Ø
DMVPN:-
allows VPN tunnels to be setup and torn down on an
as-needed basis
Ø
Multipoint
GRE (mGRE):- Allows a single router interface to have
multiple GRE tunnels.
Ø
In HUB and Spoke Topology DMVPN have an ability to allow
us to directly connect Spoke router without using HUB
Ø
This means our Spoke routers traffic directly going with each
other without disturbing the HUB router
v
HQ_INDIA interface Configuration:-
Ø
HQ_INDIA(config)#interface
fastEthernet 0/0
Ø
HQ_INDIA(config-if)#description
CONNECTED WITH SW1
Ø
HQ_INDIA(config-if)#ip
address 192.168.2.1 255.255.255.0
Ø
HQ_INDIA(config-if)#no
shut
Ø
HQ_INDIA(config-if)#exit
Ø
HQ_INDIA(config)#interface
fastEthernet 0/1
Ø
HQ_INDIA(config-if)#description
CONNECTED WITH INTERNET
Ø
HQ_INDIA(config-if)#ip
address 100.100.100.2 255.255.255.252 {static
ip needed on HQ }
Ø
HQ_INDIA(config-if)#no
shut
Ø
HQ_INDIA(config-if)#exit
v
Internet Router
interfaces Configuration:-
Ø
internet(config)#interface
Ethernet 1/0
Ø
internet(config-if)#description
CONNECTED WITH HQ_INDIA
Ø
internet(config-if)#ip
address 100.100.100.1 255.255.255.252
Ø
internet(config-if)#no
shut
Ø
internet(config-if)#exit
Ø
internet(config)#interface
fastEthernet 0/1
Ø
internet(config-if)#description
CONNECTED WITH BRANCH2
Ø
internet(config-if)#ip
address 100.100.100.9 255.255.255.252
Ø
internet(config-if)#no
shut
Ø
internet(config-if)#exit
Ø
internet(config)#interface
fastEthernet 0/0
Ø
internet(config-if)#description
CONNECTED WITH BRANCH3
Ø
internet(config-if)#ip
address 100.100.100.5 255.255.255.252
Ø
internet(config-if)#no
shut
Ø
internet(config-if)#exit
v
To allocated the Dynamic
ip addressing to branches we will configure DHCP server on ISP side router
Ø
internet(config)#ip
dhcp pool BRANCH2
Ø
internet(dhcp-config)#default-router
100.100.100.9
Ø
internet(dhcp-config)#network
100.100.100.8 255.255.255.252
Ø
internet(dhcp-config)#exit
Ø
internet(config)#ip
dhcp pool BRANCH3
Ø
internet(dhcp-config)#default-router
100.100.100.5
Ø
internet(dhcp-config)#network
100.100.100.4 255.255.255.252
Ø
internet(dhcp-config)#exit
We Suppose that these Connection are Broadband or DSL or any
v
Branch_2 Router interfaces Configuration:-
Ø
Branch_2(config)#interface
fastEthernet 0/1
Ø
Branch_2(config-if)#description
CONNECTED WITH INTERNET
Ø
Branch_2(config-if)#ip
address dhcp
Ø
Branch_2(config-if)#no
shut
Ø
Branch_2(config-if)#exit
Ø
Branch_2(config-if)#interface
fastEthernet 0/0
Ø
Branch_2(config-if)#description
CONNECTED WITH SW2
Ø
Branch_2(config-if)#ip
address 192.168.4.1 255.255.255.0
Ø
Branch_2(config-if)#no
shut
Ø
Branch_2(config-if)#exit
Ø
Branch_3(config)#interface
fastEthernet 0/1
Ø
Branch_3(config-if)#description
CONNECTED WITH INTERNET
Ø
Branch_3(config-if)#ip
address dhcp
Ø
Branch_3(config-if)#no
shut
Ø
Branch_3(config-if)#exit
Ø
Branch_3(config)#interface
fastEthernet 0/0
Ø
Branch_3(config-if)#description
CONNECTED WITH SW3
Ø
Branch_3(config-if)#ip
address 192.168.3.1 255.255.255.0
Ø
Branch_3(config-if)#no
shut
Ø
Branch_3(config-if)#exit
Terms:-
Ø
DEMVPN:-
allows VPN tunnels to be setup and torn down on an
as-needed basis
Ø
Multipoint
GRE (mGRE):- Allows a single router interface to have
multiple GRE tunnels.
Ø
NHRP
{Next Hop Resolution Protocol}:- Allows an interface
configured for mGRE to discover the IP address of the devices at the far end of
a tunnel.
v
Tunnel interface
Configuration
Ø
HQ_INDIA(config)#interface
Tunnel 1
Ø
HQ_INDIA(config-if)#
ip address 10.250.250.1 255.255.255.0 tunnel ip address
Ø
HQ_INDIA(config-if)#
ip mtu 1400
Ø
HQ_INDIA(config-if)#
ip nhrp authentication cisco Authentication key
Ø
HQ_INDIA(config-if)#
ip nhrp map multicast dynamic dynamically resolve
next hop
Ø
HQ_INDIA(config-if)#
ip nhrp network-id 1 all router have same
network id}
Ø
HQ_INDIA(config-if)#
ip tcp adjust-mss 1360
mss:- maximum segment size maximum TCP packets
size
Ø
HQ_INDIA(config-if)#
no ip split-horizon disable the Split-horizon
Ø
HQ_INDIA(config-if)#
tunnel source FastEthernet0/1 source interface
Ø
HQ_INDIA(config-if)#
tunnel mode gre multipoint
Ø
HQ_INDIA(config-if)#end
Ø
HQ_INDIA(config)#ip
route 0.0.0.0 0.0.0.0 f0/1
v
Routing Protocol
Configuration to advertise and form neighbor relationship
Ø
HQ_INDIA(config)#router
rip
Ø
HQ_INDIA(config-router)#version
2
Ø
HQ_INDIA(config-router)#network
192.168.2.0 advertise
lan networks
Ø
HQ_INDIA(config-router)#network
10.250.250.0 advertise tunnel networks
Ø
HQ_INDIA(config-router)#no
auto-summary
Ø
HQ_INDIA(config-router)#exit
v
Branch_2 Router
interfaces Configuration
Ø
Branch_2(config)#interface
Tunnel 1
Ø
Branch_2(config-if)#
ip address 10.250.250.2 255.255.255.0
Ø
Branch_2(config-if)#
ip mtu 1400
Ø
Branch_2(config-if)#
ip nhrp authentication cisco
Ø
Branch_2(config-if)#
ip nhrp map multicast dynamic
Ø
Branch_2(config-if)#
ip nhrp map 10.250.250.1 100.100.100.2 (map the HQ
router of first tunnel interface and second public ip address)
Ø
Branch_2(config-if)#
ip nhrp map multicast 100.100.100.2 {multicast
traffic allowed for HQ router Public address}
Ø
Branch_2(config-if)#
ip nhrp network-id 1
Ø
Branch_2(config-if)#
ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server
private ip address of HQ tunnel interface}
Ø
Branch_2(config-if)#
ip tcp adjust-mss 1360
Ø
Branch_2(config-if)#
tunnel source FastEthernet0/1
Ø
Branch_2(config-if)#
tunnel mode gre multipoint
Ø
Branch_2(config-if)#end
v
Routing Protocol
Configuration to advertise and form neighbor relationship
Ø
Branch_2(config)#router
rip
Ø
Branch_2(config-router)#version
2
Ø
Branch_2(config-router)#network
192.168.4.0 advertise lan networks
Ø
Branch_2(config-router)#network
10.250.250.0 advertise tunnel networks
Ø
Branch_2(config-router)#no
auto-summary
Ø
Branch_2(config-router)#exit
Ø
Branch_2(config)#ip
route 0.0.0.0 0.0.0.0 f0/1
v
Branch_3 Router Tunnel
interface Configuration:-
Ø
Branch_3(config)#interface
Tunnel1
Ø
Branch_3(config-if)#
ip address 10.250.250.3 255.255.255.0
Ø
Branch_3(config-if)#
ip mtu 1400
Ø
Branch_3(config-if)#
ip nhrp authentication cisco
Ø
Branch_3(config-if)#
ip nhrp map multicast dynamic
Ø
Branch_3(config-if)#
ip nhrp map 10.250.250.1 100.100.100.2
{map the HQ router of first tunnel interface and
second public ip address}
Ø
Branch_3(config-if)#
ip nhrp map multicast 100.100.100.2
{multicast traffic allowed for HQ router Public
address}
Ø
Branch_3(config-if)#
ip nhrp network-id 1
Ø
Branch_3(config-if)#
ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server private ip address of HQ tunnel
interface}
Ø
Branch_3(config-if)#
ip tcp adjust-mss 1360
Ø
Branch_3(config-if)#
tunnel source FastEthernet0/1
Ø
Branch_3(config-if)#
tunnel mode gre multipoint
Ø
Branch_3(config-if)#end
v
Routing Protocol Configuration
to advertise and form neighbor relationship
Ø
Branch_3(config)#router
rip
Ø
Branch_3(config-router)#version
2
Ø
Branch_3(config-router)#network
192.168.3.0 {Advertise Lan networks}
Ø
Branch_3(config-router)#network
10.250.250.0 {advertise
Tunnel networks}
Ø
Branch_3(config-router)#no
auto-summary
Ø
Branch_3(config-router)#exit
Ø
Branch_3(config)#ip
route 0.0.0.0 0.0.0.0 f0/1
v
Troubleshooting &
Verification Commands
Ø
Show
ip route
Ø
Show
ip interface brief
Ø
Show
ip protocols
Ø
Show
ip nhrp
Ø
Show
ip nhrp brief
Now
test
“Ping and traceroute” PC2 to
PC3
PC3 to PC2
PC1 to PC2
PC1 to PC3
Ø
What we will see Traffic from PC2 to PC3 will directly going from
Branch2 to Branch3
Ø
And PC3 to PC2 will directly going from Branch3 to Branch2
Ø
And will bypass the HQ to reach these destination
Ø
And
if we ping from internet router to our
routers for these 10.250.250.0/24 or 192.168.x.x. networks
Ø
internet router will fail that’s mean our all
traffic is going through multiple tunnels
0 comments:
Post a Comment