************************************* Lab 1 - Configuring mGRE ************************************* ---- R1 ---- Interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 11 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3 ip nhrp map 192.168.1.4 192.1.40.4 ip nhrp map 192.168.1.5 192.1.50.5 ---- R2 ---- Interface Tunnel 1 ip address 192.168.1.2 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map 192.168.1.3 192.1.30.3 ip nhrp map 192.168.1.4 192.1.40.4 ip nhrp map 192.168.1.5 192.1.50.5 ---- R3 ---- Interface Tunnel 1 ip address 192.168.1.3 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.4 192.1.40.4 ip nhrp map 192.168.1.5 192.1.50.5 ---- R4 ---- Interface Tunnel 1 ip address 192.168.1.4 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3 ip nhrp map 192.168.1.5 192.1.50.5 ---- R5 ---- Interface Tunnel 1 ip address 192.168.1.5 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3 ip nhrp map 192.168.1.4 192.1.40.4 ************************************* Lab 2 - Configuring DMVPN - Basic ************************************* ---- R1 ---- no Interface Tunnel 1 Interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 11 ip nhrp map multicast dynamic no ip split-horizon eigrp 123 ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ---- R2 ---- no Interface Tunnel 1 Interface Tunnel 1 ip address 192.168.1.2 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ---- R3 ---- no Interface Tunnel 1 Interface Tunnel 1 ip address 192.168.1.3 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ---- R4 ---- no Interface Tunnel 1 Interface Tunnel 1 ip address 192.168.1.4 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ---- R5 ---- no Interface Tunnel 1 Interface Tunnel 1 ip address 192.168.1.5 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 22 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ************************************* Lab 3 - Configuring DMVPN - Phases ************************************* ++++++++++++++++++++++++ DMVPN Phase I ++++++++++++++++++++++++ -> In this phase, Data Flow is using the Hub-n-spoke mechanism -> When using EIGRP, this is the default Phase -> If the hub wants to control the traffic between the spokes, you would use this Phase ++++++++++++++++++++++++ DMVPN Phase II ++++++++++++++++++++++++ -> In this phase, Data Flow uses a direct path between the spokes -> In this phase, this is accomplished by tweaking the behavior of the routing protocol -> This leads to a more efficient Data forwarding mechanism -> Every Spoke needs to have the route for the other spokes ------------ R1 - Hub ------------ Interface Tunnel 1 no ip next-hop-self eigrp 123 ++++++++++++++++++++++++ DMVPN Phase III ++++++++++++++++++++++++ -> In this phase, Data Flow uses a direct path between the spokes -> In this phase, this is accomplished by Using the NHRP Protocol using the NHRP Redirect functionality -> This leads to a more efficient Data forwarding mechanism -> Spokes don't need the full routing table. The hub can summarize the routes towards the spokes. ------------ R1 - Hub ------------ Interface Tunnel 1 ip next-hop-self eigrp 123 ip nhrp redirect ------------ Spokes ------------ Interface Tunnel 1 ip nhrp shortcut ****************************************************** Lab 4 - Configuring IPSec to encrypt a DMVPN setup ****************************************************** ================== All Devices ================== ! 1. Phase I crypto isakmp policy 10 authentication pre-share hash md5 encryption 3des group 2 crypto isakmp key Cisco123 address 0.0.0.0 ! 2. Phase II crypto ipsec transform-set ABC esp-3des esp-md5-hmac mode transport ! 3. IPSec Profile Crypto ipsec profile IPROF set transform-set ABC ! 4. Apply the IPSec Profile to the Tunnel Interface Interface Tunnel1 tunnel protection ipsec profile IPROF ******************************************************** Lab 5 - Configuring a Dual Hub DMVPN Setup - Phase III ******************************************************** =========================================================== 1. Configure a Static Relationship between the 2 Hubs =========================================================== ----- R1 ----- Interface Tunnel1 ip address 192.168.1.1 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp map multicast dynamic no ip split-horizon eigrp 123 ip nhrp redirect ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map multicast 192.1.20.2 ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ----- R2 ----- Interface Tunnel1 ip address 192.168.1.2 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp map multicast dynamic no ip split-horizon eigrp 123 ip nhrp redirect ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 =============================================================== 2. Configure the Spokes to communicate towards both the Hubs =============================================================== ----- R3 ----- Interface Tunnel 1 ip address 192.168.1.3 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.1 ip nhrp nhs 192.168.1.2 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map multicast 192.1.10.1 ip nhrp map multicast 192.1.20.2 ip nhrp shortcut ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ----- R5 ----- Interface Tunnel 1 ip address 192.168.1.5 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.1 ip nhrp nhs 192.168.1.2 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map multicast 192.1.10.1 ip nhrp map multicast 192.1.20.2 ip nhrp shortcut ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 *************************************************************************** Lab 6 - Configuring DMVPN by segregating Underlay and Overlay using VRF *************************************************************************** =========================================================== 1. Configure the Outside network in a VRF =========================================================== ----- R1 ----- vrf definition PUBLIC address-family ipv4 ! Interface E0/0 vrf forwarding PUBLIC ip address 192.1.10.1 255.255.255.0 no shut ! ip route vrf PUBLIC 0.0.0.0 0.0.0.0 192.1.10.6 ----- R2 ----- vrf definition PUBLIC address-family ipv4 ! Interface E0/0 vrf forwarding PUBLIC ip address 192.1.20.2 255.255.255.0 no shut ! ip route vrf PUBLIC 0.0.0.0 0.0.0.0 192.1.20.6 ----- R3 ----- vrf definition PUBLIC address-family ipv4 ! Interface E0/0 vrf forwarding PUBLIC ip address 192.1.30.3 255.255.255.0 no shut ! ip route vrf PUBLIC 0.0.0.0 0.0.0.0 192.1.30.6 ----- R4 ----- vrf definition PUBLIC address-family ipv4 ! Interface E0/0 vrf forwarding PUBLIC ip address 192.1.40.4 255.255.255.0 no shut ! ip route vrf PUBLIC 0.0.0.0 0.0.0.0 192.1.40.6 ----- R5 ----- vrf definition PUBLIC address-family ipv4 ! Interface E0/0 vrf forwarding PUBLIC ip address 192.1.50.5 255.255.255.0 no shut ! ip route vrf PUBLIC 0.0.0.0 0.0.0.0 192.1.50.6 ======================================================================================== 2. Configure DMVPN with R1 being the Hub using the PUBLIC VRF for Underlay reachability ======================================================================================== ----- R1 ----- Interface Tunnel1 ip address 192.168.1.1 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp map multicast dynamic no ip split-horizon eigrp 123 ip nhrp redirect tunnel vrf PUBLIC ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ----- R2 ----- Interface Tunnel1 ip address 192.168.1.2 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ip nhrp shortcut tunnel vrf PUBLIC ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ----- R3 ----- Interface Tunnel1 ip address 192.168.1.3 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ip nhrp shortcut tunnel vrf PUBLIC ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ----- R4 ----- Interface Tunnel1 ip address 192.168.1.4 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ip nhrp shortcut tunnel vrf PUBLIC ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 ----- R5 ----- Interface Tunnel1 ip address 192.168.1.5 255.255.255.0 tunnel source E0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.1 ip nhrp map 192.168.1.1 192.1.10.1 ip nhrp map multicast 192.1.10.1 ip nhrp shortcut tunnel vrf PUBLIC ! router eigrp 123 network 192.168.1.0 network 10.0.0.0 network 172.16.0.0 =========================================== 3. Encrypt the Tunnel using IPSec =========================================== -------------------------- All Devices -------------------------- ! 1. Phase I crypto isakmp policy 10 authentication pre-share hash md5 encryption 3des group 2 ! crypto keyring KR1 vrf PUBLIC pre-shared-key address 0.0.0.0 key Cisco123 ! 2. Phase II crypto ipsec transform-set ABC esp-3des esp-md5-hmac mode transport ! 3. IPSec Profile Crypto ipsec profile IPROF set transform-set ABC ! 4. Apply the IPSec Profile to the Tunnel Interface Interface Tunnel1 tunnel protection ipsec profile IPROF