Basic: Cisco DMVPN Lab

0
1144

Two of my areas I want to improve on the most when it comes to my CCIE R&S Studying are MPLS and DMVPN. I did labs on each today just configuring the basics and getting things established to see it working it the most basic form. Then I will move on to improve it. That means things like encryption of the tunnel for DMVPN, etc.

Topology

Here’s the topology that I have created for this test:

dmvpn topology

The “Internet” router in the middle is nothing more than routing between the three subnets. Each of the other three devices has a default route pointing to the .1 of the subnet, which is acting as the gateway. I first established that I was able to ping between all three of my “main” devices:

HUB#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
HUB#ping 192.168.3.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
HUB#

Everything looks good so far.

Configuration

Next I started creating the tunnel interface on the HUB Router. This is the config I ended up with using my Cisco command guide and other manuals as reference:

interface Tunnel0
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 192.168.1.2
tunnel mode gre multipoint
end

I am using the 172.16.0.0/24 subnet for my tunnels to share. Once the IP was assigned the next command was “ip nhrp┬ámap multicast dynamic” which lets the Hub negotiate and automatically become a multicast endpoint for the hub. Multicast mappings will automatically be created once the connection is established. For the other two devices, they will statically set the Hub router as the multicast endpoint with the command “ip nhrp map multicast 192.168.1.2”, with 192.168.1.2 being the actual outside network IP.

Next the network-id needed to be configured on all three routers, not including the “Internet” router of course. This is straight forward with the command “ip nhrp network-id 1” making sure all of the routers share the same network-id.

Lastly for the Hub are the actual tunnel commands. First is the source and then the mode:


tunnel source 192.168.1.2
tunnel mode gre multipoint

The IP that is used for the source is the public, internet facing IP if this was a real world test. You can also use other criteria such as interfaces, etc:


HUB(config)#int tu0
HUB(config-if)#tunnel source
HUB(config-if)#tunnel source ?
A.B.C.D ip address
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CDMA-Ix CDMA Ix interface
CTunnel CTunnel interface
Dialer Dialer interface
Ethernet IEEE 802.3
GMPLS MPLS interface
LISP Locator/ID Separation Protocol Virtual Interface
LongReachEthernet Long-Reach Ethernet interface
Loopback Loopback interface
Lspvif LSP virtual interface
MFR Multilink Frame Relay bundle interface
Multilink Multilink-group interface
Null Null interface
Serial Serial
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-PPP Virtual PPP interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
X:X:X:X::X IPv6 address
dynamic source dynamic
vmi Virtual Multipoint Interface

The tunnel mode of gre multipoint allows a standard gre tunnel to be created by this allows the router to have multiple destinations.

Then on the two spoke routers, there are two other commands that need to be configured. These are the NHRP Map as well as the NHRP NHS commands.


ip nhrp map 172.16.0.1 192.168.1.2
ip nhrp nhs 172.16.0.1

These two commands are used to advertise the NHRP mapping that the spoke is using. Remember the command on the Hub “ip nhrp map multicast dynamic”? These two commands are what is substituted by that command. The summary of the function of those commands is that you are connecting your tunnel to the tunnel address 172.16.0.1 which is reachable via the public IP address of 192.168.1.2.

Tunnel Interface Completed Configs

Here is what all three tunnel interfaces look like when completed. As mentioned, no encryption was added to this lab. I’ll add that in another post \ lab.

HUB#sh run int tu0
Building configuration...

Current configuration : 187 bytes
!
interface Tunnel0
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 192.168.1.2
tunnel mode gre multipoint
end

HUB#

R2#sh run int tu0
Building configuration...

Current configuration : 251 bytes
!
interface Tunnel0
ip address 172.16.0.2 255.255.255.0
no ip redirects
ip nhrp map 172.16.0.1 192.168.1.2
ip nhrp map multicast 192.168.1.2
ip nhrp network-id 1
ip nhrp nhs 172.16.0.1
tunnel source 192.168.2.2
tunnel mode gre multipoint
end

R2#

R3#sh run int tu0
Building configuration...

Current configuration : 251 bytes
!
interface Tunnel0
ip address 172.16.0.3 255.255.255.0
no ip redirects
ip nhrp map multicast 192.168.1.2
ip nhrp map 172.16.0.1 192.168.1.2
ip nhrp network-id 1
ip nhrp nhs 172.16.0.1
tunnel source 192.168.3.2
tunnel mode gre multipoint
end

R3#

Full Cisco DMVPN Lab Configs

 

 

Hub Router

Current configuration : 2038 bytes
!
! Last configuration change at 19:11:40 CET Fri Aug 5 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HUB
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!

!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 192.168.1.2
tunnel mode gre multipoint
!
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp 1
network 1.1.1.1 0.0.0.0
network 172.16.0.1 0.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end

HUB#

 

R2

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!

!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 172.16.0.2 255.255.255.0
no ip redirects
ip nhrp map 172.16.0.1 192.168.1.2
ip nhrp map multicast 192.168.1.2
ip nhrp network-id 1
ip nhrp nhs 172.16.0.1
tunnel source 192.168.2.2
tunnel mode gre multipoint
!
interface Ethernet0/0
ip address 192.168.2.2 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp 1
network 2.2.2.2 0.0.0.0
network 172.16.0.2 0.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end

 

R3

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 172.16.0.3 255.255.255.0
no ip redirects
ip nhrp map multicast 192.168.1.2
ip nhrp map 172.16.0.1 192.168.1.2
ip nhrp network-id 1
ip nhrp nhs 172.16.0.1
tunnel source 192.168.3.2
tunnel mode gre multipoint
!
interface Ethernet0/0
ip address 192.168.3.2 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp 1
network 3.3.3.3 0.0.0.0
network 172.16.0.3 0.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.3.1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end

 

Internet Router

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname INTERNET
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!

!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/2
ip address 192.168.3.1 255.255.255.0
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.