这篇博客详细介绍了DM-VXN单云双中心的配置过程,包括实验目的、实验拓扑以及关键步骤如接口IP配置、路由协议基本配置、TUNNEL配置、EIGRP邻接关系建立、网络联通性检测等。通过配置,确保了SPOKE间的正常通讯和在hub1故障时的网络稳定性。
实验目的
1、熟练实施DM-VXN 单云双中心。
实验拓扑
接口ip配置
R1(config)#interface e0/0
R1(config-if)#ip address 192.168.16.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#interface e0/1
R1(config-if)#ip address 202.1.13.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#interface e0/1
R2(config-if)#ip address 192.168.27.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#interface e0/0
R2(config-if)#ip address 202.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R3(config)#interface e0/1
R3(config-if)#ip address 202.1.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#interface e0/0
R3(config-if)#ip address 202.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#interface e0/2
R3(config-if)#ip address 202.1.34.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#interface e0/3
R3(config-if)#ip address 202.1.35.3 255.255.255.0
R3(config-if)#no shutdown
R4(config)#interface e0/2
R4(config-if)#ip address 202.1.34.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#interface e0/0
R4(config-if)#ip address 192.168.48.4 255.255.255.0
R4(config-if)#no shutdown
R5(config)#interface e0/3
R5(config-if)#ip address 202.1.35.5 255.255.255.0
R5(config-if)#no shutdown
R5(config-if)#interface e0/0
R5(config-if)#ip address 192.168.59.5 255.255.255.0
R5(config-if)#no shutdown
路由协议基本配置
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
R1(config-router)#network 202.1.13.0 0.0.0.255
R1(config-router)#network 192.168.16.0 0.0.0.255
R2(config)#router eigrp 1
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.27.0 0.0.0.255
R2(config-router)#network 202.1.23.0 0.0.0.255
R3(config)#router eigrp 1
R3(config-router)#no auto-summary
R3(config-router)#network 202.1.13.0 0.0.0.255
R3(config-router)#network 202.1.23.0 0.0.0.255
R3(config-router)#network 202.1.34.0 0.0.0.255
R3(config-router)#network 202.1.35.0 0.0.0.255
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#network 202.1.34.0 0.0.0.255
R4(config-router)#network 192.168.48.0 0.0.0.255
R5(config)#router eigrp 1
R5(config-router)#no auto-summary
R5(config-router)#network 202.1.35.0 0.0.0.255
R5(config-router)#network 192.168.59.0 0.0.0.255 查看eigrp邻接关系建立情况
R3#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 202.1.35.5 Et0/3 11 00:07:35 6 100 0 4
2 202.1.34.4 Et0/2 10 00:10:21 9 100 0 5
1 202.1.23.2 Et0/0 11 00:16:24 8 100 0 7
0 202.1.13.1 Et0/1 11 00:16:28 422 2532 0 8检测网络联通性
pc4#ping 192.168.16.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
pc4#ping 192.168.27.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.27.7, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
pc4#ping 192.168.48.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.48.8, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
pc4# 完成R1 R2 R4 R5 的TUNNEL 配置。
R1(config)#interface tunnel 1
R1(config-if)#ip address 172.16.1.1 255.255.255.0
R1(config-if)#tunnel source e0/1
R1(config-if)#tunnel key 1234
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#ip nhrp network-id 1234
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#ip nhrp map 172.16.1.2 202.1.23.2
R1(config-if)#ip nhrp map multicast 202.1.23.2
//先配置R1的nhs,则R1为主,R2为从
R2(config)#interface tunnel 1
R2(config-if)#ip address 172.16.1.2 255.255.255.0
R2(config-if)#tunnel source e0/0
R2(config-if)#tunnel mode gre multipoint
R2(config-if)#tunnel key 1234
R2(config-if)#ip nhrp network-id 1234
R2(config-if)#ip nhrp map multicast dynamic
R2(config-if)#ip nhrp map 172.16.1.1 202.1.13.1
R2(config-if)#ip nhrp map multicast 202.1.13.1
R4(config)#interface tunnel 1
R4(config-if)#ip address 172.16.1.4 255.255.255.0
R4(config-if)#tunnel source e0/2
R4(config-if)#tunnel mode gre multipoint
R4(config-if)#tunnel key 1234
R4(config-if)#ip nhrp network-id 1234
R4(config-if)#ip nhrp nhs 172.16.1.1
R4(config-if)#ip nhrp map 172.16.1.1 202.1.13.1
R4(config-if)#ip nhrp map multicast 202.1.13.1
R4(config-if)#ip nhrp nhs 172.16.1.2
R4(config-if)#ip nhrp map 172.16.1.2 202.1.23.2
R4(config-if)#ip nhrp map multicast 202.1.23.2
R5(config)#interface tunnel 1
R5(config-if)#ip address 172.16.1.5 255.255.255.0
R5(config-if)#tunnel source e0/3
R5(config-if)#tunnel mode gre multipoint
R5(config-if)#tunnel key 1234
R5(config-if)#ip nhrp network-id 1234
R5(config-if)#ip nhrp authentication 1234
R5(config-if)#ip nhrp nhs 172.16.1.1
R5(config-if)#ip nhrp map 172.16.1.1 202.1.13.1
R5(config-if)#ip nhrp map multicast 202.1.13.1
R5(config-if)#ip nhrp nhs 172.16.1.2
R5(config-if)#ip nhrp map 172.16.1.2 202.1.23.2
R5(config-if)#ip nhrp map multicast 202.1.23.2 校验HUB是否收到SPOKE 地址信息。
R1#show ip nhrp
172.16.1.2/32 via 172.16.1.2
Tunnel1 created 00:10:37, never expire
Type: static, Flags:
NBMA address: 202.1.23.2
172.16.1.4/32 via 172.16.1.4
Tunnel1 created 00:07:12, expire 01:52:47
Type: dynamic, Flags: unique registered
NBMA address: 202.1.34.4
172.16.1.5/32 via 172.16.1.5
Tunnel1 created 00:03:56, expire 01:56:03
Type: dynamic, Flags: unique registered
NBMA address: 202.1.35.5
R2#show ip nhrp
172.16.1.1/32 via 172.16.1.1
Tunnel1 created 00:09:58, never expire
Type: static, Flags:
NBMA address: 202.1.13.1
172.16.1.4/32 via 172.16.1.4
Tunnel1 created 00:01:15, expire 01:58:44
Type: dynamic, Flags: unique registered
NBMA address: 202.1.34.4
172.16.1.5/32 via 172.16.1.5
Tunnel1 created 00:04:24, expire 01:55:35
Type: dynamic, Flags: unique registered
NBMA address: 202.1.35.5 R1 R2 R4 R5 隧道配置EIGRP,顺便完成SPOKE 间通讯的特性设置。
R1(config)#router eigrp 1
R1(config-router)#network 172.16.1.1 0.0.0.0
R1(config)#interface tunnel 1
R1(config-if)#no ip split-horizon eigrp 1
R1(config-if)#no ip next-hop-self eigrp 1
R2(config)#router eigrp 1
R2(config-router)#network 172.16.1.2 0.0.0.0
R2(config-router)#int tun 1
R2(config-if)#no ip split-horizon eigrp 1
R2(config-if)#no ip next-hop-self eigrp 1
R4(config)#router eigrp 1
R4(config-router)#network 172.16.1.4 0.0.0.0
R5(config)#router eigrp 1
R5(config-router)#network 172.16.1.5 0.0.0.0 查看隧道eigrp邻接关系建立情况
R1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.16.1.5 Tu1 13 00:03:41 17 1470 0 9
2 172.16.1.4 Tu1 12 00:04:03 22 1470 0 10
1 172.16.1.2 Tu1 12 00:04:45 75 1470 0 14
0 202.1.13.3 Et0/1 10 00:39:39 5 100 0 47 确认SPOKE 正常的交换路由信息。
R4#show ip route eigrp
Gateway of last resort is not set
D 192.168.16.0/24 [90/332800] via 202.1.34.3, 00:04:52, Ethernet0/2
D 192.168.27.0/24 [90/332800] via 202.1.34.3, 00:04:52, Ethernet0/2
D 192.168.59.0/24 [90/332800] via 202.1.34.3, 00:04:52, Ethernet0/2
D 202.1.13.0/24 [90/307200] via 202.1.34.3, 00:04:52, Ethernet0/2
D 202.1.23.0/24 [90/307200] via 202.1.34.3, 00:04:52, Ethernet0/2
D 202.1.35.0/24 [90/307200] via 202.1.34.3, 00:04:52, Ethernet0/2 完成VXN 的配置,并且接口下套用VXN。
R1(config)#crypto isakmp enable
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#authentication pre-share
R1(config)#crypto isakmp key cisco address 0.0.0.0 0.0.0.0
R1(config)#crypto ipsec transform-set r1-tr esp-des esp-md5-hmac
R1(cfg-crypto-trans)#mode transport
R1(config)#crypto ipsec profile r1-pf
R1(ipsec-profile)#set transform-set r1-tr
R1(ipsec-profile)#int tun 1
R1(config-if)#tunnel protection ipsec profile r1-pf
R2(config)#crypto isakmp enable
R2(config)#crypto isakmp policy 1
R2(config-isakmp)#authentication pre-share
R2(config)#crypto isakmp key cisco address 0.0.0.0 0.0.0.0
R2(config)#crypto ipsec transform-set r2-tr esp-des esp-md5-hmac
R2(cfg-crypto-trans)#mode transport
R2(config)#crypto ipsec profile r2-pf
R2(ipsec-profile)#set transform-set r2-tr
R2(ipsec-profile)#int tun 1
R2(config-if)#tunnel protection ipsec profile r2-pf
R4(config)#crypto isakmp enable
R4(config)#crypto isakmp policy 1
R4(config-isakmp)#authentication pre-share
R4(config)#crypto isakmp key cisco address 0.0.0.0 0.0.0.0
R4(config)#crypto ipsec transform-set r4-tr esp-des esp-md5-hmac
R4(cfg-crypto-trans)#mode transport
R4(config)#crypto ipsec profile r4-pf
R4(ipsec-profile)#set transform-set r4-tr
R4(ipsec-profile)#int tun 1
R4(config-if)#tunnel protection ipsec profile r4-pf
R5(config)#crypto isakmp enable
R5(config)#crypto isakmp policy 1
R5(config-isakmp)#authentication pre-share
R5(config)#crypto isakmp key cisco address 0.0.0.0 0.0.0.0
R5(config)#crypto ipsec transform-set r5-tr esp-des esp-md5-hmac
R5(cfg-crypto-trans)#mode transport
R5(config)#crypto ipsec profile r5-pf
R5(ipsec-profile)#set transform-set r5-tr
R5(ipsec-profile)#int tun 1
R5(config-if)#tunnel protection ipsec profile r5-pf 利用命令行校验连通性和是否加密。
R1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1 IPsec DES+MD5 0 390 390 202.1.13.1
2 IPsec DES+MD5 390 0 0 202.1.13.1
3 IPsec DES+MD5 0 93 93 202.1.13.1
4 IPsec DES+MD5 90 0 0 202.1.13.1
5 IPsec DES+MD5 0 72 72 202.1.13.1
6 IPsec DES+MD5 71 0 0 202.1.13.1
1001 IKE SHA+DES 0 0 0 202.1.13.1
1002 IKE SHA+DES 0 0 0 202.1.13.1
1003 IKE SHA+DES 0 0 0 202.1.13.1 pc4#traceroute 192.168.48.8
Type escape sequence to abort.
Tracing the route to 192.168.48.8
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.59.5 5 msec 0 msec 1 msec
2 172.16.1.1 1 msec
172.16.1.4 1 msec 1 msec
3 192.168.48.8 1 msec 1 msec * 模拟hub1故障:
R1(config)#interface tunnel 1
R1(config-if)#shutdown
pc4#traceroute 192.168.48.8
Type escape sequence to abort.
Tracing the route to 192.168.48.8
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.59.5 0 msec 0 msec 1 msec
2 172.16.1.4 1 msec 1 msec 0 msec
3 192.168.48.8 1 msec 2 msec * 
扫一扫
1426
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
