DMVPN实现拨号环境下的分支与总部互访，可领教程

今天我们给大家带来的是DMVPN实现拨号环境下的分支与总部互访，下面有完整的实验过程，大家按需自取。

实验环境：

本次实验网络拓扑有三个部分组成，其中，最上面的是我们的总部部分，做了一个简单的三层架构，用一台路由器作为边界设备，中间是运营商部分，由四台路由器和一台层交换机组成，每一台路由器都作为运营商的边缘设备，最下面是分公司部分，一共有三个分公司，每个分公司都采用一样的简单网络架构，边界路由器连接运营商。

实验需求：

1、总部和分公司各自的内网通讯正常

2、该实验要求使用DMVPN技术，总公司为HUB端，分公司为SPOKEN端。

3、分公司之间的内网主机可以互通。

4、总公司和分公司的内网主机可以通信

 

具体配置：

R5:

int lo0

ip add 10.5.5.5  255.255.255.255

no sh

exit

int e0/1

ip add 192.168.15.5 255.255.255.0

no sh

exit

int e0/0

ip add 100.1.15.5 255.255.255.0

no sh

exit

SW1:

vlan 10

vlan 100

exit

int e0/1

switchport  trunk encapsulation dot1q 

switchport mode trunk

exit

int e0/0

no switchport

ip add 192.168.15.1 255.255.255.0

no sh

exit

int range e0/2 - 3

switchport mode access

switchport  access vlan 100

exit

service dhcp

ip dhcp pool VLAN10

network 192.168.1.0 255.255.255.0

default-router 192.168.1.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

ip dhcp pool Server-File

host 192.168.100.1 255.255.255.0

default-router 192.168.100.254

dns-server 114.114.114.114

domain-name Tiger.net

这时候我们需要绑定MAC地址，于是我们接下来在服务器FILE上输入ip dhcp，如下图：

 

然后再在SW1上查看mac地址信息：sh mac address

 

可以看到已经有了接口e0/2的MAC地址信息，我们再SW1上继续：

client-identifier 010050.7966.6818      //在mac地址前加上01

exit

ip dhcp pool Server-AD

host 192.168.100.2 255.255.255.0

default-router 192.168.100.254

dns-server 114.114.114.114

domain-name Tiger.net

同样那没法获取mac，这里我就直接截图了：

 

 

client-identifier 010050.7966.6817

int vlan 100

ip add 192.168.100.254 255.255.255.0

no sh

exit

做到这里我们来看一下，服务器获取的地址情况：

  

int vlan 10

ip add 192.168.1.254 255.255.255.0

no sh 

exit

S11:

vlan 10

exit

int e0/0

switchport  trunk encapsulation dot1q 

switchport mode trunk

exit

int range e0/1 - 3

switchport mode access

switchport access vlan 10

exit

到这里我们来看下内网主机获取地址的情况：

 

 

 

下面我们来做一下IGP：

SW1：

int lo0

ip add 10.1.1.1 255.255.255.255

no sh

router ei 10

eigrp router-id 10.1.1.1

no auto-summary

network 10.1.1.1 0.0.0.0

net 192.168.1.254 0.0.0.0

net 192.168.100.254 0.0.0.0

net 192.168.15.1 0.0.0.0

R5:

router ei 10

eigrp router-id 10.5.5.5

no auto-summary

network 10.5.5.5 0.0.0.0

net 192.168.15.5 0.0.0.0

总部做到这一先告一段落了，最后我们来测试一下，内网主机到边界路由器的连通性，以H-PC1为例：

 

下面我们开始来完成分支部分：

R6:

vpdn enable

int lo0

ip add 10.6.6.6 255.255.255.255

exit

int e0/0

no sh

exit

int e0/1

ip add 192.168.2.254 255.255.255.0

no sh

service dhcp

ip dhcp pool VLAN 20

network 192.168.2.0 255.255.255.0

default-router 192.168.2.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

BR1-Access1:

vlan 20

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 20

exit

R7:

vpdn enable

int lo0

ip add 10.7.7.7 255.255.255.255

exit

int e0/0

no sh

exit

int e0/1

ip add 192.168.3.254 255.255.255.0

no sh

service dhcp

ip dhcp pool VLAN 30

network 192.168.3.0 255.255.255.0

default-router 192.168.3.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

BR2-Access1:

vlan 30

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 30

exit

R8:

vpdn enable

int lo0

ip add 10.8.8.8  255.255.255.255

exit

int e0/0

no sh

exit

int e0/1

ip add 192.168.4.254 255.255.255.0

no sh

service dhcp

ip dhcp pool VLAN 40

network 192.168.4.0 255.255.255.0

default-router 192.168.4.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

BR3-Access1:

vlan 40

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 40

exit

做到这里，我们来查看一下每个分支内主机获取地址的情况，每个分支选一台为例：

 

  

做完这里我们再来做一下运营商部分：

ISP-SW2:

vlan 100

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 100

exit

R1:

int e0/1

ip add 100.1.15.1 255.255.255.0

no sh

int e0/0

ip add 100.1.100.1 255.255.255.0

no sh

int lo0

ip add 100.1.1.1 255.255.255.255

no sh

router isis

net 49.1234.0000.0000.0001.00

log-adjacency-changes all

is-type level-2

metric-style wide 

int range lo0 , e0/0 - 1

ip router isis

exit

router isis

passive-interface ethernet 0/1

exit

 

R2:

vpdn enable

int e0/1

no sh

int e0/0

ip add 100.1.100.2 255.255.255.0

no sh

int lo0

ip add 100.2.2.2 255.255.255.255

no sh

service dhcp

ip dhcp pool BR1

network 100.1.26.0 255.255.255.0

default-router 100.1.26.2 

dns-server 114.114.144.114

domain-name Tiger.net

exit

username BR1 password CCIE

interface virtual-template 1

encapsulation ppp

ppp authentication chap

ip mtu 1492

peer default ip address dhcp-pool BR1

ip add 100.1.26.2 255.255.255.0

no sh

exit

bba-group pppoe BR1

virtual-template 1

exit

int e0/1

no sh

pppoe enable group BR1

R6:

int dialer 1

encapsulation ppp

ppp chap hostname BR1

ppp chap password CCIE

ip mtu 1492

dialer pool 1

ip address negotiated 

ppp ipcp route default

no sh

int e0/0

pppoe-client dial-pool-number 1

R2:

router isis

net 49.1234.0000.0000.0002.00

log-adjacency-changes all

is-type level-2

metric-style wide 

int range lo0 , e0/0 

ip router isis

exit

int virtual-template 1

ip router isis

router isis

passive-interface virtual-template 1

exit

R3:

vpdn enable

int e0/1

no sh

int e0/0

ip add 100.1.100.3 255.255.255.0

no sh

int lo0

ip add 100.3.3.3 255.255.255.255

no sh

service dhcp

ip dhcp pool BR2

network 100.1.37.0 255.255.255.0

default-router 100.1.37.3

dns-server 114.114.144.114

domain-name Tiger.net

exit

username BR2 password CCIE

interface virtual-template 1

encapsulation ppp

ppp authentication chap

ip mtu 1492

peer default ip address dhcp-pool BR2

ip add 100.1.37.3 255.255.255.0

no sh

exit

bba-group pppoe BR2

virtual-template 1

exit

int e0/1

no sh

pppoe enable group BR2

R7:

int dialer 1

encapsulation ppp

ppp chap hostname BR2

ppp chap password CCIE

ip mtu 1492

dialer pool 1

ip address negotiated 

ppp ipcp route default

no sh

int e0/0

pppoe-client dial-pool-number 1

R3:

router isis

net 49.1234.0000.0000.0003.00

log-adjacency-changes all

is-type level-2

metric-style wide 

int range lo0 , e0/0 

ip router isis

exit

int virtual-template 1

ip router isis

router isis

passive-interface virtual-template 1

exit

R4:

vpdn enable

int e0/1

no sh

int e0/0

ip add 100.1.100.4 255.255.255.0

no sh

int lo0

ip add 100.4.4.4 255.255.255.255

no sh

service dhcp

ip dhcp pool BR3

network 100.1.48.0 255.255.255.0

default-router 100.1.48.24

dns-server 114.114.144.114

domain-name Tiger.net

exit

username BR3 password CCIE

interface virtual-template 1

encapsulation ppp

ppp authentication chap

ip mtu 1492

peer default ip address dhcp-pool BR3

ip add 100.1.48.4 255.255.255.0

no sh

exit

bba-group pppoe BR3

virtual-template 1

exit

int e0/1

no sh

pppoe enable group BR3

R8:

int dialer 1

encapsulation ppp

ppp chap hostname BR3

ppp chap password CCIE

ip mtu 1492

dialer pool 1

ip address negotiated 

ppp ipcp route default

no sh

int e0/0

pppoe-client dial-pool-number 1

R4:

router isis

net 49.1234.0000.0000.0004.00

log-adjacency-changes all

is-type level-2

metric-style wide 

int range lo0 , e0/0 

ip router isis

exit

int virtual-template 1

ip router isis

router isis

passive-interface virtual-template 1

exit

测试：

（1）我们来看一下R6/7/8上的e0/0有没有获得地址：show ip interface brief

 

 

 

（2）看一下isis的路由表：show ip route isis

 

  接下来我们开始下一步：

R5:

ip route 0.0.0.0 0.0.0.0 e0/0 100.1.15.1

int tunnel 100 

tunnel mode gre multipoint

tunnel source 100.1.15.5

tunnel key 100

ip nhrp network-id 100

ip nhrp  authentication CCIE

ip nhrp map multicast dynamic 

ip nhrp redirect

ip add 192.168.255.5 255.255.255.0

no sh

exit

R6:

int tunnel 100 

tunnel mode gre multipoint

tunnel source dialer 1

ip nhrp nhs 192.168.255.5

tunnel key 100

ip nhrp network-id 100

ip nhrp  authentication CCIE

ip nhrp map multicast 100.1.15.5 

ip nhrp map 192.168.255.5 100.1.15.5

ip nhrp shortcut

ip add 192.168.255.6 255.255.255.0

no sh

exit

R7:

int tunnel 100 

tunnel mode gre multipoint

tunnel source dialer 1

ip nhrp nhs 192.168.255.5

tunnel key 100

ip nhrp network-id 100

ip nhrp  authentication CCIE

ip nhrp map multicast 100.1.15.5 

ip nhrp map 192.168.255.5 100.1.15.5

ip nhrp shortcut

ip add 192.168.255.7 255.255.255.0

no sh

exit

R8:

int tunnel 100 

tunnel mode gre multipoint

tunnel source dialer 1

ip nhrp nhs 192.168.255.5

tunnel key 100

ip nhrp network-id 100

ip nhrp  authentication CCIE

ip nhrp map multicast 100.1.15.5 

ip nhrp map 192.168.255.5 100.1.15.5

ip nhrp shortcut

ip add 192.168.255.8 255.255.255.0

no sh

exit

做到这里我们在hub端看一下实验结果，show dmVPN

 

可以看到，3个节点都有，那我们再在HUB端来看看三个spoken端的注册信息，show ip nhrp

 

继续,我们在隧道间做eigrp来完成连通信。

R5:

router eigrp 10

net 192.168.255.5 0.0.0.0

R6:

router eigrp 10

eigrp router-id 10.6.6.6

no auto-summary

net 192.168.255.6 0.0.0.0

net 10.6.6.6 0.0.0.0

net 192.168.2.254 0.0.0.0

R7:

router eigrp 10

eigrp router-id 10.7.7.7

no auto-summary

net 192.168.255.7 0.0.0.0

net 10.7.7.7 0.0.0.0

net 192.168.3.254 0.0.0.0

R8:

router eigrp 10

eigrp router-id 10.8.8.8

no auto-summary

no net 192.168.255.8 0.0.0.0

no net 10.8.8.8 0.0.0.0

no net 192.168.4.254 0.0.0.0

做到这里我们来看一下eigrp的路由表：

 

这里我们可以看到hu端上已经有了所有spoken端的路由，接下来我们看看spoken端的 ：

  

我们可以发现spoken端说不到其他spoken端的路由 ，这是因为eigrp的水平分割导致的，从一个接口收到的路由不可能再从这个接口发出去，所以hub端只能发送自己的路由。那么怎么解决这个问题呢，我们接下来继续。

R5:

int tunnel 100

no ip split-horizon eigrp 10   //关闭eigrp 10 的水平分割

这时我们已R6为例再来看一下eigrp的路由表：show ip route eigrp

 

R7，R8同上所述。最后我们来测试一下总部和分支主机和服务器之间的通信以及通信路径：