今天我們給大家?guī)?lái)的是DMVPN實(shí)現(xiàn)撥號(hào)環(huán)境下的分支與總部互訪(fǎng)，下面有完整的實(shí)驗(yàn)過(guò)程，大家按需自取。

實(shí)驗(yàn)環(huán)境：

本次實(shí)驗(yàn)網(wǎng)絡(luò)拓?fù)溆腥齻€(gè)部分組成，其中，最上面的是我們的總部部分，做了一個(gè)簡(jiǎn)單的三層架構(gòu)，用一臺(tái)路由器作為邊界設(shè)備，中間是運(yùn)營(yíng)商部分，由四臺(tái)路由器和一臺(tái)層交換機(jī)組成，每一臺(tái)路由器都作為運(yùn)營(yíng)商的邊緣設(shè)備，最下面是分公司部分，一共有三個(gè)分公司，每個(gè)分公司都采用一樣的簡(jiǎn)單網(wǎng)絡(luò)架構(gòu)，邊界路由器連接運(yùn)營(yíng)商。

實(shí)驗(yàn)需求：

1、總部和分公司各自的內(nèi)網(wǎng)通訊正常

2、該實(shí)驗(yàn)要求使用DMVPN技術(shù)，總公司為HUB端，分公司為SPOKEN端。

3、分公司之間的內(nèi)網(wǎng)主機(jī)可以互通。

4、總公司和分公司的內(nèi)網(wǎng)主機(jī)可以通信

?

具體配置：

R5:

int lo0

ip add 10.5.5.5 ?255.255.255.255

no sh

exit

int e0/1

ip add 192.168.15.5 255.255.255.0

no sh

exit

int e0/0

ip add 100.1.15.5 255.255.255.0

no sh

exit

SW1:

vlan 10

vlan 100

exit

int e0/1

switchport ?trunk encapsulation dot1q?

switchport mode trunk

exit

int e0/0

no switchport

ip add 192.168.15.1 255.255.255.0

no sh

exit

int range e0/2 - 3

switchport mode access

switchport ?access vlan 100

exit

service dhcp

ip dhcp pool VLAN10

network 192.168.1.0 255.255.255.0

default-router 192.168.1.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

ip dhcp pool Server-File

host 192.168.100.1 255.255.255.0

default-router 192.168.100.254

dns-server 114.114.114.114

domain-name Tiger.net

這時(shí)候我們需要綁定MAC地址，于是我們接下來(lái)在服務(wù)器FILE上輸入ip dhcp，如下圖：

?

然后再在SW1上查看mac地址信息：sh mac address

?

可以看到已經(jīng)有了接口e0/2的MAC地址信息，我們?cè)賁W1上繼續(xù)：

client-identifier 010050.7966.6818 ?????//在mac地址前加上01

exit

ip dhcp pool Server-AD

host 192.168.100.2 255.255.255.0

default-router 192.168.100.254

dns-server 114.114.114.114

domain-name Tiger.net

同樣那沒(méi)法獲取mac，這里我就直接截圖了：

?

?

client-identifier 010050.7966.6817

int vlan 100

ip add 192.168.100.254 255.255.255.0

no sh

exit

做到這里我們來(lái)看一下，服務(wù)器獲取的地址情況：

??

int vlan 10

ip add 192.168.1.254 255.255.255.0

no sh?

exit

S11:

vlan 10

exit

int e0/0

switchport ?trunk encapsulation dot1q?

switchport mode trunk

exit

int range e0/1 - 3

switchport mode access

switchport access vlan 10

exit

到這里我們來(lái)看下內(nèi)網(wǎng)主機(jī)獲取地址的情況：

?

?

?

下面我們來(lái)做一下IGP：

SW1：

int lo0

ip add 10.1.1.1 255.255.255.255

no sh

router ei 10

eigrp router-id 10.1.1.1

no auto-summary

network 10.1.1.1 0.0.0.0

net 192.168.1.254 0.0.0.0

net 192.168.100.254 0.0.0.0

net 192.168.15.1 0.0.0.0

R5:

router ei 10

eigrp router-id 10.5.5.5

no auto-summary

network 10.5.5.5 0.0.0.0

net 192.168.15.5 0.0.0.0

總部做到這一先告一段落了，最后我們來(lái)測(cè)試一下，內(nèi)網(wǎng)主機(jī)到邊界路由器的連通性，以H-PC1為例：

?

下面我們開(kāi)始來(lái)完成分支部分：

R6:

vpdn enable

int lo0

ip add 10.6.6.6 255.255.255.255

exit

int e0/0

no sh

exit

int e0/1

ip add 192.168.2.254 255.255.255.0

no sh

service dhcp

ip dhcp pool VLAN 20

network 192.168.2.0 255.255.255.0

default-router 192.168.2.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

BR1-Access1:

vlan 20

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 20

exit

R7:

vpdn enable

int lo0

ip add 10.7.7.7 255.255.255.255

exit

int e0/0

no sh

exit

int e0/1

ip add 192.168.3.254 255.255.255.0

no sh

service dhcp

ip dhcp pool VLAN 30

network 192.168.3.0 255.255.255.0

default-router 192.168.3.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

BR2-Access1:

vlan 30

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 30

exit

R8:

vpdn enable

int lo0

ip add 10.8.8.8 ?255.255.255.255

exit

int e0/0

no sh

exit

int e0/1

ip add 192.168.4.254 255.255.255.0

no sh

service dhcp

ip dhcp pool VLAN 40

network 192.168.4.0 255.255.255.0

default-router 192.168.4.254

dns-server 114.114.144.114

domain-name Tiger.net

exit

BR3-Access1:

vlan 40

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 40

exit

做到這里，我們來(lái)查看一下每個(gè)分支內(nèi)主機(jī)獲取地址的情況，每個(gè)分支選一臺(tái)為例：

?

??

做完這里我們?cè)賮?lái)做一下運(yùn)營(yíng)商部分：

ISP-SW2:

vlan 100

exit

int range e0/0 - 3

switchport mode access

switchport access vlan 100

exit

R1:

int e0/1

ip add 100.1.15.1 255.255.255.0

no sh

int e0/0

ip add 100.1.100.1 255.255.255.0

no sh

int lo0

ip add 100.1.1.1 255.255.255.255

no sh

router isis

net 49.1234.0000.0000.0001.00

log-adjacency-changes all

is-type level-2

metric-style wide?

int range lo0 , e0/0 - 1

ip router isis

exit

router isis

passive-interface ethernet 0/1

exit

?

R2:

vpdn enable

int e0/1

no sh

int e0/0

ip add 100.1.100.2 255.255.255.0

no sh

int lo0

ip add 100.2.2.2 255.255.255.255

no sh

service dhcp

ip dhcp pool BR1

network 100.1.26.0 255.255.255.0

default-router 100.1.26.2?

dns-server 114.114.144.114

domain-name Tiger.net

exit

username BR1 password CCIE

interface virtual-template 1

encapsulation ppp

ppp authentication chap

ip mtu 1492

peer default ip address dhcp-pool BR1

ip add 100.1.26.2 255.255.255.0

no sh

exit

bba-group pppoe BR1

virtual-template 1

exit

int e0/1

no sh

pppoe enable group BR1

R6:

int dialer 1

encapsulation ppp

ppp chap hostname BR1

ppp chap password CCIE

ip mtu 1492

dialer pool 1

ip address negotiated?

ppp ipcp route default

no sh

int e0/0

pppoe-client dial-pool-number 1

R2:

router isis

net 49.1234.0000.0000.0002.00

log-adjacency-changes all

is-type level-2

metric-style wide?

int range lo0 , e0/0?

ip router isis

exit

int virtual-template 1

ip router isis

router isis

passive-interface virtual-template 1

exit

R3:

vpdn enable

int e0/1

no sh

int e0/0

ip add 100.1.100.3 255.255.255.0

no sh

int lo0

ip add 100.3.3.3 255.255.255.255

no sh

service dhcp

ip dhcp pool BR2

network 100.1.37.0 255.255.255.0

default-router 100.1.37.3

dns-server 114.114.144.114

domain-name Tiger.net

exit

username BR2 password CCIE

interface virtual-template 1

encapsulation ppp

ppp authentication chap

ip mtu 1492

peer default ip address dhcp-pool BR2

ip add 100.1.37.3 255.255.255.0

no sh

exit

bba-group pppoe BR2

virtual-template 1

exit

int e0/1

no sh

pppoe enable group BR2

R7:

int dialer 1

encapsulation ppp

ppp chap hostname BR2

ppp chap password CCIE

ip mtu 1492

dialer pool 1

ip address negotiated?

ppp ipcp route default

no sh

int e0/0

pppoe-client dial-pool-number 1

R3:

router isis

net 49.1234.0000.0000.0003.00

log-adjacency-changes all

is-type level-2

metric-style wide?

int range lo0 , e0/0?

ip router isis

exit

int virtual-template 1

ip router isis

router isis

passive-interface virtual-template 1

exit

R4:

vpdn enable

int e0/1

no sh

int e0/0

ip add 100.1.100.4 255.255.255.0

no sh

int lo0

ip add 100.4.4.4 255.255.255.255

no sh

service dhcp

ip dhcp pool BR3

network 100.1.48.0 255.255.255.0

default-router 100.1.48.24

dns-server 114.114.144.114

domain-name Tiger.net

exit

username BR3 password CCIE

interface virtual-template 1

encapsulation ppp

ppp authentication chap

ip mtu 1492

peer default ip address dhcp-pool BR3

ip add 100.1.48.4 255.255.255.0

no sh

exit

bba-group pppoe BR3

virtual-template 1

exit

int e0/1

no sh

pppoe enable group BR3

R8:

int dialer 1

encapsulation ppp

ppp chap hostname BR3

ppp chap password CCIE

ip mtu 1492

dialer pool 1

ip address negotiated?

ppp ipcp route default

no sh

int e0/0

pppoe-client dial-pool-number 1

R4:

router isis

net 49.1234.0000.0000.0004.00

log-adjacency-changes all

is-type level-2

metric-style wide?

int range lo0 , e0/0?

ip router isis

exit

int virtual-template 1

ip router isis

router isis

passive-interface virtual-template 1

exit

測(cè)試：

（1）我們來(lái)看一下R6/7/8上的e0/0有沒(méi)有獲得地址：show ip interface brief

?

?

?

（2）看一下isis的路由表：show ip route isis

?

??接下來(lái)我們開(kāi)始下一步：

R5:

ip route 0.0.0.0 0.0.0.0 e0/0 100.1.15.1

int tunnel 100?

tunnel mode gre multipoint

tunnel source 100.1.15.5

tunnel key 100

ip nhrp network-id 100

ip nhrp ?authentication CCIE

ip nhrp map multicast dynamic?

ip nhrp redirect

ip add 192.168.255.5 255.255.255.0

no sh

exit

R6:

int tunnel 100?

tunnel mode gre multipoint

tunnel source dialer 1

ip nhrp nhs 192.168.255.5

tunnel key 100

ip nhrp network-id 100

ip nhrp ?authentication CCIE

ip nhrp map multicast 100.1.15.5?

ip nhrp map 192.168.255.5 100.1.15.5

ip nhrp shortcut

ip add 192.168.255.6 255.255.255.0

no sh

exit

R7:

int tunnel 100?

tunnel mode gre multipoint

tunnel source dialer 1

ip nhrp nhs 192.168.255.5

tunnel key 100

ip nhrp network-id 100

ip nhrp ?authentication CCIE

ip nhrp map multicast 100.1.15.5?

ip nhrp map 192.168.255.5 100.1.15.5

ip nhrp shortcut

ip add 192.168.255.7 255.255.255.0

no sh

exit

R8:

int tunnel 100?

tunnel mode gre multipoint

tunnel source dialer 1

ip nhrp nhs 192.168.255.5

tunnel key 100

ip nhrp network-id 100

ip nhrp ?authentication CCIE

ip nhrp map multicast 100.1.15.5?

ip nhrp map 192.168.255.5 100.1.15.5

ip nhrp shortcut

ip add 192.168.255.8 255.255.255.0

no sh

exit

做到這里我們?cè)趆ub端看一下實(shí)驗(yàn)結(jié)果，show dmVPN

?

可以看到，3個(gè)節(jié)點(diǎn)都有，那我們?cè)僭贖UB端來(lái)看看三個(gè)spoken端的注冊(cè)信息，show ip nhrp

?

繼續(xù),我們?cè)谒淼篱g做eigrp來(lái)完成連通信。

R5:

router eigrp 10

net 192.168.255.5 0.0.0.0

R6:

router eigrp 10

eigrp router-id 10.6.6.6

no auto-summary

net 192.168.255.6 0.0.0.0

net 10.6.6.6 0.0.0.0

net 192.168.2.254 0.0.0.0

R7:

router eigrp 10

eigrp router-id 10.7.7.7

no auto-summary

net 192.168.255.7 0.0.0.0

net 10.7.7.7 0.0.0.0

net 192.168.3.254 0.0.0.0

R8:

router eigrp 10

eigrp router-id 10.8.8.8

no auto-summary

no net 192.168.255.8 0.0.0.0

no net 10.8.8.8 0.0.0.0

no net 192.168.4.254 0.0.0.0

做到這里我們來(lái)看一下eigrp的路由表：

?

這里我們可以看到hu端上已經(jīng)有了所有spoken端的路由，接下來(lái)我們看看spoken端的 ：

??

我們可以發(fā)現(xiàn)spoken端說(shuō)不到其他spoken端的路由 ，這是因?yàn)閑igrp的水平分割導(dǎo)致的，從一個(gè)接口收到的路由不可能再?gòu)倪@個(gè)接口發(fā)出去，所以hub端只能發(fā)送自己的路由。那么怎么解決這個(gè)問(wèn)題呢，我們接下來(lái)繼續(xù)。

R5:

int tunnel 100

no ip split-horizon eigrp 10 ??//關(guān)閉eigrp 10 的水平分割

這時(shí)我們已R6為例再來(lái)看一下eigrp的路由表：show ip route eigrp

?

R7，R8同上所述。最后我們來(lái)測(cè)試一下總部和分支主機(jī)和服務(wù)器之間的通信以及通信路徑：

?