DMVPN QoS
In this topology, R1 is DMVPN HUB router, R2-R4 are spoke routers. R1-R4 have default route point to R5, so all routers have reachability on their outside interfaces.
1. Create DMVPN
Hub:
R1#sh run int tun0
Building configuration...
Building configuration...
Current configuration : 242 bytes
!
interface Tunnel0
ip address 192.168.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
end
!
interface Tunnel0
ip address 192.168.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
end
Spoke:
R2-R4:
interface Tunnel0
ip address 192.168.0.[2-4] 255.255.255.0
no ip redirects
ip nhrp map 192.168.0.1 172.16.15.2
ip nhrp map multicast 172.16.15.2
ip nhrp network-id 1
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
end
interface Tunnel0
ip address 192.168.0.[2-4] 255.255.255.0
no ip redirects
ip nhrp map 192.168.0.1 172.16.15.2
ip nhrp map multicast 172.16.15.2
ip nhrp network-id 1
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
end
Verification:
R1#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:3,
Type:Hub, NHRP Peers:3,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 172.16.25.2 192.168.0.2 UP 00:15:13 D
1 172.16.35.2 192.168.0.3 UP 00:14:49 D
1 172.16.45.2 192.168.0.4 UP 00:14:31 D
----- --------------- --------------- ----- -------- -----
1 172.16.25.2 192.168.0.2 UP 00:15:13 D
1 172.16.35.2 192.168.0.3 UP 00:14:49 D
1 172.16.45.2 192.168.0.4 UP 00:14:31 D
R1#
R2#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 172.16.15.2 192.168.0.1 UP 00:01:17 S
----- --------------- --------------- ----- -------- -----
1 172.16.15.2 192.168.0.1 UP 00:01:17 S
R2#
Enable routing
R1:router eigrp 100
network 192.168.0.0
network 192.168.10.1 0.0.0.0
passive-interface default
no passive-interface FastEthernet1/1
no passive-interface Tunnel0
R1#
R2-R4:
router eigrp 100
network 192.168.0.0
network 192.168.[20-40].1 0.0.0.0
passive-interface default
no passive-interface Tunnel0
no passive-interface FastEthernet1/1
R1#sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 192.168.0.4 Tu0 13 00:05:30 891 5000 0 6
1 192.168.0.3 Tu0 11 00:05:33 64 1434 0 7
0 192.168.0.2 Tu0 10 00:20:29 95 1434 0 5
R1#
2. Add encryption
R1-R4:
crypto isakmp policy 10
authentication pre-share
crypto isakmp key ****** address 172.16.0.0
!
!
crypto ipsec transform-set MyTranSet esp-aes esp-sha-hmac
mode tunnel
!
crypto ipsec profile My_IPSec_Profile
set transform-set MyTranSet
authentication pre-share
crypto isakmp key ****** address 172.16.0.0
!
!
crypto ipsec transform-set MyTranSet esp-aes esp-sha-hmac
mode tunnel
!
crypto ipsec profile My_IPSec_Profile
set transform-set MyTranSet
int tun0
tunnel protection ipsec profile My_IPSec_Profile
3. Configure Per-Tunnel QoS
Configure a NHRP Group on the Spoke
R2-R4
int tun0
ip nhrp group spoke_group2-4
Configure a NHRP Group Attribute on the Spoke
R2-R4
int tun0
nhrp group spoke_group1
Comments
Post a Comment