[go: up one dir, main page]
Scribd
Upload
249 views6 pages

DMVPN Configuration

The document describes the configuration of a DMVPN network connecting a headquarters router to two branch routers. Dynamic multipoint VPN (DMVPN) allows VPN tunnels to be established on an as-needed basis between the routers. Tunnel interfaces using multipoint GRE are configured on the routers with a common network ID. Routing protocols advertise the tunnel and LAN networks so that branch routers can directly communicate without traversing the headquarters router, bypassing it to reduce traffic loads. Interface, tunnel, routing and DHCP configurations are shown for the headquarters and branch routers to establish the DMVPN.

Uploaded by

Sithu Maw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
249 views6 pages

DMVPN Configuration

The document describes the configuration of a DMVPN network connecting a headquarters router to two branch routers. Dynamic multipoint VPN (DMVPN) allows VPN tunnels to be established on an as-needed basis between the routers. Tunnel interfaces using multipoint GRE are configured on the routers with a common network ID. Routing protocols advertise the tunnel and LAN networks so that branch routers can directly communicate without traversing the headquarters router, bypassing it to reduce traffic loads. Interface, tunnel, routing and DHCP configurations are shown for the headquarters and branch routers to establish the DMVPN.

Uploaded by

Sithu Maw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

 DMVPN:- allows VPN tunnels to be setup and torn down on an as-needed basis

 Multipoint GRE (mGRE):- Allows a single router interface to have multiple GRE tunnels.
 In HUB and Spoke Topology DMVPN have a ability to allow us to directly connect Spoke
router without using HUB
 This means our Spoke routers traffic directly going with each other without disturbing
the HUB router

 HQ_INDIA interface Configuration:-


 HQ_INDIA(config)#interface fastEthernet 0/0
 HQ_INDIA(config-if)#description CONNECTED WITH SW1
 HQ_INDIA(config-if)#ip address 192.168.2.1 255.255.255.0
 HQ_INDIA(config-if)#no shut
 HQ_INDIA(config-if)#exit

 HQ_INDIA(config)#interface fastEthernet 0/1


 HQ_INDIA(config-if)#description CONNECTED WITH INTERNET
 HQ_INDIA(config-if)#ip address 100.100.100.2 255.255.255.252 {static ip needed
on HQ }
 HQ_INDIA(config-if)#no shut
 HQ_INDIA(config-if)#exit

 Internet Router interfaces Configuration:-


 internet(config)#interface Ethernet 1/0
 internet(config-if)#description CONNECTED WITH HQ_INDIA
 internet(config-if)#ip address 100.100.100.1 255.255.255.252
 internet(config-if)#no shut
 internet(config-if)#exit

 internet(config)#interface fastEthernet 0/1


 internet(config-if)#description CONNECTED WITH BRANCH2
 internet(config-if)#ip address 100.100.100.9 255.255.255.252
 internet(config-if)#no shut
 internet(config-if)#exit

 internet(config)#interface fastEthernet 0/0


 internet(config-if)#description CONNECTED WITH BRANCH3
 internet(config-if)#ip address 100.100.100.5 255.255.255.252
 internet(config-if)#no shut
 internet(config-if)#exit

 DHCP Server Configuration for Branch1 and Branch2 Routers for Dynamic ip address
 We Suppose that these Connection are Cable modem or DSL or any

 internet(config)#ip dhcp pool BRANCH2


 internet(dhcp-config)#default-router 100.100.100.9
 internet(dhcp-config)#network 100.100.100.8 255.255.255.252
 internet(dhcp-config)#exit

 internet(config)#ip dhcp pool BRANCH3


 internet(dhcp-config)#default-router 100.100.100.5
 internet(dhcp-config)#network 100.100.100.4 255.255.255.252
 internet(dhcp-config)#exit

 Branch_2 Router interfaces Configuration:-


 Branch_2(config)#interface fastEthernet 0/1
 Branch_2(config-if)#description CONNECTED WITH INTERNET
 Branch_2(config-if)#ip address dhcp
 Branch_2(config-if)#no shut
 Branch_2(config-if)#exit
 Branch_2(config-if)#interface fastEthernet 0/0
 Branch_2(config-if)#description CONNECTED WITH SW2
 Branch_2(config-if)#ip address 192.168.4.1 255.255.255.0
 Branch_2(config-if)#no shut
 Branch_2(config-if)#exit

 Branch_3(config)#interface fastEthernet 0/1


 Branch_3(config-if)#description CONNECTED WITH INTERNET
 Branch_3(config-if)#ip address dhcp
 Branch_3(config-if)#no shut
 Branch_3(config-if)#exit

 Branch_3(config)#interface fastEthernet 0/0


 Branch_3(config-if)#description CONNECTED WITH SW3
 Branch_3(config-if)#ip address 192.168.3.1 255.255.255.0
 Branch_3(config-if)#no shut
 Branch_3(config-if)#exit
Terms:-
 DEMVPN:- allows VPN tunnels to be setup and torn down on an as-needed basis
 Multipoint GRE (mGRE):- Allows a single router interface to have multiple GRE
tunnels.
 NHRP {Next Hop Resolution Protocol}:- Allows an interface configured for mGRE to
discover the IP address of the devices at the far end of a tunnel.

 Tunnel interface Configuration


 HQ_INDIA(config)#interface Tunnel 1
 HQ_INDIA(config-if)# ip address 10.250.250.1 255.255.255.0 {tunnel ip address}
 HQ_INDIA(config-if)# ip mtu 1400
 HQ_INDIA(config-if)# ip nhrp authentication cisco {Authentication key}
 HQ_INDIA(config-if)# ip nhrp map multicast dynamic {dynamically resolve next hop}
 HQ_INDIA(config-if)# ip nhrp network-id 1 {all router have same network id}
 HQ_INDIA(config-if)# ip tcp adjust-mss 1360 {mss:- maximum segment size
maximum TCP packets size}
 HQ_INDIA(config-if)# no ip split-horizon {Disable the Split-horizon}
 HQ_INDIA(config-if)# tunnel source FastEthernet0/1 {source interface}
 HQ_INDIA(config-if)# tunnel mode gre multipoint
 HQ_INDIA(config-if)#end

 HQ_INDIA(config)#ip route 0.0.0.0 0.0.0.0 f0/1


 Routing Protocol Configuration to advertise and form neighbor relationship
 HQ_INDIA(config)#router rip
 HQ_INDIA(config-router)#version 2
 HQ_INDIA(config-router)#network 192.168.2.0 {Advertise Lan networks}
 HQ_INDIA(config-router)#network 10.250.250.0 {advertise Tunnel networks}
 HQ_INDIA(config-router)#no auto-summary
 HQ_INDIA(config-router)#exit

 Branch_2 Router interfaces Configuration


 Branch_2(config)#interface Tunnel 1
 Branch_2(config-if)# ip address 10.250.250.2 255.255.255.0
 Branch_2(config-if)# ip mtu 1400
 Branch_2(config-if)# ip nhrp authentication cisco
 Branch_2(config-if)# ip nhrp map multicast dynamic
 Branch_2(config-if)# ip nhrp map 10.250.250.1 100.100.100.2 {map the HQ router of
first tunnel interface and second public ip address}
 Branch_2(config-if)# ip nhrp map multicast 100.100.100.2 {multicast traffic allowed for
HQ router Public address}
 Branch_2(config-if)# ip nhrp network-id 1
 Branch_2(config-if)# ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server private
ip address of HQ tunnel interface}
 Branch_2(config-if)# ip tcp adjust-mss 1360
 Branch_2(config-if)# tunnel source FastEthernet0/1
 Branch_2(config-if)# tunnel mode gre multipoint
 Branch_2(config-if)#end

 Routing Protocol Configuration to advertise and form neighbor relationship


 Branch_2(config)#router rip
 Branch_2(config-router)#version 2
 Branch_2(config-router)#network 192.168.4.0 {Advertise Lan networks}
 Branch_2(config-router)#network 10.250.250.0 {advertise Tunnel networks}
 Branch_2(config-router)#no auto-summary
 Branch_2(config-router)#exit

 Branch_2(config)#ip route 0.0.0.0 0.0.0.0 f0/1

 Branch_3 Router Tunnel interface Configuration:-


 Branch_3(config)#interface Tunnel1
 Branch_3(config-if)# ip address 10.250.250.3 255.255.255.0
 Branch_3(config-if)# ip mtu 1400
 Branch_3(config-if)# ip nhrp authentication cisco
 Branch_3(config-if)# ip nhrp map multicast dynamic
 Branch_3(config-if)# ip nhrp map 10.250.250.1 100.100.100.2 {map the HQ router of
first tunnel interface and second public ip address}
 Branch_3(config-if)# ip nhrp map multicast 100.100.100.2 {multicast traffic allowed
for HQ router Public address}
 Branch_3(config-if)# ip nhrp network-id 1
 Branch_3(config-if)# ip nhrp nhs 10.250.250.1 {nhs:-next-hop-server
private ip address of HQ tunnel interface}
 Branch_3(config-if)# ip tcp adjust-mss 1360
 Branch_3(config-if)# tunnel source FastEthernet0/1
 Branch_3(config-if)# tunnel mode gre multipoint
 Branch_3(config-if)#end

 Routing Protocol Configuration to advertise and form neighbor relationship


 Branch_3(config)#router rip
 Branch_3(config-router)#version 2
 Branch_3(config-router)#network 192.168.3.0 {Advertise Lan networks}
 Branch_3(config-router)#network 10.250.250.0 {advertise Tunnel networks}
 Branch_3(config-router)#no auto-summary
 Branch_3(config-router)#exit

 Branch_3(config)#ip route 0.0.0.0 0.0.0.0 f0/1

 Troubleshooting & Verification Commands


 Show ip route
 Show ip interface brief
 Show ip protocols
 Show ip nhrp
 Show ip nhrp brief

 Now test
“Ping and traceroute” PC2 to PC3
PC3 to PC2
PC1 to PC2
PC1 to PC3

 What we will see Traffic from PC2 to PC3 will directly going from Branch2 to Branch3
 And PC3 to PC2 will directly going from Branch3 to Branch2
 And will bypass the HQ to reach these destination
 And if we ping from internet router to our routers for these 10.250.250.0/24 or
192.168.x.x. networks
 internet router will fail that’s mean our all traffic is going through multiple tunnels

X
ccnaccnplinux.blogspot.com
www.anysoftwarecrack.blogspot.com

You might also like