Ø
DMVPN:-
allows VPN tunnels to be setup and torn down on an
as-needed basis
Ø
Multipoint
GRE (mGRE):- Allows a single router interface to have
multiple GRE tunnels.
Ø
In HUB and Spoke Topology DMVPN have an ability to allow
us to directly connect Spoke router without using HUB
Ø
This means our Spoke routers traffic directly going with each
other without disturbing the HUB router
v
HQ_INDIA interface Configuration:-
Ø
HQ_INDIA(config)#interface
fastEthernet 0/0
Ø
HQ_INDIA(config-if)#description
CONNECTED WITH SW1
Ø
HQ_INDIA(config-if)#ip
address 192.168.2.1 255.255.255.0
Ø
HQ_INDIA(config-if)#no
shut
Ø
HQ_INDIA(config-if)#exit
Ø
HQ_INDIA(config)#interface
fastEthernet 0/1
Ø
HQ_INDIA(config-if)#description
CONNECTED WITH INTERNET
Ø
HQ_INDIA(config-if)#ip
address 100.100.100.2 255.255.255.252 {static
ip needed on HQ }
Ø
HQ_INDIA(config-if)#no
shut
Ø
HQ_INDIA(config-if)#exit
v
Internet Router
interfaces Configuration:-
Ø
internet(config)#interface
Ethernet 1/0
Ø
internet(config-if)#description
CONNECTED WITH HQ_INDIA
Ø
internet(config-if)#ip
address 100.100.100.1 255.255.255.252
Ø
internet(config-if)#no
shut
Ø
internet(config-if)#exit
Ø
internet(config)#interface
fastEthernet 0/1
Ø
internet(config-if)#description
CONNECTED WITH BRANCH2
Ø
internet(config-if)#ip
address 100.100.100.9 255.255.255.252
Ø
internet(config-if)#no
shut
Ø
internet(config-if)#exit
Ø
internet(config)#interface
fastEthernet 0/0
Ø
internet(config-if)#description
CONNECTED WITH BRANCH3
Ø
internet(config-if)#ip
address 100.100.100.5 255.255.255.252
Ø
internet(config-if)#no
shut
Ø
internet(config-if)#exit
v
To allocated the Dynamic
ip addressing to branches we will configure DHCP server on ISP side router
Ø
internet(config)#ip
dhcp pool BRANCH2
Ø
internet(dhcp-config)#default-router
100.100.100.9
Ø
internet(dhcp-config)#network
100.100.100.8 255.255.255.252
Ø
internet(dhcp-config)#exit
Ø
internet(config)#ip
dhcp pool BRANCH3
Ø
internet(dhcp-config)#default-router
100.100.100.5
Ø
internet(dhcp-config)#network
100.100.100.4 255.255.255.252
Ø
internet(dhcp-config)#exit
We Suppose that these Connection are Broadband or DSL or any
v
Branch_2 Router interfaces Configuration:-
Ø
Branch_2(config)#interface
fastEthernet 0/1
Ø
Branch_2(config-if)#description
CONNECTED WITH INTERNET
Ø
Branch_2(config-if)#ip
address dhcp
Ø
Branch_2(config-if)#no
shut
Ø
Branch_2(config-if)#exit
Ø
Branch_2(config-if)#interface
fastEthernet 0/0
Ø
Branch_2(config-if)#description
CONNECTED WITH SW2
Ø
Branch_2(config-if)#ip
address 192.168.4.1 255.255.255.0
Ø
Branch_2(config-if)#no
shut
Ø
Branch_2(config-if)#exit
Ø
Branch_3(config)#interface
fastEthernet 0/1
Ø
Branch_3(config-if)#description
CONNECTED WITH INTERNET
Ø
Branch_3(config-if)#ip
address dhcp
Ø
Branch_3(config-if)#no
shut
Ø
Branch_3(config-if)#exit
Ø
Branch_3(config)#interface
fastEthernet 0/0
Ø
Branch_3(config-if)#description
CONNECTED WITH SW3
Ø
Branch_3(config-if)#ip
address 192.168.3.1 255.255.255.0
Ø
Branch_3(config-if)#no
shut
Ø
Branch_3(config-if)#exit
Terms:-
Ø
DEMVPN:-
allows VPN tunnels to be setup and torn down on an
as-needed basis
Ø
Multipoint
GRE (mGRE):- Allows a single router interface to have
multiple GRE tunnels.
Ø
NHRP
{Next Hop Resolution Protocol}:- Allows an interface
configured for mGRE to discover the IP address of the devices at the far end of
a tunnel.
v
Tunnel interface
Configuration
Ø
HQ_INDIA(config)#interface
Tunnel 1
Ø
HQ_INDIA(config-if)#
ip address 10.250.250.1 255.255.255.0 tunnel ip address
Ø
HQ_INDIA(config-if)#
ip mtu 1400
Ø
HQ_INDIA(config-if)#
ip nhrp authentication cisco Authentication key
Ø
HQ_INDIA(config-if)#
ip nhrp map multicast dynamic dynamically resolve
next hop
Ø
HQ_INDIA(config-if)#
ip nhrp network-id 1 all router have same
network id}
Ø
HQ_INDIA(config-if)#
ip tcp adjust-mss 1360
mss:- maximum segment size maximum TCP packets
size
Ø
HQ_INDIA(config-if)#
no ip split-horizon disable the Split-horizon
Ø
HQ_INDIA(config-if)#
tunnel source FastEthernet0/1 source interface
Ø
HQ_INDIA(config-if)#
tunnel mode gre multipoint
Ø
HQ_INDIA(config-if)#end
Ø
HQ_INDIA(config)#ip
route 0.0.0.0 0.0.0.0 f0/1
v
Routing Protocol
Configuration to advertise and form neighbor relationship
Ø
HQ_INDIA(config)#router
rip
Ø
HQ_INDIA(config-router)#version
2
Ø
HQ_INDIA(config-router)#network
192.168.2.0 advertise
lan networks
Ø
HQ_INDIA(config-router)#network
10.250.250.0 advertise tunnel networks
Ø
HQ_INDIA(config-router)#no
auto-summary
Ø
HQ_INDIA(config-router)#exit
v
Branch_2 Router
interfaces Configuration
Ø
Branch_2(config)#interface
Tunnel 1
Ø
Branch_2(config-if)#
ip address 10.250.250.2 255.255.255.0
Ø
Branch_2(config-if)#
ip mtu 1400
Ø
Branch_2(config-if)#
ip nhrp authentication cisco
Ø
Branch_2(config-if)#
ip nhrp map multicast dynamic
Ø
Branch_2(config-if)#
ip nhrp map 10.250.250.1 100.100.100.2 (map the HQ
router of first tunnel interface and second public ip address)
Ø
Branch_2(config-if)#
ip nhrp map multicast 100.100.100.2 {multicast
traffic allowed for HQ router Public address}
Ø
Branch_2(config-if)#
ip nhrp network-id 1
Ø
Branch_2(config-if)#
ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server
private ip address of HQ tunnel interface}
Ø
Branch_2(config-if)#
ip tcp adjust-mss 1360
Ø
Branch_2(config-if)#
tunnel source FastEthernet0/1
Ø
Branch_2(config-if)#
tunnel mode gre multipoint
Ø
Branch_2(config-if)#end
v
Routing Protocol
Configuration to advertise and form neighbor relationship
Ø
Branch_2(config)#router
rip
Ø
Branch_2(config-router)#version
2
Ø
Branch_2(config-router)#network
192.168.4.0 advertise lan networks
Ø
Branch_2(config-router)#network
10.250.250.0 advertise tunnel networks
Ø
Branch_2(config-router)#no
auto-summary
Ø
Branch_2(config-router)#exit
Ø
Branch_2(config)#ip
route 0.0.0.0 0.0.0.0 f0/1
v
Branch_3 Router Tunnel
interface Configuration:-
Ø
Branch_3(config)#interface
Tunnel1
Ø
Branch_3(config-if)#
ip address 10.250.250.3 255.255.255.0
Ø
Branch_3(config-if)#
ip mtu 1400
Ø
Branch_3(config-if)#
ip nhrp authentication cisco
Ø
Branch_3(config-if)#
ip nhrp map multicast dynamic
Ø
Branch_3(config-if)#
ip nhrp map 10.250.250.1 100.100.100.2
{map the HQ router of first tunnel interface and
second public ip address}
Ø
Branch_3(config-if)#
ip nhrp map multicast 100.100.100.2
{multicast traffic allowed for HQ router Public
address}
Ø
Branch_3(config-if)#
ip nhrp network-id 1
Ø
Branch_3(config-if)#
ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server private ip address of HQ tunnel
interface}
Ø
Branch_3(config-if)#
ip tcp adjust-mss 1360
Ø
Branch_3(config-if)#
tunnel source FastEthernet0/1
Ø
Branch_3(config-if)#
tunnel mode gre multipoint
Ø
Branch_3(config-if)#end
v
Routing Protocol Configuration
to advertise and form neighbor relationship
Ø
Branch_3(config)#router
rip
Ø
Branch_3(config-router)#version
2
Ø
Branch_3(config-router)#network
192.168.3.0 {Advertise Lan networks}
Ø
Branch_3(config-router)#network
10.250.250.0 {advertise
Tunnel networks}
Ø
Branch_3(config-router)#no
auto-summary
Ø
Branch_3(config-router)#exit
Ø
Branch_3(config)#ip
route 0.0.0.0 0.0.0.0 f0/1
v
Troubleshooting &
Verification Commands
Ø
Show
ip route
Ø
Show
ip interface brief
Ø
Show
ip protocols
Ø
Show
ip nhrp
Ø
Show
ip nhrp brief
Now
test
“Ping and traceroute” PC2 to
PC3
PC3 to PC2
PC1 to PC2
PC1 to PC3
Ø
What we will see Traffic from PC2 to PC3 will directly going from
Branch2 to Branch3
Ø
And PC3 to PC2 will directly going from Branch3 to Branch2
Ø
And will bypass the HQ to reach these destination
Ø
And
if we ping from internet router to our
routers for these 10.250.250.0/24 or 192.168.x.x. networks
Ø
internet router will fail that’s mean our all
traffic is going through multiple tunnels
Great Article
ReplyDeleteCyber Security Projects
projects for cse
Networking Security Projects
JavaScript Training in Chennai
JavaScript
Training in Chennai
The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals,
Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer.
Angular Training