dmvpn/config

Материал из Xgu.ru

Перейти к: навигация, поиск

На этой странице представлена схема и конфигурационные файлы для сети Xentaur, которая рассматривается на странице Настройка DMVPN на маршрутизаторах Cisco.

Содержание

[править] Схема сети

DMVPN xentaur.png

[править] Конфигурационный файл Xentaur 

import os
domain=os.environ['xendomain']

network='netw'

domains =       [ 'dyn1',     'qua2',   'dyn3',     'qua4',   'dyn5',     'qua6',   'qua7'  ]
domain_types =  [ 'xenomips', 'quagga', 'xenomips', 'quagga', 'xenomips', 'quagga', 'quagga'   ]
bridges =       [
                  'br1',
                  'br2',
                  'br3',
                  'br4',
		  'br5',
		  'br6',
		 ]

vbridges_table ={
                  'dyn1'    : [ 'br1', 'br2' ],
		  'qua2'    : [ 'br2', 'br3', 'br5' ],
		  'dyn3'    : [ 'br3', 'br4' ],
		  'qua4'    : [ 'br4' ],
		  'dyn5'    : [ 'br5', 'br6' ],
		  'qua6'    : [ 'br6' ],
		  'qua7'    : [ 'br1' ],	
		  }

bridge_bridge_table = {
}

hidden_bridges = []
broken_links = []
temporary_links = []

real_bridges=[]
real_nodes=['linux']

N=domains.index(domain)
if domain_types[N] == 'quagga':
    memory = 64
else:
    memory = 400

xenomips_dir='/home/nata/xenomips-images/'
ios_name='C7200-AD.BIN'
npe_type='npe-400'

if domain=='dyn1':
    platform='3725'
    ios_name='C3725-AD.BIN'

[править] Конфигурация узлов

[править] dyn1 

dyn1#sh run
Building configuration...
Current configuration : 5618 bytes
!
! Last configuration change at 23:01:18 UTC Fri Feb 27 2009
! NVRAM config last updated at 23:07:10 UTC Fri Feb 27 2009
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dyn1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!         
ip domain name xgu.ru
ip host dyn1 192.168.1.1
!
!
!
crypto pki server dyn1
!
crypto pki trustpoint dyn1
 enrollment url http://dyn1:80
 revocation-check crl
 rsakeypair dyn1
!
crypto pki trustpoint dyn
 enrollment url http://dyn1:80
 revocation-check crl
!
!
crypto pki certificate chain dyn1
 certificate ca 01
  308201F7 30820160 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  0F310D30 0B060355 04031304 64796E31 301E170D 30393032 32373232 34353534 
  5A170D31 32303232 37323234 3535345A 300F310D 300B0603 55040313 0464796E 
  3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C2F6 
  FAC39C79 1F083E69 F2952D2E 9B0B439E 9970825F 2B8B69E5 104264F9 B6712BE1 
  DBDBDC5D 38D13DF3 9B9ADE18 53EDA6D5 F50F5958 B5BC485E 03B4A958 F53C1B2F 
  64149E25 4552E596 BC87D9C2 04F9B0F2 5158ED70 6A8E9600 9D99716B 991D9DE5 
  65C7CAEF B48FEE1B E37B0E48 A4784731 D7B70BE9 1E264E66 A1AF6EDE 433F0203 
  010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D0F01 
  01FF0404 03020186 301F0603 551D2304 18301680 14316E92 9C655E50 81B8C728 
  E0967B27 1B2D34DA 9E301D06 03551D0E 04160414 316E929C 655E5081 B8C728E0 
  967B271B 2D34DA9E 300D0609 2A864886 F70D0101 04050003 8181005E 77BD000F 
  8AF70F5E 5B1BF974 754BBCD8 548494FE AC7EE542 A1F60A15 2FD74C84 01EC7C5D 
  1F4361B9 109A154F 208CE0A7 B53F6BAC D8D35C71 F5319EA1 60083F1C 60E65441 
  9D752A26 BB90F676 7E9F0F2A 9B0FE3C8 C254AFD5 7A055242 E856D93E 5CE9D5E4 
  0E2722D3 46540D03 F69688C6 FDC4EDE2 F138818F 5D0076F2 BF5CA2
  quit
crypto pki certificate chain dyn
 certificate 04
  308201AC 30820115 A0030201 02020104 300D0609 2A864886 F70D0101 04050030 
  0F310D30 0B060355 04031304 64796E31 301E170D 30393032 32373232 35363231 
  5A170D31 30303232 37323235 3632315A 301C311A 30180609 2A864886 F70D0109 
  02160B64 796E312E 7867752E 7275305C 300D0609 2A864886 F70D0101 01050003 
  4B003048 024100A6 B5406A29 6DC12463 BF3204E9 00DF0F76 28157CEE 30FE7086 
  95CF3C17 06680971 23FFB531 7E52632A A779EA0C 54C54304 63D20B6D 4065408D 
  F1532CDA CC3B3902 03010001 A34F304D 300B0603 551D0F04 04030205 A0301F06 
  03551D23 04183016 8014316E 929C655E 5081B8C7 28E0967B 271B2D34 DA9E301D 
  0603551D 0E041604 1452D06E 52DA5CB4 F90D2966 31A4D112 3E2FC81F 32300D06 
  092A8648 86F70D01 01040500 03818100 A4E9A982 2E293A24 1B89C9FE F8A03BE1 
  024AF029 417B3A23 D7EABBAB 8E83664A 7821BFDC 65CD0280 1C7BAE0F 41053A45 
  0E8FB6FA 83A6FFA2 11075443 4AB6658E 0F17A141 FAC2E7A9 D093890B 8DA9E90C 
  8C5A7C82 0B4D261D 452690DE 894D9BF4 14EE9FF5 F9632C3A F5F34115 F42AA444 
  954ACE4F 32A47FD0 AF588B7F 299027DA
  quit
 certificate ca 01
  308201F7 30820160 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  0F310D30 0B060355 04031304 64796E31 301E170D 30393032 32373232 34353534 
  5A170D31 32303232 37323234 3535345A 300F310D 300B0603 55040313 0464796E 
  3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C2F6 
  FAC39C79 1F083E69 F2952D2E 9B0B439E 9970825F 2B8B69E5 104264F9 B6712BE1 
  DBDBDC5D 38D13DF3 9B9ADE18 53EDA6D5 F50F5958 B5BC485E 03B4A958 F53C1B2F 
  64149E25 4552E596 BC87D9C2 04F9B0F2 5158ED70 6A8E9600 9D99716B 991D9DE5 
  65C7CAEF B48FEE1B E37B0E48 A4784731 D7B70BE9 1E264E66 A1AF6EDE 433F0203 
  010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D0F01 
  01FF0404 03020186 301F0603 551D2304 18301680 14316E92 9C655E50 81B8C728 
  E0967B27 1B2D34DA 9E301D06 03551D0E 04160414 316E929C 655E5081 B8C728E0 
  967B271B 2D34DA9E 300D0609 2A864886 F70D0101 04050003 8181005E 77BD000F 
  8AF70F5E 5B1BF974 754BBCD8 548494FE AC7EE542 A1F60A15 2FD74C84 01EC7C5D 
  1F4361B9 109A154F 208CE0A7 B53F6BAC D8D35C71 F5319EA1 60083F1C 60E65441 
  9D752A26 BB90F676 7E9F0F2A 9B0FE3C8 C254AFD5 7A055242 E856D93E 5CE9D5E4 
  0E2722D3 46540D03 F69688C6 FDC4EDE2 F138818F 5D0076F2 BF5CA2
  quit
!
!
! 
!
crypto isakmp policy 10
!
crypto isakmp policy 20
 authentication pre-share
crypto isakmp key isakmpkey address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set DMVPN-TR esp-des 
 mode transport
!
!
crypto ipsec profile DMVPN
 set transform-set DMVPN-TR 
!
!
interface Tunnel0
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 ip mtu 1416
 no ip next-hop-self eigrp 1
 ip nhrp authentication nhrppass
 ip nhrp map multicast dynamic
 ip nhrp network-id 999
 no ip split-horizon eigrp 1
 ip ospf network broadcast
 ip ospf hello-interval 30
 ip ospf priority 10
 tunnel source FastEthernet1/0
 tunnel mode gre multipoint
 tunnel key 999
 tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!         
router eigrp 1
 network 10.1.1.0 0.0.0.255
 network 10.10.10.0 0.0.0.255
 no auto-summary
!
router ospf 1
 log-adjacency-changes
 network 10.1.1.0 0.0.0.255 area 1
 network 10.10.10.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 192.168.3.0 255.255.255.0 192.168.1.2
ip route 192.168.5.0 255.255.255.0 192.168.1.2
!
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

[править] qua2 

qua2# sh run
Building configuration...

Current configuration:
!
hostname qua2
!
debug ospf6 lsa unknown
!
interface eth0
 ip address 192.168.1.2/24
 ipv6 nd suppress-ra
!
interface eth1
 ip address 192.168.3.2/24
 ipv6 nd suppress-ra
!
interface eth2
 ip address 192.168.5.2/24
 ipv6 nd suppress-ra
!
interface lo
!
interface sit0
 ipv6 nd suppress-ra
!
ip forwarding
!
line vty
!

[править] dyn3 

dyn3#sh run
Building configuration...

Current configuration : 4466 bytes
!
! Last configuration change at 22:57:58 UTC Fri Feb 27 2009
! NVRAM config last updated at 23:00:31 UTC Fri Feb 27 2009
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dyn3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
ip domain name xgu.ru
ip host dyn1 192.168.1.1
!
multilink bundle-name authenticated
!
!
!
!
crypto pki trustpoint dyn1
 enrollment url http://dyn1:80
 revocation-check crl
!
!
crypto pki certificate chain dyn1
 certificate 02
  308201F0 30820159 A0030201 02020102 300D0609 2A864886 F70D0101 04050030 
  0F310D30 0B060355 04031304 64796E31 301E170D 30393032 32373232 35323031 
  5A170D31 30303232 37323235 3230315A 301C311A 30180609 2A864886 F70D0109 
  02160B64 796E332E 7867752E 72753081 9F300D06 092A8648 86F70D01 01010500 
  03818D00 30818902 818100B5 3C4F3F80 1AF47759 9707CF2D FF5A62CF 8409EA97 
  CC9940C1 4DAB0907 DAB67FEC AB6CEFB5 23B2102A C715F0C6 E928AD13 9C46EFE7 
  0A1088D9 64B143E0 60E0846B 4E309FE3 34A956DE 8BBAE8B5 24482691 33E33E6F 
  DA4D5D71 2ED3000C 17091FFB 8330F259 DB29EE82 F791251B C856222E 50E7E2D4 
  DC7834BD 9CA9DD90 9B3A4902 03010001 A34F304D 300B0603 551D0F04 04030205 
  A0301F06 03551D23 04183016 8014316E 929C655E 5081B8C7 28E0967B 271B2D34 
  DA9E301D 0603551D 0E041604 142D0CE0 43342D6A 6E707455 9546A505 8AA3389B 
  BD300D06 092A8648 86F70D01 01040500 03818100 5BA5FF5C B9CE9D85 D5FAECBA 
  1CC46FFA C380C2BC 0CD47900 AB18C0DC 2785DE8C B60C0066 EBFD009C A77C8D77 
  02E57E58 C569D21F 1ED99D77 FB48EF54 33CCAE81 DEDCAC47 F95DCB79 0969BA3F 
  1BF21012 682C0E6C 736343BB 11E2AFA2 0782B200 FDE760D4 6D052C0D 7006AF57 
  EEFFDF10 BC51F753 A0210C0D 2E39CCD3 EF5A7652
  quit
 certificate ca 01
  308201F7 30820160 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  0F310D30 0B060355 04031304 64796E31 301E170D 30393032 32373232 34353534 
  5A170D31 32303232 37323234 3535345A 300F310D 300B0603 55040313 0464796E 
  3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C2F6 
  FAC39C79 1F083E69 F2952D2E 9B0B439E 9970825F 2B8B69E5 104264F9 B6712BE1 
  DBDBDC5D 38D13DF3 9B9ADE18 53EDA6D5 F50F5958 B5BC485E 03B4A958 F53C1B2F 
  64149E25 4552E596 BC87D9C2 04F9B0F2 5158ED70 6A8E9600 9D99716B 991D9DE5 
  65C7CAEF B48FEE1B E37B0E48 A4784731 D7B70BE9 1E264E66 A1AF6EDE 433F0203 
  010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D0F01 
  01FF0404 03020186 301F0603 551D2304 18301680 14316E92 9C655E50 81B8C728 
  E0967B27 1B2D34DA 9E301D06 03551D0E 04160414 316E929C 655E5081 B8C728E0 
  967B271B 2D34DA9E 300D0609 2A864886 F70D0101 04050003 8181005E 77BD000F 
  8AF70F5E 5B1BF974 754BBCD8 548494FE AC7EE542 A1F60A15 2FD74C84 01EC7C5D 
  1F4361B9 109A154F 208CE0A7 B53F6BAC D8D35C71 F5319EA1 60083F1C 60E65441 
  9D752A26 BB90F676 7E9F0F2A 9B0FE3C8 C254AFD5 7A055242 E856D93E 5CE9D5E4 
  0E2722D3 46540D03 F69688C6 FDC4EDE2 F138818F 5D0076F2 BF5CA2
  quit
!
! 
!
crypto isakmp policy 10
!
crypto isakmp policy 20
 authentication pre-share
crypto isakmp key isakmpkey address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set DMVPN-TR esp-des 
 mode transport
!
!
crypto ipsec profile DMVPN
 set transform-set DMVPN-TR 
!
!
!
interface Tunnel0
 ip address 10.10.10.3 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication nhrppass
 ip nhrp map 10.10.10.1 192.168.1.1
 ip nhrp map multicast 192.168.1.1
 ip nhrp network-id 999
 ip nhrp nhs 10.10.10.1
 ip nhrp cache non-authoritative
 ip ospf network broadcast
 ip ospf hello-interval 30
 ip ospf priority 0
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 999
 tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
 ip address 192.168.3.3 255.255.255.0
 duplex full
!
interface FastEthernet1/0
 ip address 10.1.3.3 255.255.255.0
 duplex full
!
router eigrp 1
 network 10.1.3.0 0.0.0.255
 network 10.10.10.0 0.0.0.255
 no auto-summary
!
router ospf 1
 log-adjacency-changes
 network 10.1.3.0 0.0.0.255 area 3
 network 10.10.10.0 0.0.0.255 area 0
!
ip route 192.168.1.0 255.255.255.0 192.168.3.2
ip route 192.168.5.0 255.255.255.0 192.168.3.2
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end

[править] qua4 

qua4# sh run
Building configuration...

Current configuration:
!
hostname qua4
!
debug ospf6 lsa unknown
!
password quagga
enable password cisco
!
interface eth0
 ip address 10.1.3.4/24
 ipv6 nd suppress-ra
!
interface lo
!
interface sit0
 ipv6 nd suppress-ra
!
ip route 0.0.0.0/0 10.1.3.3
!
ip forwarding
!
line vty
!

[править] dyn5 

dyn5#sh run
Building configuration...

Current configuration : 4486 bytes
!
! Last configuration change at 23:01:02 UTC Fri Feb 27 2009
! NVRAM config last updated at 23:01:03 UTC Fri Feb 27 2009
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dyn5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
no ip domain lookup
ip domain name xgu.ru
ip host dyn1 192.168.1.1
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki trustpoint dyn1
 enrollment url http://dyn1:80
 revocation-check crl
!
!
!
!
crypto pki certificate chain dyn1
 certificate 03
  308201F0 30820159 A0030201 02020103 300D0609 2A864886 F70D0101 04050030 
  0F310D30 0B060355 04031304 64796E31 301E170D 30393032 32373232 35323032 
  5A170D31 30303232 37323235 3230325A 301C311A 30180609 2A864886 F70D0109 
  02160B64 796E352E 7867752E 72753081 9F300D06 092A8648 86F70D01 01010500 
  03818D00 30818902 818100B2 5B009C5C 96CE1EC6 50277830 567B7A7E D2E708C9 
  08D76929 FEBBEF08 CAB21B0B 1608D6F4 E95E4289 B982C020 4CE04C0C 98D529D6 
  194B0E43 EA66C3D2 D4DA1C91 137F3E0D 0A82C6A1 C3E35FF7 5835F8C2 AB4F6041 
  1C795126 E5624959 14125BFD 5F8B0D23 86F89692 8665B1EA 155267DC 597E3BBD 
  D09767B1 94DCA421 6604ED02 03010001 A34F304D 300B0603 551D0F04 04030205 
  A0301F06 03551D23 04183016 8014316E 929C655E 5081B8C7 28E0967B 271B2D34 
  DA9E301D 0603551D 0E041604 144898BD AAA7C3C3 7AF48494 F40A655A 7164F361 
  6E300D06 092A8648 86F70D01 01040500 03818100 91A1FD53 C06730AE D5265C09 
  C8B00F77 4F404E0A BA40FD59 1E337390 4597F3E8 3E9537B1 64030C48 4373EB95 
  EF0E7364 9E4E0DFE 9D9E40E7 B261C899 6A71EAD4 3C3478BA 6C7FC386 F80BE286 
  CF5A9013 E5CF37BC A3B228E1 D1C67B35 EAF9EF69 40E79C95 7DC25C3A E5C1E4A7 
  63CD2727 3820B8DF B5675215 D41BFD8C A34392C7
  quit
 certificate ca 01
  308201F7 30820160 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  0F310D30 0B060355 04031304 64796E31 301E170D 30393032 32373232 34353534 
  5A170D31 32303232 37323234 3535345A 300F310D 300B0603 55040313 0464796E 
  3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C2F6 
  FAC39C79 1F083E69 F2952D2E 9B0B439E 9970825F 2B8B69E5 104264F9 B6712BE1 
  DBDBDC5D 38D13DF3 9B9ADE18 53EDA6D5 F50F5958 B5BC485E 03B4A958 F53C1B2F 
  64149E25 4552E596 BC87D9C2 04F9B0F2 5158ED70 6A8E9600 9D99716B 991D9DE5 
  65C7CAEF B48FEE1B E37B0E48 A4784731 D7B70BE9 1E264E66 A1AF6EDE 433F0203 
  010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D0F01 
  01FF0404 03020186 301F0603 551D2304 18301680 14316E92 9C655E50 81B8C728 
  E0967B27 1B2D34DA 9E301D06 03551D0E 04160414 316E929C 655E5081 B8C728E0 
  967B271B 2D34DA9E 300D0609 2A864886 F70D0101 04050003 8181005E 77BD000F 
  8AF70F5E 5B1BF974 754BBCD8 548494FE AC7EE542 A1F60A15 2FD74C84 01EC7C5D 
  1F4361B9 109A154F 208CE0A7 B53F6BAC D8D35C71 F5319EA1 60083F1C 60E65441 
  9D752A26 BB90F676 7E9F0F2A 9B0FE3C8 C254AFD5 7A055242 E856D93E 5CE9D5E4 
  0E2722D3 46540D03 F69688C6 FDC4EDE2 F138818F 5D0076F2 BF5CA2
  quit
!
! 
!
crypto isakmp policy 10
!
crypto isakmp policy 20
 authentication pre-share
crypto isakmp key isakmpkey address 0.0.0.0 0.0.0.0
!
!         
crypto ipsec transform-set DMVPN-TR esp-des 
 mode transport
!
!
crypto ipsec profile DMVPN
 set transform-set DMVPN-TR 
!
!
!
interface Tunnel0
 ip address 10.10.10.5 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication nhrppass
 ip nhrp map 10.10.10.1 192.168.1.1
 ip nhrp map multicast 192.168.1.1
 ip nhrp network-id 999
 ip nhrp nhs 10.10.10.1
 ip nhrp cache non-authoritative
 ip ospf network broadcast
 ip ospf hello-interval 30
 ip ospf priority 0
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 999
 tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
 ip address 192.168.5.5 255.255.255.0
 duplex full
!
interface FastEthernet1/0
 ip address 10.1.5.5 255.255.255.0
 duplex full
!
router eigrp 1
 network 10.1.5.0 0.0.0.255
 network 10.10.10.0 0.0.0.255
 no auto-summary
!
router ospf 1
 log-adjacency-changes
 network 10.1.5.0 0.0.0.255 area 5
 network 10.10.10.0 0.0.0.255 area 0
!
ip route 192.168.1.0 255.255.255.0 192.168.5.2
ip route 192.168.3.0 255.255.255.0 192.168.5.2
no ip http server
no ip http secure-server
!
!
logging alarm informational
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end

[править] qua6 

qua6# sh run
Building configuration...

Current configuration:
!
hostname qua6
!
debug ospf6 lsa unknown
!
interface eh0
 ipv6 nd suppress-ra
!
interface eth0
 ip address 10.1.5.6/24
 no ipv6 nd suppress-ra
!
interface lo
!
interface sit0
 ipv6 nd suppress-ra
!
interface eth1
!
ip route 0.0.0.0/0 10.1.5.5
!
ip forwarding
!
line vty
!

[править] qua7 

qua7# sh run
Building configuration...

Current configuration:
!
hostname qua7
!
debug ospf6 lsa unknown
!
interface eth0
 ip address 10.1.1.7/24
 ipv6 nd suppress-ra
!
interface eth1
 ipv6 nd suppress-ra
!
interface lo
!
interface sit0
 ipv6 nd suppress-ra
!
ip route 0.0.0.0/0 10.1.1.1
!
ip forwarding
!
line vty
!
Источник — «http://xgu.ru/wiki/dmvpn/config»