|
今天我们给大家带来的是DMVPN实现拨号环境下的分支与总部互访,下面有完整的实验过程,大家按需自取。 实验环境: 本次实验网络拓扑有三个部分组成,其中,最上面的是我们的总部部分,做了一个简单的三层架构,用一台路由器作为边界设备,中间是运营商部分,由四台路由器和一台层交换机组成,每一台路由器都作为运营商的边缘设备,最下面是分公司部分,一共有三个分公司,每个分公司都采用一样的简单网络架构,边界路由器连接运营商。 实验需求: 1、总部和分公司各自的内网通讯正常 2、该实验要求使用DMVPN技术,总公司为HUB端,分公司为SPOKEN端。 3、分公司之间的内网主机可以互通。 4、总公司和分公司的内网主机可以通信
具体配置: R5: int lo0 ip add 10.5.5.5 255.255.255.255 no sh exit int e0/1 ip add 192.168.15.5 255.255.255.0 no sh exit int e0/0 ip add 100.1.15.5 255.255.255.0 no sh exit SW1: vlan 10 vlan 100 exit int e0/1 switchport trunk encapsulation dot1q switchport mode trunk exit int e0/0 no switchport ip add 192.168.15.1 255.255.255.0 no sh exit int range e0/2 - 3 switchport mode access switchport access vlan 100 exit service dhcp ip dhcp pool VLAN10 network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 dns-server 114.114.144.114 domain-name Tiger.net exit ip dhcp pool Server-File host 192.168.100.1 255.255.255.0 default-router 192.168.100.254 dns-server 114.114.114.114 domain-name Tiger.net
这时候我们需要绑定MAC地址,于是我们接下来在服务器FILE上输入ip dhcp,如下图:
然后再在SW1上查看mac地址信息:sh mac address
可以看到已经有了接口e0/2的MAC地址信息,我们再SW1上继续: client-identifier 010050.7966.6818 //在mac地址前加上01 exit ip dhcp pool Server-AD host 192.168.100.2 255.255.255.0 default-router 192.168.100.254 dns-server 114.114.114.114 domain-name Tiger.net 同样那没法获取mac,这里我就直接截图了:
client-identifier 010050.7966.6817 int vlan 100 ip add 192.168.100.254 255.255.255.0 no sh exit 做到这里我们来看一下,服务器获取的地址情况:
int vlan 10 ip add 192.168.1.254 255.255.255.0 no sh exit S11: vlan 10 exit int e0/0 switchport trunk encapsulation dot1q switchport mode trunk exit int range e0/1 - 3 switchport mode access switchport access vlan 10 exit 到这里我们来看下内网主机获取地址的情况:
下面我们来做一下IGP: SW1: int lo0 ip add 10.1.1.1 255.255.255.255 no sh router ei 10 eigrp router-id 10.1.1.1 no auto-summary network 10.1.1.1 0.0.0.0 net 192.168.1.254 0.0.0.0 net 192.168.100.254 0.0.0.0 net 192.168.15.1 0.0.0.0 R5: router ei 10 eigrp router-id 10.5.5.5 no auto-summary network 10.5.5.5 0.0.0.0 net 192.168.15.5 0.0.0.0 总部做到这一先告一段落了,最后我们来测试一下,内网主机到边界路由器的连通性,以H-PC1为例:
下面我们开始来完成分支部分: R6: vpdn enable int lo0 ip add 10.6.6.6 255.255.255.255 exit int e0/0 no sh exit int e0/1 ip add 192.168.2.254 255.255.255.0 no sh service dhcp ip dhcp pool VLAN 20 network 192.168.2.0 255.255.255.0 default-router 192.168.2.254 dns-server 114.114.144.114 domain-name Tiger.net exit BR1-Access1: vlan 20 exit int range e0/0 - 3 switchport mode access switchport access vlan 20 exit R7: vpdn enable int lo0 ip add 10.7.7.7 255.255.255.255 exit int e0/0 no sh exit int e0/1 ip add 192.168.3.254 255.255.255.0 no sh service dhcp ip dhcp pool VLAN 30 network 192.168.3.0 255.255.255.0 default-router 192.168.3.254 dns-server 114.114.144.114 domain-name Tiger.net exit BR2-Access1: vlan 30 exit int range e0/0 - 3 switchport mode access switchport access vlan 30 exit R8: vpdn enable int lo0 ip add 10.8.8.8 255.255.255.255 exit int e0/0 no sh exit int e0/1 ip add 192.168.4.254 255.255.255.0 no sh service dhcp ip dhcp pool VLAN 40 network 192.168.4.0 255.255.255.0 default-router 192.168.4.254 dns-server 114.114.144.114 domain-name Tiger.net exit BR3-Access1: vlan 40 exit int range e0/0 - 3 switchport mode access switchport access vlan 40 exit 做到这里,我们来查看一下每个分支内主机获取地址的情况,每个分支选一台为例:
做完这里我们再来做一下运营商部分: ISP-SW2: vlan 100 exit int range e0/0 - 3 switchport mode access switchport access vlan 100 exit R1: int e0/1 ip add 100.1.15.1 255.255.255.0 no sh int e0/0 ip add 100.1.100.1 255.255.255.0 no sh int lo0 ip add 100.1.1.1 255.255.255.255 no sh router isis net 49.1234.0000.0000.0001.00 log-adjacency-changes all is-type level-2 metric-style wide int range lo0 , e0/0 - 1 ip router isis exit router isis passive-interface ethernet 0/1 exit
R2: vpdn enable int e0/1 no sh int e0/0 ip add 100.1.100.2 255.255.255.0 no sh int lo0 ip add 100.2.2.2 255.255.255.255 no sh service dhcp ip dhcp pool BR1 network 100.1.26.0 255.255.255.0 default-router 100.1.26.2 dns-server 114.114.144.114 domain-name Tiger.net exit username BR1 password CCIE interface virtual-template 1 encapsulation ppp ppp authentication chap ip mtu 1492 peer default ip address dhcp-pool BR1 ip add 100.1.26.2 255.255.255.0 no sh exit bba-group pppoe BR1 virtual-template 1 exit int e0/1 no sh pppoe enable group BR1 R6: int dialer 1 encapsulation ppp ppp chap hostname BR1 ppp chap password CCIE ip mtu 1492 dialer pool 1 ip address negotiated ppp ipcp route default no sh int e0/0 pppoe-client dial-pool-number 1 R2: router isis net 49.1234.0000.0000.0002.00 log-adjacency-changes all is-type level-2 metric-style wide int range lo0 , e0/0 ip router isis exit int virtual-template 1 ip router isis router isis passive-interface virtual-template 1 exit R3: vpdn enable int e0/1 no sh int e0/0 ip add 100.1.100.3 255.255.255.0 no sh int lo0 ip add 100.3.3.3 255.255.255.255 no sh service dhcp ip dhcp pool BR2 network 100.1.37.0 255.255.255.0 default-router 100.1.37.3 dns-server 114.114.144.114 domain-name Tiger.net exit username BR2 password CCIE interface virtual-template 1 encapsulation ppp ppp authentication chap ip mtu 1492 peer default ip address dhcp-pool BR2 ip add 100.1.37.3 255.255.255.0 no sh exit bba-group pppoe BR2 virtual-template 1 exit int e0/1 no sh pppoe enable group BR2 R7: int dialer 1 encapsulation ppp ppp chap hostname BR2 ppp chap password CCIE ip mtu 1492 dialer pool 1 ip address negotiated ppp ipcp route default no sh int e0/0 pppoe-client dial-pool-number 1 R3: router isis net 49.1234.0000.0000.0003.00 log-adjacency-changes all is-type level-2 metric-style wide int range lo0 , e0/0 ip router isis exit int virtual-template 1 ip router isis router isis passive-interface virtual-template 1 exit R4: vpdn enable int e0/1 no sh int e0/0 ip add 100.1.100.4 255.255.255.0 no sh int lo0 ip add 100.4.4.4 255.255.255.255 no sh service dhcp ip dhcp pool BR3 network 100.1.48.0 255.255.255.0 default-router 100.1.48.24 dns-server 114.114.144.114 domain-name Tiger.net exit username BR3 password CCIE interface virtual-template 1 encapsulation ppp ppp authentication chap ip mtu 1492 peer default ip address dhcp-pool BR3 ip add 100.1.48.4 255.255.255.0 no sh exit bba-group pppoe BR3 virtual-template 1 exit int e0/1 no sh pppoe enable group BR3 R8: int dialer 1 encapsulation ppp ppp chap hostname BR3 ppp chap password CCIE ip mtu 1492 dialer pool 1 ip address negotiated ppp ipcp route default no sh int e0/0 pppoe-client dial-pool-number 1 R4: router isis net 49.1234.0000.0000.0004.00 log-adjacency-changes all is-type level-2 metric-style wide int range lo0 , e0/0 ip router isis exit int virtual-template 1 ip router isis router isis passive-interface virtual-template 1 exit
测试: (1)我们来看一下R6/7/8上的e0/0有没有获得地址:show ip interface brief
(2)看一下isis的路由表:show ip route isis
接下来我们开始下一步: R5: ip route 0.0.0.0 0.0.0.0 e0/0 100.1.15.1 int tunnel 100 tunnel mode gre multipoint tunnel source 100.1.15.5 tunnel key 100 ip nhrp network-id 100 ip nhrp authentication CCIE ip nhrp map multicast dynamic ip nhrp redirect ip add 192.168.255.5 255.255.255.0 no sh exit R6: int tunnel 100 tunnel mode gre multipoint tunnel source dialer 1 ip nhrp nhs 192.168.255.5 tunnel key 100 ip nhrp network-id 100 ip nhrp authentication CCIE ip nhrp map multicast 100.1.15.5 ip nhrp map 192.168.255.5 100.1.15.5 ip nhrp shortcut ip add 192.168.255.6 255.255.255.0 no sh exit R7: int tunnel 100 tunnel mode gre multipoint tunnel source dialer 1 ip nhrp nhs 192.168.255.5 tunnel key 100 ip nhrp network-id 100 ip nhrp authentication CCIE ip nhrp map multicast 100.1.15.5 ip nhrp map 192.168.255.5 100.1.15.5 ip nhrp shortcut ip add 192.168.255.7 255.255.255.0 no sh exit R8: int tunnel 100 tunnel mode gre multipoint tunnel source dialer 1 ip nhrp nhs 192.168.255.5 tunnel key 100 ip nhrp network-id 100 ip nhrp authentication CCIE ip nhrp map multicast 100.1.15.5 ip nhrp map 192.168.255.5 100.1.15.5 ip nhrp shortcut ip add 192.168.255.8 255.255.255.0 no sh exit 做到这里我们在hub端看一下实验结果,show dmvpn
可以看到,3个节点都有,那我们再在HUB端来看看三个spoken端的注册信息,show ip nhrp
继续,我们在隧道间做eigrp来完成连通信。 R5: router eigrp 10 net 192.168.255.5 0.0.0.0 R6: router eigrp 10 eigrp router-id 10.6.6.6 no auto-summary net 192.168.255.6 0.0.0.0 net 10.6.6.6 0.0.0.0 net 192.168.2.254 0.0.0.0 R7: router eigrp 10 eigrp router-id 10.7.7.7 no auto-summary net 192.168.255.7 0.0.0.0 net 10.7.7.7 0.0.0.0 net 192.168.3.254 0.0.0.0 R8: router eigrp 10 eigrp router-id 10.8.8.8 no auto-summary no net 192.168.255.8 0.0.0.0 no net 10.8.8.8 0.0.0.0 no net 192.168.4.254 0.0.0.0 做到这里我们来看一下eigrp的路由表:
这里我们可以看到hu端上已经有了所有spoken端的路由,接下来我们看看spoken端的 :
我们可以发现spoken端说不到其他spoken端的路由 ,这是因为eigrp的水平分割导致的,从一个接口收到的路由不可能再从这个接口发出去,所以hub端只能发送自己的路由。那么怎么解决这个问题呢,我们接下来继续。 R5: int tunnel 100 no ip split-horizon eigrp 10 //关闭eigrp 10 的水平分割 这时我们已R6为例再来看一下eigrp的路由表:show ip route eigrp
R7,R8同上所述。最后我们来测试一下总部和分支主机和服务器之间的通信以及通信路径:
可以看到很完美的实现了本次实验。OK,文末再次提醒大家,扫码添加好友,即可免费领取实验相关的所有资料(教学视频、实验文档、实验环境)。
| 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2021-3-26 13:43:20
置顶卡
喧嚣卡
变色卡
千斤顶
