【教程免费领取】DMVPN实现拨号环境下的分支与总部互访
今天我们给大家带来的是DMVPN实现拨号环境下的分支与总部互访,下面有完整的实验过程,大家按需自取。实验环境:本次实验网络拓扑有三个部分组成,其中,最上面的是我们的总部部分,做了一个简单的三层架构,用一台路由器作为边界设备,中间是运营商部分,由四台路由器和一台层交换机组成,每一台路由器都作为运营商的边缘设备,最下面是分公司部分,一共有三个分公司,每个分公司都采用一样的简单网络架构,边界路由器连接运营商。实验需求:1、总部和分公司各自的内网通讯正常2、该实验要求使用DMVPN技术,总公司为HUB端,分公司为SPOKEN端。3、分公司之间的内网主机可以互通。4、总公司和分公司的内网主机可以通信具体配置:R5:int lo0ip add 10.5.5.5255.255.255.255no shexitint e0/1ip add 192.168.15.5 255.255.255.0no shexitint e0/0ip add 100.1.15.5 255.255.255.0no shexitSW1:vlan 10vlan 100exitint e0/1switchporttrunk encapsulation dot1q switchport mode trunkexitint e0/0no switchportip add 192.168.15.1 255.255.255.0no shexitint range e0/2 - 3switchport mode accessswitchportaccess vlan 100exitservice dhcpip dhcp pool VLAN10network 192.168.1.0 255.255.255.0default-router 192.168.1.254dns-server 114.114.144.114domain-name Tiger.netexitip dhcp pool Server-Filehost 192.168.100.1 255.255.255.0default-router 192.168.100.254dns-server 114.114.114.114domain-name Tiger.net
这时候我们需要绑定MAC地址,于是我们接下来在服务器FILE上输入ip dhcp,如下图:
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=ODc1Mzg1NTk2NGRhZmE4NjE5NzEzMzViZjY0NzhjNGMsMTYxNjczNzEyOTk4MA==
然后再在SW1上查看mac地址信息:sh mac address
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=N2NjMGRhYzBiZDU3ODVkNDc5ZGZmMjQxNjEyZjk0NjgsMTYxNjczNzEyOTk4MA==
可以看到已经有了接口e0/2的MAC地址信息,我们再SW1上继续:client-identifier 010050.7966.6818 //在mac地址前加上01exitip dhcp pool Server-ADhost 192.168.100.2 255.255.255.0default-router 192.168.100.254dns-server 114.114.114.114domain-name Tiger.net同样那没法获取mac,这里我就直接截图了:https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=YmVhZWU2MWFjYjUwM2Q1ZTgyOGVkNjM4OWE5NzI1YWEsMTYxNjczNzEyOTk4MA==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=MDM0YTE1OGY3NTMwNmVlODA4MTliYmIwYjFhMDVjNjksMTYxNjczNzEyOTk4MA==
client-identifier 010050.7966.6817int vlan 100ip add 192.168.100.254 255.255.255.0no shexit做到这里我们来看一下,服务器获取的地址情况:
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=ZTY2YWQ3YmNjYTE3YTYwYmIyZDhhYTM0N2I3ODJkY2EsMTYxNjczNzEyOTk4MA==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=OGI3NTAwYTkzMDY0NmRlNmY1ZmJlODE4NWE3Mzk1YWIsMTYxNjczNzEyOTk4MQ==
int vlan 10ip add 192.168.1.254 255.255.255.0no sh exitS11:vlan 10exitint e0/0switchporttrunk encapsulation dot1q switchport mode trunkexitint range e0/1 - 3switchport mode accessswitchport access vlan 10exit到这里我们来看下内网主机获取地址的情况:
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=YmZkODJhYzFhNTc3N2VmMTVhNWQ4ODNkODYxNTBiOTQsMTYxNjczNzEyOTk4MQ==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=ZDk3OWQxZmQ3MzljYmI2MWUxNTc4MTNiNDc4NjI0NTIsMTYxNjczNzEyOTk4MQ==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=ODllZWY3OWUyYmZlNjk3M2FjMmE2ZGY5MmI2M2M2NTEsMTYxNjczNzEyOTk4MQ==
下面我们来做一下IGP:SW1:int lo0ip add 10.1.1.1 255.255.255.255no shrouter ei 10eigrp router-id 10.1.1.1no auto-summarynetwork 10.1.1.1 0.0.0.0net 192.168.1.254 0.0.0.0net 192.168.100.254 0.0.0.0net 192.168.15.1 0.0.0.0R5:router ei 10eigrp router-id 10.5.5.5no auto-summarynetwork 10.5.5.5 0.0.0.0net 192.168.15.5 0.0.0.0总部做到这一先告一段落了,最后我们来测试一下,内网主机到边界路由器的连通性,以H-PC1为例:
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=YzEzYzRkYTllNTIyOGNkMmJkZjVhOTE1ODhkYWU3OTcsMTYxNjczNzEyOTk4MQ==
下面我们开始来完成分支部分:R6:vpdn enableint lo0ip add 10.6.6.6 255.255.255.255exitint e0/0no shexitint e0/1ip add 192.168.2.254 255.255.255.0no shservice dhcpip dhcp pool VLAN 20network 192.168.2.0 255.255.255.0default-router 192.168.2.254dns-server 114.114.144.114domain-name Tiger.netexitBR1-Access1:vlan 20exitint range e0/0 - 3switchport mode accessswitchport access vlan 20exitR7:vpdn enableint lo0ip add 10.7.7.7 255.255.255.255exitint e0/0no shexitint e0/1ip add 192.168.3.254 255.255.255.0no shservice dhcpip dhcp pool VLAN 30network 192.168.3.0 255.255.255.0default-router 192.168.3.254dns-server 114.114.144.114domain-name Tiger.netexitBR2-Access1:vlan 30exitint range e0/0 - 3switchport mode accessswitchport access vlan 30exitR8:vpdn enableint lo0ip add 10.8.8.8255.255.255.255exitint e0/0no shexitint e0/1ip add 192.168.4.254 255.255.255.0no shservice dhcpip dhcp pool VLAN 40network 192.168.4.0 255.255.255.0default-router 192.168.4.254dns-server 114.114.144.114domain-name Tiger.netexitBR3-Access1:vlan 40exitint range e0/0 - 3switchport mode accessswitchport access vlan 40exit做到这里,我们来查看一下每个分支内主机获取地址的情况,每个分支选一台为例:https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=MzZhODc4NGVkODg2M2VmMmUyYzU3NmNjNzIxYzlkOTQsMTYxNjczNzEyOTk4MQ==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=MmRlYzZhNWQ1Y2M2ODk4OWM4Zjc3ODBkMGRkMmJjMmEsMTYxNjczNzEyOTk4MQ==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=N2ZlZmY3ZmQzNmFjODIwN2I3NzIwMzI3Mjg0YmRlMDAsMTYxNjczNzEyOTk4MQ==
做完这里我们再来做一下运营商部分:ISP-SW2:vlan 100exitint range e0/0 - 3switchport mode accessswitchport access vlan 100exitR1:int e0/1ip add 100.1.15.1 255.255.255.0no shint e0/0ip add 100.1.100.1 255.255.255.0no shint lo0ip add 100.1.1.1 255.255.255.255no shrouter isisnet 49.1234.0000.0000.0001.00log-adjacency-changes allis-type level-2metric-style wide int range lo0 , e0/0 - 1ip router isisexitrouter isispassive-interface ethernet 0/1exit
R2:vpdn enableint e0/1no shint e0/0ip add 100.1.100.2 255.255.255.0no shint lo0ip add 100.2.2.2 255.255.255.255no shservice dhcpip dhcp pool BR1network 100.1.26.0 255.255.255.0default-router 100.1.26.2 dns-server 114.114.144.114domain-name Tiger.netexitusername BR1 password CCIEinterface virtual-template 1encapsulation pppppp authentication chapip mtu 1492peer default ip address dhcp-pool BR1ip add 100.1.26.2 255.255.255.0no shexitbba-group pppoe BR1virtual-template 1exitint e0/1no shpppoe enable group BR1R6:int dialer 1encapsulation pppppp chap hostname BR1ppp chap password CCIEip mtu 1492dialer pool 1ip address negotiated ppp ipcp route defaultno shint e0/0pppoe-client dial-pool-number 1R2:router isisnet 49.1234.0000.0000.0002.00log-adjacency-changes allis-type level-2metric-style wide int range lo0 , e0/0 ip router isisexitint virtual-template 1ip router isisrouter isispassive-interface virtual-template 1exitR3:vpdn enableint e0/1no shint e0/0ip add 100.1.100.3 255.255.255.0no shint lo0ip add 100.3.3.3 255.255.255.255no shservice dhcpip dhcp pool BR2network 100.1.37.0 255.255.255.0default-router 100.1.37.3dns-server 114.114.144.114domain-name Tiger.netexitusername BR2 password CCIEinterface virtual-template 1encapsulation pppppp authentication chapip mtu 1492peer default ip address dhcp-pool BR2ip add 100.1.37.3 255.255.255.0no shexitbba-group pppoe BR2virtual-template 1exitint e0/1no shpppoe enable group BR2R7:int dialer 1encapsulation pppppp chap hostname BR2ppp chap password CCIEip mtu 1492dialer pool 1ip address negotiated ppp ipcp route defaultno shint e0/0pppoe-client dial-pool-number 1R3:router isisnet 49.1234.0000.0000.0003.00log-adjacency-changes allis-type level-2metric-style wide int range lo0 , e0/0 ip router isisexitint virtual-template 1ip router isisrouter isispassive-interface virtual-template 1exitR4:vpdn enableint e0/1no shint e0/0ip add 100.1.100.4 255.255.255.0no shint lo0ip add 100.4.4.4 255.255.255.255no shservice dhcpip dhcp pool BR3network 100.1.48.0 255.255.255.0default-router 100.1.48.24dns-server 114.114.144.114domain-name Tiger.netexitusername BR3 password CCIEinterface virtual-template 1encapsulation pppppp authentication chapip mtu 1492peer default ip address dhcp-pool BR3ip add 100.1.48.4 255.255.255.0no shexitbba-group pppoe BR3virtual-template 1exitint e0/1no shpppoe enable group BR3R8:int dialer 1encapsulation pppppp chap hostname BR3ppp chap password CCIEip mtu 1492dialer pool 1ip address negotiated ppp ipcp route defaultno shint e0/0pppoe-client dial-pool-number 1R4:router isisnet 49.1234.0000.0000.0004.00log-adjacency-changes allis-type level-2metric-style wide int range lo0 , e0/0 ip router isisexitint virtual-template 1ip router isisrouter isispassive-interface virtual-template 1exit
测试:(1)我们来看一下R6/7/8上的e0/0有没有获得地址:show ip interface brief
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=ODBjYzczNzYzZjRjNzFiZjliYjEyZTg2NWI5ZmRjNjEsMTYxNjczNzEyOTk4MQ==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=MmJkOThmMmQ3MGJlYWViMDg2Njc2ZTFiZjY5MmM4MzYsMTYxNjczNzEyOTk4Mg==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=N2RmMmJiOThkNjY4YWMyNzIzYmFhMzU2YWQ0ZTYyNjksMTYxNjczNzEyOTk4Mg==
(2)看一下isis的路由表:show ip route isis
接下来我们开始下一步:R5:ip route 0.0.0.0 0.0.0.0 e0/0 100.1.15.1int tunnel 100 tunnel mode gre multipointtunnel source 100.1.15.5tunnel key 100ip nhrp network-id 100ip nhrpauthentication CCIEip nhrp map multicast dynamic ip nhrp redirectip add 192.168.255.5 255.255.255.0no shexitR6:int tunnel 100 tunnel mode gre multipointtunnel source dialer 1ip nhrp nhs 192.168.255.5tunnel key 100ip nhrp network-id 100ip nhrpauthentication CCIEip nhrp map multicast 100.1.15.5 ip nhrp map 192.168.255.5 100.1.15.5ip nhrp shortcutip add 192.168.255.6 255.255.255.0no shexitR7:int tunnel 100 tunnel mode gre multipointtunnel source dialer 1ip nhrp nhs 192.168.255.5tunnel key 100ip nhrp network-id 100ip nhrpauthentication CCIEip nhrp map multicast 100.1.15.5 ip nhrp map 192.168.255.5 100.1.15.5ip nhrp shortcutip add 192.168.255.7 255.255.255.0no shexitR8:int tunnel 100 tunnel mode gre multipointtunnel source dialer 1ip nhrp nhs 192.168.255.5tunnel key 100ip nhrp network-id 100ip nhrpauthentication CCIEip nhrp map multicast 100.1.15.5 ip nhrp map 192.168.255.5 100.1.15.5ip nhrp shortcutip add 192.168.255.8 255.255.255.0no shexit做到这里我们在hub端看一下实验结果,show dmvpn
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=OGVjMmM5ODFiZmY0YzNlYzk1NzU0N2M0OThmYTkyOWMsMTYxNjczNzEyOTk4Mg==
可以看到,3个节点都有,那我们再在HUB端来看看三个spoken端的注册信息,show ip nhrp
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=NjYxZjhiOWQxNzBmNzA0MGMyOWM5NDQ2YTc2ZTVmODQsMTYxNjczNzEyOTk4Mg==
继续,我们在隧道间做eigrp来完成连通信。R5:router eigrp 10net 192.168.255.5 0.0.0.0R6:router eigrp 10eigrp router-id 10.6.6.6no auto-summarynet 192.168.255.6 0.0.0.0net 10.6.6.6 0.0.0.0net 192.168.2.254 0.0.0.0R7:router eigrp 10eigrp router-id 10.7.7.7no auto-summarynet 192.168.255.7 0.0.0.0net 10.7.7.7 0.0.0.0net 192.168.3.254 0.0.0.0R8:router eigrp 10eigrp router-id 10.8.8.8no auto-summaryno net 192.168.255.8 0.0.0.0no net 10.8.8.8 0.0.0.0no net 192.168.4.254 0.0.0.0做到这里我们来看一下eigrp的路由表:
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=OTAzMjVkNGExMWRhOTNhOThiZDE3ZmNjZmJhNDg4NjMsMTYxNjczNzEyOTk4Mg==
这里我们可以看到hu端上已经有了所有spoken端的路由,接下来我们看看spoken端的 :
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=ODJhNDdlZjYzOWY3ZGQzMzA3ZmNjZWJiMjc2MjAyMTUsMTYxNjczNzEyOTk4Mg==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=ZGQ5NWM1NjFmNTIyOWNhNzFiMGVlZjZhN2ZmNWE1MzEsMTYxNjczNzEyOTk4Mg==
我们可以发现spoken端说不到其他spoken端的路由 ,这是因为eigrp的水平分割导致的,从一个接口收到的路由不可能再从这个接口发出去,所以hub端只能发送自己的路由。那么怎么解决这个问题呢,我们接下来继续。R5:int tunnel 100no ip split-horizon eigrp 10 //关闭eigrp 10 的水平分割这时我们已R6为例再来看一下eigrp的路由表:show ip route eigrp
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=Yjk3YmYyOTY5ZTk4ODU2MWZjNTQ0OTIzZTQ0ZjcxZWQsMTYxNjczNzEyOTk4Mg==
R7,R8同上所述。最后我们来测试一下总部和分支主机和服务器之间的通信以及通信路径:
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=MTMxZTAxNGYxOTJmODA0OTA3NTk0OGY5MzVhN2MwYTgsMTYxNjczNzEyOTk4Mw==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=MzhmY2IwZTZjNzRmZTQ5MTgyZTg1OWQ2MTgwZGVjYzEsMTYxNjczNzEyOTk4Mw==
https://mp.toutiao.com/mp/agw/article_material/open_image/get?code=NWRmY2JmZWM2NDg0MWM0OGQwNTg2NWQxMzYwOTY4NzUsMTYxNjczNzEyOTk4Mw==
可以看到很完美的实现了本次实验。OK,文末再次提醒大家,扫码添加好友,即可免费领取实验相关的所有资料(教学视频、实验文档、实验环境)。
资料太棒了 谢谢大神 厉害了 刚好学到这部分!感谢资料 {:6_267:}
页:
[1]