配置基于MPLS VPN的GETVPN
实验拓扑:实验步骤:
R1:R1#show runBuilding configuration... Current configuration : 1457 bytes!! Last configuration change at 20:10:26 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R1!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable! no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!!ip tcp synwait-time 5! !crypto isakmp policy 10 authentication pre-sharecrypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 !crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9!!crypto map cisco 10 gdoi set group mygroup!interface Loopback0 ip address 192.168.1.1 255.255.255.0! interface FastEthernet0/0 no ip address shutdown duplex full!interface FastEthernet2/0 ip address 100.1.1.1 255.255.255.0 speed auto duplex auto crypto map cisco!interface FastEthernet2/1 no ip address shutdown speed auto duplex auto!!router eigrp 1 network 100.1.1.1 0.0.0.0 network 192.168.1.0 eigrp router-id 1.1.1.1! ip forward-protocol nd!!no ip http serverno ip http secure-server!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!End R2:R2#show runBuilding configuration... Current configuration : 1549 bytes!! Last configuration change at 20:20:11 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R2!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable!using address 23.1.1.2! no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!!ip tcp synwait-time 5! !crypto isakmp policy 10 authentication pre-sharecrypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 !crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9!!crypto map cisco 10 gdoi set group mygroup!interface Loopback0 no ip address! interface FastEthernet0/0 no ip address shutdown duplex full!interface Serial1/0 ip address 23.1.1.2 255.255.255.0 serial restart-delay 0 crypto map cisco!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!router rip version 2 network 23.0.0.0 network 192.168.2.0 no auto-summary!ip forward-protocol nd!!no ip http serverno ip http secure-server!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!end R3:R3#show runBuilding configuration... Current configuration : 2282 bytes!! Last configuration change at 20:19:39 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R3!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable!ip vrf a rd 10:10 route-target export 10:10 route-target import 10:10!no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!!ip tcp synwait-time 5!interface Loopback0 ip address 3.3.3.3 255.255.255.0!interface FastEthernet0/0 no ip address shutdown duplex full!interface Serial1/0 no ip address shutdown mpls ip serial restart-delay 0!interface Serial1/1 ip vrf forwarding a ip address 23.1.1.3 255.255.255.0!interface Serial1/2 ip address 34.1.1.3 255.255.255.0 mpls ip serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!interface FastEthernet2/0 ip vrf forwarding a ip address 100.1.1.3 255.255.255.0 speed auto duplex auto!interface FastEthernet2/1 no ip address shutdown speed auto duplex auto!!router eigrp 1 ! address-family ipv4 vrf a autonomous-system 1redistribute bgp 1 metric 10000 100 255 1 1500network 100.1.1.3 0.0.0.0 exit-address-family eigrp router-id 3.3.3.3!!router eigrp 100 network 3.3.3.3 0.0.0.0 network 34.1.1.3 0.0.0.0 eigrp router-id 3.3.3.3!router rip version 2 no auto-summary ! address-family ipv4 vrf aredistribute bgp 1 metric 2network 23.0.0.0no auto-summary exit-address-family!router bgp 1 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 **-source Loopback0 neighbor 5.5.5.5 next-hop-self ! address-family vpnv4neighbor 5.5.5.5 activateneighbor 5.5.5.5 send-community both exit-address-family ! address-family ipv4 vrf aredistribute eigrp 1 metric 2 exit-address-family! ip forward-protocol nd!!no ip http serverno ip http secure-server!!mpls ldp router-id Loopback0 force!!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!End R4:R4#show runBuilding configuration... Current configuration : 1333 bytes!! Last configuration change at 20:33:42 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R4!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable! no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!ip tcp synwait-time 5!interface Loopback0 ip address 4.4.4.4 255.255.255.0!interface FastEthernet0/0 no ip address shutdown duplex full!interface Serial1/0 ip address 34.1.1.4 255.255.255.0 mpls ip serial restart-delay 0!interface Serial1/1 ip address 45.1.1.4 255.255.255.0 mpls ip serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!!router eigrp 100 network 4.4.4.4 0.0.0.0 network 34.1.1.4 0.0.0.0 network 45.1.1.4 0.0.0.0 eigrp router-id 4.4.4.4!ip forward-protocol nd!!no ip http serverno ip http secure-server!!mpls ldp router-id Loopback0 force!!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!End R5; R5#show runBuilding configuration... Current configuration : 2192 bytes!! Last configuration change at 20:33:44 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R5!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable!ip vrf a rd 10:10 route-target export 10:10 route-target import 10:10!no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated !ip tcp synwait-time 5!interface Loopback0 ip address 5.5.5.5 255.255.255.0!interface FastEthernet0/0 no ip address shutdown duplex full!interface Serial1/0 ip address 45.1.1.5 255.255.255.0 mpls ip serial restart-delay 0!interface Serial1/1 ip vrf forwarding a ip address 56.1.1.5 255.255.255.0 serial restart-delay 0!interface Serial1/2 ip vrf forwarding a ip address 57.1.1.5 255.255.255.0 serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!!router eigrp 100 network 5.5.5.5 0.0.0.0 network 45.1.1.5 0.0.0.0 eigrp router-id 5.5.5.5!! router eigrp 2 ! address-family ipv4 vrf a autonomous-system 2redistribute bgp 1 metric 10000 100 255 1 1500network 56.1.1.5 0.0.0.0 exit-address-family eigrp router-id 5.5.5.5!router ospf 1 vrf a router-id 5.5.5.5 redistribute bgp 1 metric 2 subnets network 57.1.1.5 0.0.0.0 area 0!router bgp 1 bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 3.3.3.3 remote-as 1 neighbor 3.3.3.3 **-source Loopback0 neighbor 3.3.3.3 next-hop-self ! address-family vpnv4neighbor 3.3.3.3 activateneighbor 3.3.3.3 send-community both exit-address-family ! address-family ipv4 vrf aredistribute eigrp 2 metric 2redistribute ospf 1 metric 2 match internal external 1 external 2redistribute eigrp 1 metric 2 exit-address-family!ip forward-protocol nd!!no ip http serverno ip http secure-server!!mpls ldp router-id Loopback0 force!!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!End R6:R6#show runBuilding configuration... Current configuration : 1612 bytes!! Last configuration change at 20:33:47 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R6!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable! no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!ip tcp synwait-time 5! !crypto isakmp policy 10 authentication pre-sharecrypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 !crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9!!crypto map cisco 10 gdoi set group mygroup!interface Loopback0 ip address 192.168.6.1 255.255.255.0! interface FastEthernet0/0 no ip address shutdown duplex full!interface Serial1/0 ip address 56.1.1.6 255.255.255.0 serial restart-delay 0 crypto map cisco!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!!router eigrp 2 network 56.1.1.6 0.0.0.0 network 192.168.6.0 network 192.168.6.1 0.0.0.0 eigrp router-id 6.6.6.6!ip forward-protocol nd!!no ip http serverno ip http secure-server!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!end R7: R7#show runBuilding configuration... Current configuration : 1596 bytes!! Last configuration change at 20:33:49 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R7!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable! no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!!ip tcp synwait-time 5! !crypto isakmp policy 10 authentication pre-sharecrypto isakmp key isakmp.p1.key address 100.1.1.8 crypto isakmp key isakmp.p1.key address 100.1.1.9 !crypto gdoi group mygroup identity number 10 server address ipv4 100.1.1.8 server address ipv4 100.1.1.9!!crypto map cisco 10 gdoi set group mygroup!interface Loopback0 ip address 192.168.7.1 255.255.255.0! interface FastEthernet0/0 no ip address shutdown duplex full!interface Serial1/0 ip address 57.1.1.7 255.255.255.0 serial restart-delay 0 crypto map cisco!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!router ospf 1 router-id 7.7.7.7 network 57.1.1.7 0.0.0.0 area 0 network 192.168.7.1 0.0.0.0 area 0!ip forward-protocol nd!!no ip http serverno ip http secure-server!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!End R8: R8#show runBuilding configuration... Current configuration : 2044 bytes!! Last configuration change at 20:33:58 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R8!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable! no ip domain lookupip domain name cisco.comip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!ip tcp synwait-time 5! !crypto isakmp policy 10 authentication pre-sharecrypto isakmp key isakmp.p1.key address 100.1.1.9 crypto isakmp key isakmp.p1.key address 56.1.1.6 crypto isakmp key isakmp.p1.key address 57.1.1.7 crypto isakmp key isakmp.p1.key address 100.1.1.1 crypto isakmp key isakmp.p1.key address 23.1.1.2 !!crypto ipsec transform-set cisco esp-des esp-md5-hmac mode tunnel!!crypto ipsec profile pro set transform-set cisco !crypto gdoi group mygroup identity number 10 server localrekey algorithm aes 256rekey retransmit 10 number 2rekey authentication mypubkey rsa getvpnkeyrekey transport unicastsa ipsec 1 profile pro match address ipv4 cisco replay time window-size 3address ipv4 100.1.1.8redundancy local priority 100 peer address ipv4 100.1.1.9!interface Loopback0 ip address 192.168.8.1 255.255.255.0!interface FastEthernet0/0 no ip address shutdown duplex full!interface FastEthernet1/0 ip address 100.1.1.8 255.255.255.0 speed auto duplex auto!interface FastEthernet1/1 no ip address shutdown speed auto duplex auto!!router eigrp 1 network 100.0.0.0 network 192.168.8.0 eigrp router-id 8.8.8.8!ip forward-protocol nd!!no ip http serverno ip http secure-server!ip access-list extended cisco permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!End R9: R9#show runBuilding configuration... Current configuration : 1995 bytes!! Last configuration change at 20:31:37 UTC Sat May 4 2013!version 15.2service timestamps debug datetime msecservice timestamps log datetime msec!hostname R9!boot-start-markerboot-end-marker!no aaa new-modelno ip icmp rate-limit unreachable! no ip domain lookupip cefipv6 multicast rpf use-bgpno ipv6 cef!!multilink bundle-name authenticated!ip tcp synwait-time 5! !crypto isakmp policy 10 authentication pre-sharecrypto isakmp key isakmp.p1.key address 56.1.1.6 crypto isakmp key isakmp.p1.key address 57.1.1.7 crypto isakmp key isakmp.p1.key address 100.1.1.1 crypto isakmp key isakmp.p1.key address 23.1.1.2 crypto isakmp key isakmp.p1.key address 100.1.1.8 !!crypto ipsec transform-set cisco esp-des esp-md5-hmac mode tunnel!!crypto ipsec profile pro set transform-set cisco !crypto gdoi group mygroup identity number 10 server localrekey algorithm aes 256rekey retransmit 10 number 2rekey authentication mypubkey rsa getvpnkeyrekey transport unicastsa ipsec 1 profile pro match address ipv4 cisco replay time window-size 3address ipv4 100.1.1.9redundancy local priority 90 peer address ipv4 100.1.1.8!interface Loopback0 ip address 192.168.9.1 255.255.255.0!interface FastEthernet0/0 no ip address shutdown duplex full!interface FastEthernet1/0 ip address 100.1.1.9 255.255.255.0 speed auto duplex auto!interface FastEthernet1/1 no ip address shutdown speed auto duplex auto!!router eigrp 1 network 0.0.0.0 eigrp router-id 9.9.9.9!ip forward-protocol nd!!no ip http serverno ip http secure-server!ip access-list extended cisco permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255!control-plane!!line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1line vty 0 4 login!!end
http://bbs.spoto.net/xwb/images/bgimg/icon_logo.png 该贴已经同步到 songjiaqi的微博 这么好的帖子 怎么没人顶呢? 相当有技术含量啊 还没学到MPLS 努力中……哦-sweat- 不错,看的有所获。刚好我最近在做
页:
[1]