Tweet
cac ban cho minh hỏi là minh cấu hình DMVNP 1 hub chính và 1 hub dự phòng.mình đã chạy được phase 2 tức là spoke to spoke ,nhưng khj mình tắt HUb chính để chạy Hub dự phòng thì 'sh ip nhrp' nó ra thế này
10.0.2.3/32, Tunnel1 created 00:00:03, expire 00:03:01
Type: incomplete, Flags: negative
Cache hits: 2
mà không phải là :
type :dynamic
các bạn giúp mình với đang gấp lắm,hjxhjx
file cau hinh cua minh ne :
Hub_1:(CHINH)
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HUB_A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.0.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip nhrp holdtime 60
no ip split-horizon eigrp 100
delay 5
tunnel source Serial2/0.100
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
ip address 192.168.1.11 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.100 multipoint
ip address 172.16.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.36.1.1 102 broadcast
frame-relay map ip 172.46.1.1 103 broadcast
frame-relay interface-dlci 102
frame-relay interface-dlci 103
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
HUB_2 : (DU PHONG)
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HUB_B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel1
bandwidth 1000
ip address 10.0.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 456
ip nhrp holdtime 60
no ip split-horizon eigrp 100
delay 10
tunnel source Serial2/0.400
tunnel mode gre multipoint
tunnel key 456
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
ip address 192.168.1.44 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.400 multipoint
ip address 172.26.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.36.1.1 402 broadcast
frame-relay map ip 172.46.1.1 403 broadcast
frame-relay interface-dlci 402
frame-relay interface-dlci 403
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
SPOKE_1 :
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SPOKE_1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.0.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.1.1 172.16.1.1
ip nhrp map multicast 172.16.1.1
ip nhrp network-id 123
ip nhrp holdtime 60
ip nhrp nhs 10.0.1.1
delay 5
tunnel source Serial2/0.200
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
!
interface Tunnel1
bandwidth 1000
ip address 10.0.2.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.2.1 172.26.1.1
ip nhrp map multicast 172.26.1.1
ip nhrp network-id 456
ip nhrp holdtime 60
ip nhrp nhs 10.0.2.1
delay 10
tunnel source Serial2/0.200
tunnel mode gre multipoint
tunnel key 456
tunnel protection ipsec profile DMVPN shared
!
interface FastEthernet0/0
ip address 192.168.2.22 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.200 multipoint
ip address 172.36.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.26.1.1 204 broadcast
frame-relay map ip 172.46.1.1 201 broadcast
frame-relay map ip 172.16.1.1 201 broadcast
frame-relay interface-dlci 201
frame-relay interface-dlci 204
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.2.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
SPOKE_2 :
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SPOKE_2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.0.1.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.1.1 172.16.1.1
ip nhrp map multicast 172.16.1.1
ip nhrp network-id 123
ip nhrp holdtime 60
ip nhrp nhs 10.0.1.1
delay 5
tunnel source Serial2/0.300
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
!
interface Tunnel1
bandwidth 1000
ip address 10.0.2.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.2.1 172.26.1.1
ip nhrp map multicast 172.26.1.1
ip nhrp network-id 456
ip nhrp holdtime 60
ip nhrp nhs 10.0.2.1
delay 10
tunnel source Serial2/0.300
tunnel mode gre multipoint
tunnel key 456
tunnel protection ipsec profile DMVPN shared
!
interface FastEthernet0/0
ip address 192.168.3.33 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.300 multipoint
ip address 172.46.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.26.1.1 304 broadcast
frame-relay map ip 172.36.1.1 301 broadcast
frame-relay map ip 172.16.1.1 301 broadcast
frame-relay interface-dlci 301
frame-relay interface-dlci 304
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.3.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
10.0.2.3/32, Tunnel1 created 00:00:03, expire 00:03:01
Type: incomplete, Flags: negative
Cache hits: 2
mà không phải là :
type :dynamic
các bạn giúp mình với đang gấp lắm,hjxhjx
file cau hinh cua minh ne :
Hub_1:(CHINH)
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HUB_A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.0.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip nhrp holdtime 60
no ip split-horizon eigrp 100
delay 5
tunnel source Serial2/0.100
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
ip address 192.168.1.11 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.100 multipoint
ip address 172.16.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.36.1.1 102 broadcast
frame-relay map ip 172.46.1.1 103 broadcast
frame-relay interface-dlci 102
frame-relay interface-dlci 103
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
HUB_2 : (DU PHONG)
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HUB_B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel1
bandwidth 1000
ip address 10.0.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp network-id 456
ip nhrp holdtime 60
no ip split-horizon eigrp 100
delay 10
tunnel source Serial2/0.400
tunnel mode gre multipoint
tunnel key 456
tunnel protection ipsec profile DMVPN
!
interface FastEthernet0/0
ip address 192.168.1.44 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.400 multipoint
ip address 172.26.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.36.1.1 402 broadcast
frame-relay map ip 172.46.1.1 403 broadcast
frame-relay interface-dlci 402
frame-relay interface-dlci 403
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
SPOKE_1 :
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SPOKE_1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.0.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.1.1 172.16.1.1
ip nhrp map multicast 172.16.1.1
ip nhrp network-id 123
ip nhrp holdtime 60
ip nhrp nhs 10.0.1.1
delay 5
tunnel source Serial2/0.200
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
!
interface Tunnel1
bandwidth 1000
ip address 10.0.2.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.2.1 172.26.1.1
ip nhrp map multicast 172.26.1.1
ip nhrp network-id 456
ip nhrp holdtime 60
ip nhrp nhs 10.0.2.1
delay 10
tunnel source Serial2/0.200
tunnel mode gre multipoint
tunnel key 456
tunnel protection ipsec profile DMVPN shared
!
interface FastEthernet0/0
ip address 192.168.2.22 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.200 multipoint
ip address 172.36.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.26.1.1 204 broadcast
frame-relay map ip 172.46.1.1 201 broadcast
frame-relay map ip 172.16.1.1 201 broadcast
frame-relay interface-dlci 201
frame-relay interface-dlci 204
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.2.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
SPOKE_2 :
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SPOKE_2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpn_base esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set dmvpn_base
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.0.1.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.1.1 172.16.1.1
ip nhrp map multicast 172.16.1.1
ip nhrp network-id 123
ip nhrp holdtime 60
ip nhrp nhs 10.0.1.1
delay 5
tunnel source Serial2/0.300
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
!
interface Tunnel1
bandwidth 1000
ip address 10.0.2.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication test
ip nhrp map 10.0.2.1 172.26.1.1
ip nhrp map multicast 172.26.1.1
ip nhrp network-id 456
ip nhrp holdtime 60
ip nhrp nhs 10.0.2.1
delay 10
tunnel source Serial2/0.300
tunnel mode gre multipoint
tunnel key 456
tunnel protection ipsec profile DMVPN shared
!
interface FastEthernet0/0
ip address 192.168.3.33 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no dce-terminal-timing-enable
frame-relay lmi-type ansi
!
interface Serial2/0.300 multipoint
ip address 172.46.1.1 255.255.255.0
no arp frame-relay
frame-relay map ip 172.26.1.1 304 broadcast
frame-relay map ip 172.36.1.1 301 broadcast
frame-relay map ip 172.16.1.1 301 broadcast
frame-relay interface-dlci 301
frame-relay interface-dlci 304
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 100
network 10.0.0.0
network 192.168.3.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Comment