE3 e1/1 #
ip address 192.168.1.41 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet1/3
description # To PE4 e1/1 #
ip address 192.168.1.45 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/0
description # To PE8 e1/1 #
ip address 192.168.1.49 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/1
description # To PE7 e1/1 #
ip address 192.168.1.53 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/2
description # To PE6 e1/1 #
ip address 192.168.1.57 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
interface Ethernet2/3
description # To PE5 e1/1 #
ip address 192.168.1.61 255.255.255.252
ip ospf message-digest-key 1 md5 cisco
mpls ip
!
router ospf 1
router-id 10.1.1.22
log-adjacency-changes
max-metric router-lsa on-startup wait-for-bgp
max-metric router-lsa on-startup 360
timers throttle lsa all 0 20 5000
timers lsa arrival 15
timers pacing flood 15
timers throttle spf 50 50 5000
ispf
area 0 authentication message-digest
network 10.1.1.22 0.0.0.0 area 0
network 192.168.1.33 0.0.0.0 area 0
network 192.168.1.37 0.0.0.0 area 0
network 192.168.1.41 0.0.0.0 area 0
network 192.168.1.45 0.0.0.0 area 0
network 192.168.1.49 0.0.0.0 area 0
network 192.168.1.53 0.0.0.0 area 0
network 192.168.1.55 0.0.0.0 area 0
network 192.168.1.59 0.0.0.0 area 0
!
router bgp 100
bgp cluster-id 12
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 100
neighbor 10.1.1.1 password cisco
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.2 remote-as 100
neighbor 10.1.1.2 password cisco
neighbor 10.1.1.2 update-source Loopback0
neighbor 10.1.1.3 remote-as 100
neighbor 10.1.1.3 password cisco
neighbor 10.1.1.3 update-source Loopback0
neighbor 10.1.1.4 remote-as 100
neighbor 10.1.1.4 password cisco
neighbor 10.1.1.4 update-source Loopback0
neighbor 10.1.1.5 remote-as 100
neighbor 10.1.1.5 password cisco
neighbor 10.1.1.5 update-source Loopback0
neighbor 10.1.1.6 remote-as 100
neighbor 10.1.1.6 password cisco
neighbor 10.1.1.6 update-source Loopback0
neighbor 10.1.1.7 remote-as 100
neighbor 10.1.1.7 password cisco
neighbor 10.1.1.7 update-source Loopback0
neighbor 10.1.1.8 remote-as 100
neighbor 10.1.1.8 password cisco
neighbor 10.1.1.8 update-source Loopback0
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community
neighbor 10.1.1.6 route-reflector-client
neighbor 10.1.1.7 activate
neighbor 10.1.1.7 send-community
neighbor 10.1.1.7 route-reflector-client
neighbor 10.1.1.8 activate
neighbor 10.1.1.8 send-community
neighbor 10.1.1.8 route-reflector-client
no auto-summary
no synchronization
network 10.1.1.22 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community both
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community both
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community both
neighbor 10.1.1.3 route-reflector-client
neighbor 10.1.1.4 activate
neighbor 10.1.1.4 send-community both
neighbor 10.1.1.4 route-reflector-client
neighbor 10.1.1.5 activate
neighbor 10.1.1.5 send-community both
neighbor 10.1.1.5 route-reflector-client
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 send-community extended
neighbor 10.1.1.6 route-reflector-client
neighbor 10.1.1.7 activate
neighbor 10.1.1.7 send-community both
neighbor 10.1.1.7 route-reflector-client
neighbor 10.1.1.8 activate
neighbor 10.1.1.8 send-community both
neighbor 10.1.1.8 route-reflector-client
exit-address-family
!
access-list 1 permit 10.1.1.0 0.0.0.255
!
mpls ldp router-id Loopback0
!
### All configure have been proved, it work ###
สมัครสมาชิก:
บทความ (Atom)