SV thực hiện : LÂM VĂN TÚ
Mô Hình:
Các bước thực hiện cho cấu hình:
Bước 1 : Cấu hình cho các Router thấy nhau
SPOKE 1:
Router#config terminal
Router(config)# hostname SPOKE1
SPOKE1(config)# interface s0/0
SPOKE1(config-if)# ip address 172.16.1.1 255.255.255.0
SPOKE1(config-if)# no shutdown
SPOKE1(config-if)# exit
SPOKE1(config)# interface f0/1
SPOKE1(config-if)# ip address 192.168.1.1 255.255.255.0
SPOKE1(config-if)# no shutdown
SPOKE1(config-if)# exit
SPOKE1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.2
SPOKE 2:
Router# config terminal
Router(config)# hostname SPOKE2
SPOKE2(config)# interface s0/0
SPOKE2(config-if)# ip address 172.16.3.1 255.255.255.0
SPOKE2(config-if)# no shutdown
SPOKE2(config-if)# exit
SPOKE2(config)# interface f0/1
SPOKE2(config-if)# ip address 192.168.2.1 255.255.255.0
SPOKE2(config-if)# no shutdown
SPOKE2(config-if)# exit
SPOKE2(config)# ip route 0.0.0.0 0.0.0.0 172.16.3.2
HUB
Router#config terminal
Router(config)# hostname HUB
HUB(config)# interface s0/0
HUB(config-if)# ip address 172.16.2.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
HUB(config)# interface loop back 0
HUB(config-if)# ip address 192.168.0.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
HUB(config)# ip route 0.0.0.0 0.0.0.0 172.16.2.2
Thực hiện cấu hình đối với SPOKE1
Bước 2: cấu hình phase 1 cho SPOKE1
SPOKE1(config)# crypto isakmp enable
SPOKE1(config)# crypto isakmp policy 1
SPOKE1(config-isakmp)# authentication pre-share
SPOKE1(config-isakmp)# hash md5
SPOKE1(config-isakmp)# exit
SPOKE1(config)# crypto isakmp key vnpro address 0.0.0.0 0.0.0.0
Bước 3: cấu hình dmvpn cho SPOKE1
SPOKE1(config)# interface tunnel 0
SPOKE1(config-if)# ip address 10.0.0.2 255.255.255.0
SPOKE1(config-if)# ip mtu 1400
SPOKE1(config-if)# ip nhrp authentication vnpro
SPOKE1(config-if)# ip nhrp map 10.0.0.1 172.16.2.1
SPOKE1(config-if)# ip nhrp hold-time 600
SPOKE1(config-if)# ip nhs 10.0.0.1
SPOKE1(config-if)# no ip next-hop-self eigrp 1
SPOKE1(config-if)# ip map multicast 172.16.2.1
SPOKE1(config-if)# ip nhrp network-id 100
SPOKE1(config-if)# tunnel source s0/0
SPOKE1(config-if)# tunnel key 1000
SPOKE1(config-if)# tunnel mode gre multipoint
SPOKE1(config-if)# tunnel protection ipsec profile dmvpn
Bước 4: cấu hình phase 2 cho SPOKE1
SPOKE1(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
SPOKE1(config)# crypto map dmvpn local-address s0/0
SPOKE1(config)# crypto map dmvpn 10 ipsec-isakmp
SPOKE1(config-crypto-map)# set peer 172.16.2.1
SPOKE1(config-crypto-map)# set security-association level per-host
SPOKE1(config-crypto-map)# set transform-set myset
SPOKE1(config-crypto-map)# match address 101
SPOKE1(config-crypto-map)# exit
SPOKE1(config)# access-list 101 permit gre 172.16.1.0 0.0.0.255 host 172.16.2.1
Bước 5: định tuyến dùng giao thức EIGRP
SPOKE1(config)# router eigrp 1
SPOKE1(config-router)# network 10.0.0.0 0.0.0.255
SPOKE1(config-router)# network 192.168.1.0 0.0.0.255
SPOKE1(config-router)# no auto-summary
Thực hiện cấu hình đối với SPOKE2
Bước 2: cấu hình phase 1 cho SPOKE2
SPOKE2(config)# crypto isakmp enable
SPOKE2(config)# crypto isakmp policy 1
SPOKE2(config-isakmp)# authentication pre-share
SPOKE2(config-isakmp)# hash md5
SPOKE2(config-isakmp)# exit
SPOKE2(config)# crypto isakmp key vnpro address 0.0.0.0 0.0.0.0
Bước 3: cấu hình dmvpn cho SPOKE2
SPOKE2(config)# interface tunnel 0
SPOKE2(config-if)# ip address 10.0.0.3 255.255.255.0
SPOKE2(config-if)# ip mtu 1400
SPOKE2(config-if)# ip nhrp authentication vnpro
SPOKE2(config-if)# ip nhrp map 10.0.0.1 172.16.2.1
SPOKE2(config-if)# ip nhrp hold-time 600
SPOKE2(config-if)# ip nhs 10.0.0.1
SPOKE2(config-if)# no ip next-hop-self eigrp 1
SPOKE2(config-if)# ip map multicast 172.16.2.1
SPOKE2(config-if)# ip nhrp network-id 100
SPOKE2(config-if)# tunnel source s0/0
SPOKE2(config-if)# tunnel key 1000
SPOKE2(config-if)# tunnel mode gre multipoint
SPOKE2(config-if)# tunnel protection ipsec profile dmvpn
Bước 4: cấu hình phase 2 cho SPOKE2
SPOKE2(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
SPOKE2(config)# crypto map dmvpn local-address s0/0
SPOKE2(config)# crypto map dmvpn 10 ipsec-isakmp
SPOKE2(config-crypto-map)# set peer 172.16.2.1
SPOKE2(config-crypto-map)# set security-association level per-host
SPOKE2(config-crypto-map)# set transform-set myset
SPOKE2(config-crypto-map)# match address 101
SPOKE2(config-crypto-map)# exit
SPOKE2(config)# access-list 101 permit gre 172.16.3.0 0.0.0.255 host 172.16.2.1
Bước 5: định tuyến dùng giao thức EIGRP
SPOKE2(config)# router eigrp 1
SPOKE2(config-router)# network 10.0.0.0 0.0.0.255
SPOKE2(config-router)# network 192.168.2.0 0.0.0.255
SPOKE2(config-router)# no auto-summary
Thực hiện cấu hình cho HUB
Router(config)# hostname HUB
HUB(config)# crypto isakmp enable
HUB(config)# crypto isakmp policy 1
HUB(config-isakmp)# authentication pre-share
HUB(config-isakmp)# hash md5
HUB(config-isakmp)# exit
HUB(config)# crypto isakmp key vnpro address 0.0.0.0 0.0.0.0
HUB(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
# tạo IPSec profile
HUB(config)# crypto ipsec profile dmvpn
HUB(config-profile)# set transform-set myset
HUB(config)# interface tunnel 0
# cấu hình dmvpn
HUB(config-if)# ip address 10.0.0.1 255.255.255.0
HUB(config-if)# ip mtu 1400
HUB(config-if)# ip nhrp authentication vnpro
HUB(config-if)# ip nhrp multicast dynamic
HUB(config-if)# ip nhrp hold-time 600
HUB(config-if)# tunnel source s0/0
HUB(config-if)# tunnel mode gre multipoint
HUB(config-if)# tunnel key 1000
HUB(config-if)# tunnel protection ipsec profile dmvpn
HUB(config-if)# exit
HUB(config)# interface f0/1
HUB(config-if)# ip address 192.168.0.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
HUB(config)# interface s0/0
HUB(config-if)# ip address 172.16.2.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
# định tuyến dùng giao thức EIGRP
HUB(config)# router eigrp 1
HUB(config-router)# network 10.0.0.0 0.0.0.255
HUB(config-router)# network 192.168.0.0 0.0.0.255
HUB(config-router)# no auto-summary
Kiểm tra kết quả
Thực hiện 2 PC ping lẫn nhau vàThực hiện Ping từ PC1 đến 192.168.0.1
Mô Hình:
Các bước thực hiện cho cấu hình:
Bước 1 : Cấu hình cho các Router thấy nhau
SPOKE 1:
Router#config terminal
Router(config)# hostname SPOKE1
SPOKE1(config)# interface s0/0
SPOKE1(config-if)# ip address 172.16.1.1 255.255.255.0
SPOKE1(config-if)# no shutdown
SPOKE1(config-if)# exit
SPOKE1(config)# interface f0/1
SPOKE1(config-if)# ip address 192.168.1.1 255.255.255.0
SPOKE1(config-if)# no shutdown
SPOKE1(config-if)# exit
SPOKE1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.2
SPOKE 2:
Router# config terminal
Router(config)# hostname SPOKE2
SPOKE2(config)# interface s0/0
SPOKE2(config-if)# ip address 172.16.3.1 255.255.255.0
SPOKE2(config-if)# no shutdown
SPOKE2(config-if)# exit
SPOKE2(config)# interface f0/1
SPOKE2(config-if)# ip address 192.168.2.1 255.255.255.0
SPOKE2(config-if)# no shutdown
SPOKE2(config-if)# exit
SPOKE2(config)# ip route 0.0.0.0 0.0.0.0 172.16.3.2
HUB
Router#config terminal
Router(config)# hostname HUB
HUB(config)# interface s0/0
HUB(config-if)# ip address 172.16.2.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
HUB(config)# interface loop back 0
HUB(config-if)# ip address 192.168.0.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
HUB(config)# ip route 0.0.0.0 0.0.0.0 172.16.2.2
Thực hiện cấu hình đối với SPOKE1
Bước 2: cấu hình phase 1 cho SPOKE1
SPOKE1(config)# crypto isakmp enable
SPOKE1(config)# crypto isakmp policy 1
SPOKE1(config-isakmp)# authentication pre-share
SPOKE1(config-isakmp)# hash md5
SPOKE1(config-isakmp)# exit
SPOKE1(config)# crypto isakmp key vnpro address 0.0.0.0 0.0.0.0
Bước 3: cấu hình dmvpn cho SPOKE1
SPOKE1(config)# interface tunnel 0
SPOKE1(config-if)# ip address 10.0.0.2 255.255.255.0
SPOKE1(config-if)# ip mtu 1400
SPOKE1(config-if)# ip nhrp authentication vnpro
SPOKE1(config-if)# ip nhrp map 10.0.0.1 172.16.2.1
SPOKE1(config-if)# ip nhrp hold-time 600
SPOKE1(config-if)# ip nhs 10.0.0.1
SPOKE1(config-if)# no ip next-hop-self eigrp 1
SPOKE1(config-if)# ip map multicast 172.16.2.1
SPOKE1(config-if)# ip nhrp network-id 100
SPOKE1(config-if)# tunnel source s0/0
SPOKE1(config-if)# tunnel key 1000
SPOKE1(config-if)# tunnel mode gre multipoint
SPOKE1(config-if)# tunnel protection ipsec profile dmvpn
Bước 4: cấu hình phase 2 cho SPOKE1
SPOKE1(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
SPOKE1(config)# crypto map dmvpn local-address s0/0
SPOKE1(config)# crypto map dmvpn 10 ipsec-isakmp
SPOKE1(config-crypto-map)# set peer 172.16.2.1
SPOKE1(config-crypto-map)# set security-association level per-host
SPOKE1(config-crypto-map)# set transform-set myset
SPOKE1(config-crypto-map)# match address 101
SPOKE1(config-crypto-map)# exit
SPOKE1(config)# access-list 101 permit gre 172.16.1.0 0.0.0.255 host 172.16.2.1
Bước 5: định tuyến dùng giao thức EIGRP
SPOKE1(config)# router eigrp 1
SPOKE1(config-router)# network 10.0.0.0 0.0.0.255
SPOKE1(config-router)# network 192.168.1.0 0.0.0.255
SPOKE1(config-router)# no auto-summary
Thực hiện cấu hình đối với SPOKE2
Bước 2: cấu hình phase 1 cho SPOKE2
SPOKE2(config)# crypto isakmp enable
SPOKE2(config)# crypto isakmp policy 1
SPOKE2(config-isakmp)# authentication pre-share
SPOKE2(config-isakmp)# hash md5
SPOKE2(config-isakmp)# exit
SPOKE2(config)# crypto isakmp key vnpro address 0.0.0.0 0.0.0.0
Bước 3: cấu hình dmvpn cho SPOKE2
SPOKE2(config)# interface tunnel 0
SPOKE2(config-if)# ip address 10.0.0.3 255.255.255.0
SPOKE2(config-if)# ip mtu 1400
SPOKE2(config-if)# ip nhrp authentication vnpro
SPOKE2(config-if)# ip nhrp map 10.0.0.1 172.16.2.1
SPOKE2(config-if)# ip nhrp hold-time 600
SPOKE2(config-if)# ip nhs 10.0.0.1
SPOKE2(config-if)# no ip next-hop-self eigrp 1
SPOKE2(config-if)# ip map multicast 172.16.2.1
SPOKE2(config-if)# ip nhrp network-id 100
SPOKE2(config-if)# tunnel source s0/0
SPOKE2(config-if)# tunnel key 1000
SPOKE2(config-if)# tunnel mode gre multipoint
SPOKE2(config-if)# tunnel protection ipsec profile dmvpn
Bước 4: cấu hình phase 2 cho SPOKE2
SPOKE2(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
SPOKE2(config)# crypto map dmvpn local-address s0/0
SPOKE2(config)# crypto map dmvpn 10 ipsec-isakmp
SPOKE2(config-crypto-map)# set peer 172.16.2.1
SPOKE2(config-crypto-map)# set security-association level per-host
SPOKE2(config-crypto-map)# set transform-set myset
SPOKE2(config-crypto-map)# match address 101
SPOKE2(config-crypto-map)# exit
SPOKE2(config)# access-list 101 permit gre 172.16.3.0 0.0.0.255 host 172.16.2.1
Bước 5: định tuyến dùng giao thức EIGRP
SPOKE2(config)# router eigrp 1
SPOKE2(config-router)# network 10.0.0.0 0.0.0.255
SPOKE2(config-router)# network 192.168.2.0 0.0.0.255
SPOKE2(config-router)# no auto-summary
Thực hiện cấu hình cho HUB
Router(config)# hostname HUB
HUB(config)# crypto isakmp enable
HUB(config)# crypto isakmp policy 1
HUB(config-isakmp)# authentication pre-share
HUB(config-isakmp)# hash md5
HUB(config-isakmp)# exit
HUB(config)# crypto isakmp key vnpro address 0.0.0.0 0.0.0.0
HUB(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
# tạo IPSec profile
HUB(config)# crypto ipsec profile dmvpn
HUB(config-profile)# set transform-set myset
HUB(config)# interface tunnel 0
# cấu hình dmvpn
HUB(config-if)# ip address 10.0.0.1 255.255.255.0
HUB(config-if)# ip mtu 1400
HUB(config-if)# ip nhrp authentication vnpro
HUB(config-if)# ip nhrp multicast dynamic
HUB(config-if)# ip nhrp hold-time 600
HUB(config-if)# tunnel source s0/0
HUB(config-if)# tunnel mode gre multipoint
HUB(config-if)# tunnel key 1000
HUB(config-if)# tunnel protection ipsec profile dmvpn
HUB(config-if)# exit
HUB(config)# interface f0/1
HUB(config-if)# ip address 192.168.0.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
HUB(config)# interface s0/0
HUB(config-if)# ip address 172.16.2.1 255.255.255.0
HUB(config-if)# no shutdown
HUB(config-if)# exit
# định tuyến dùng giao thức EIGRP
HUB(config)# router eigrp 1
HUB(config-router)# network 10.0.0.0 0.0.0.255
HUB(config-router)# network 192.168.0.0 0.0.0.255
HUB(config-router)# no auto-summary
Kiểm tra kết quả
Thực hiện 2 PC ping lẫn nhau vàThực hiện Ping từ PC1 đến 192.168.0.1
Comment