DMVPN - NHRP - spoke-to-spoke 12.2.15T

出处:bu.cublog.cn

hostname hub
!
crypto isakmp policy 20
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set test esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile test
set transform-set test
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip mtu 1436
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 1000
ip nhrp holdtime 600
no ip split-horizon eigrp 1
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile test
!
interface Ethernet0/0
ip address 172.17.0.1 255.255.255.0
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.1.0
no auto-summary

hub#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

172.17.0.0/24 is subnetted, 1 subnets
C 172.17.0.0 is directly connected, Ethernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Tunnel0
C 192.168.1.0/24 is directly connected, Loopback0
D 192.168.2.0/24 [90/297372416] via 10.0.0.2, 00:52:46, Tunnel0
D 192.168.3.0/24 [90/297372416] via 10.0.0.3, 00:49:59, Tunnel0
hub#
hub#sh ip nhrp
10.0.0.2/32 via 10.0.0.2, Tunnel0 created 09:33:21, expire 00:04:28
Type: dynamic, Flags: authoritative unique registered
NBMA address: 172.17.0.2
10.0.0.3/32 via 10.0.0.3, Tunnel0 created 09:33:06, expire 00:04:14
Type: dynamic, Flags: authoritative unique registered
NBMA address: 172.17.0.3
hub#
hub#sh crypto socket

Number of Crypto Socket connections 2

Tu0 Peers (local/remote): 172.17.0.1/172.17.0.3
Local Ident (addr/mask/port/prot): (172.17.0.1/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.3/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)
Tu0 Peers (local/remote): 172.17.0.1/172.17.0.2
Local Ident (addr/mask/port/prot): (172.17.0.1/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.2/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
1 TUNNEL SEC Profile: "test" Map-name "Tunnel0-head-0"
================================================== ===
hostname r2-spoke

crypto isakmp policy 20
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set test esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile test
set transform-set test
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
no ip redirects
ip mtu 1436
ip nhrp authentication cisco
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp map multicast 172.17.0.1
ip nhrp network-id 1000
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
no ip route-cache
no ip mroute-cache
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile test
!
interface Ethernet0/0
ip address 172.17.0.2 255.255.255.0

router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.2.0
no auto-summary

r2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

172.17.0.0/24 is subnetted, 1 subnets
C 172.17.0.0 is directly connected, Ethernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Tunnel0
D 192.168.1.0/24 [90/297372416] via 10.0.0.1, 00:47:57, Tunnel0
C 192.168.2.0/24 is directly connected, Loopback0
D 192.168.3.0/24 [90/310172416] via 10.0.0.1, 00:45:09, Tunnel0
r2#
r2#
r2#sh ip nhrp
10.0.0.1/32 via 10.0.0.1, Tunnel0 created 00:48:20, never expire
Type: static, Flags: authoritative used
NBMA address: 172.17.0.1
r2#
r2#sh crypto socket

Number of Crypto Socket connections 1

Tu0 Peers (local/remote): 172.17.0.2/172.17.0.1
Local Ident (addr/mask/port/prot): (172.17.0.2/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.1/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
1 TUNNEL SEC Profile: "test" Map-name "Tunnel0-head-0"
==============================================
hostname r3-spoke
!
crypto isakmp policy 20
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set test esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile test
set transform-set test
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface Tunnel0
ip address 10.0.0.3 255.255.255.0
no ip redirects
ip mtu 1436
ip nhrp authentication cisco
ip nhrp map 10.0.0.1 172.17.0.1
ip nhrp map multicast 172.17.0.1
ip nhrp network-id 1000
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
no ip route-cache
no ip mroute-cache
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile test
!
interface Ethernet0/0
ip address 172.17.0.3 255.255.255.0

router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.3.0
no auto-summary

r3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

172.17.0.0/24 is subnetted, 1 subnets
C 172.17.0.0 is directly connected, Ethernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Tunnel0
D 192.168.1.0/24 [90/297372416] via 10.0.0.1, 00:47:16, Tunnel0
D 192.168.2.0/24 [90/310172416] via 10.0.0.1, 00:47:16, Tunnel0
C 192.168.3.0/24 is directly connected, Loopback0
r3#
r3#sh ip nhrp
10.0.0.1/32 via 10.0.0.1, Tunnel0 created 00:48:49, never expire
Type: static, Flags: authoritative used
NBMA address: 172.17.0.1
r3#
r3#sh crypto socket

Number of Crypto Socket connections 2

Tu0 Peers (local/remote): 172.17.0.3/172.17.0.1
Local Ident (addr/mask/port/prot): (172.17.0.3/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.1/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)
Tu0 Peers (local/remote): 172.17.0.3/172.17.0.2
Local Ident (addr/mask/port/prot): (172.17.0.3/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.2/255.255.255.255/0/47)
Socket State: Closed
Client: "TUNNEL SEC" (Client State: Listening)

Crypto Sockets in Listen state:
1 TUNNEL SEC Profile: "test" Map-name "Tunnel0-head-0"

=================================================

r2#ping 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 12/12/12 ms
r2#
r2#sh ip nhrp
10.0.0.1/32 via 10.0.0.1, Tunnel0 created 00:55:58, never expire
Type: static, Flags: authoritative used
NBMA address: 172.17.0.1
192.168.3.0/24 via 192.168.3.1, Tunnel0 created 00:00:09, expire 00:04:50
Type: dynamic, Flags: router unique used
NBMA address: 172.17.0.3
r2#
r2#
r2#sh crypto socket

Number of Crypto Socket connections 2

Tu0 Peers (local/remote): 172.17.0.2/172.17.0.1
Local Ident (addr/mask/port/prot): (172.17.0.2/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.1/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)
Tu0 Peers (local/remote): 172.17.0.2/172.17.0.3
Local Ident (addr/mask/port/prot): (172.17.0.2/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.3/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
1 TUNNEL SEC Profile: "test" Map-name "Tunnel0-head-0"
================================================== ====

r3#sh ip nhrp
10.0.0.1/32 via 10.0.0.1, Tunnel0 created 00:54:33, never expire
Type: static, Flags: authoritative used
NBMA address: 172.17.0.1
10.0.0.2/32 via 10.0.0.2, Tunnel0 created 00:01:23, expire 00:02:15
Type: dynamic, Flags: router unique
NBMA address: 172.17.0.2
192.168.3.0/24 via 192.168.3.1, Tunnel0 created 00:01:23, expire 00:03:38
Type: dynamic, Flags: router authoritative unique local
NBMA address: 172.17.0.3
r3#sh crypto socket

Number of Crypto Socket connections 2

Tu0 Peers (local/remote): 172.17.0.3/172.17.0.1
Local Ident (addr/mask/port/prot): (172.17.0.3/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.1/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)
Tu0 Peers (local/remote): 172.17.0.3/172.17.0.2
Local Ident (addr/mask/port/prot): (172.17.0.3/255.255.255.255/0/47)
Remote Ident (addr/mask/port/prot): (172.17.0.2/255.255.255.255/0/47)
Socket State: Open
Client: "TUNNEL SEC" (Client State: Active)

Crypto Sockets in Listen state:
1 TUNNEL SEC Profile: "test" Map-name "Tunnel0-head-0"