DMVPN Lab 5 Implement VRF
Previous Next
Download Lab: EVE-NG
Image needed: Cisco IOSv
Description:
In this lab, you will modify DMVPN configurations to implement VRF in the topology, you need to understand the reason behind this project, VRF will partition the global routing table into multiple routing tables. The global routing table will still carry information for ISP connectivities, while VRF instance will have DMVPN routes in it, the reason for doing this is simple, currently, in global routing tables across all DMVPN routers, you have statically configured default routes pointing to ISP over which DMPVPN routers establish GRE multipoint tunnel connections, but what if LAN networks of the spokes need to access the internet, which is not going to be current ISP, connecting routers in DMVPN topology but HQ router using different ISP connection, in this case, spokes routers will use current static default routes pointing to current ISP and not to HQ router even though HQ router will advertise default route over OSPF, due to the higher AD of OSPF, spoke routers will choose statically configured default route, leading all traffic distant for the Internet to the current ISP where traffic will be dropped because ISP does not accept packets with private IP addresses. Your goal is to direct traffic from spokes LAN distant to the Internet through HQ router by using VRF and NAT. Lab details included within the .unl file.
Topology:
Task1: Configure ISP1:
Task2: Configure the HQ router:
Download Lab: EVE-NG
Image needed: Cisco IOSv
Description:
In this lab, you will modify DMVPN configurations to implement VRF in the topology, you need to understand the reason behind this project, VRF will partition the global routing table into multiple routing tables. The global routing table will still carry information for ISP connectivities, while VRF instance will have DMVPN routes in it, the reason for doing this is simple, currently, in global routing tables across all DMVPN routers, you have statically configured default routes pointing to ISP over which DMPVPN routers establish GRE multipoint tunnel connections, but what if LAN networks of the spokes need to access the internet, which is not going to be current ISP, connecting routers in DMVPN topology but HQ router using different ISP connection, in this case, spokes routers will use current static default routes pointing to current ISP and not to HQ router even though HQ router will advertise default route over OSPF, due to the higher AD of OSPF, spoke routers will choose statically configured default route, leading all traffic distant for the Internet to the current ISP where traffic will be dropped because ISP does not accept packets with private IP addresses. Your goal is to direct traffic from spokes LAN distant to the Internet through HQ router by using VRF and NAT. Lab details included within the .unl file.
Topology:
Task1: Configure ISP1:
Step1: Configure hostname of ISP1
Step2: Assign IP address of 209.65.200.1 /30 to ISP1's interface G0/0
Step3: Use the loopback0 interface to imitate a public IP address. Use 209.65.200.241/32.
Step4: Save configurations.
Step2: Assign IP address of 209.65.200.1 /30 to ISP1's interface G0/0
Step3: Use the loopback0 interface to imitate a public IP address. Use 209.65.200.241/32.
Step4: Save configurations.
Task2: Configure the HQ router:
Step1: Create vrf instance DMVPN
Step2: Configure interface G0/2, assign this interface to vrf DMVPN, give the ip address of 209.65.200.2/30, and enable nat outside.
Step3: Configure interface G0/1, assign this interface to vrf DMVPN, give the ip address of 172.16.0.1/24, and enable nat inside.
Step4: Configure interface Tunnel0, assign this interface to vrf DMVPN, give ip address fo 10.0.0.1/24, and enable nat inside.
Step5: Configure an ACL for NAT, include all networks that need to be translated.
Step6: Configure NAT overload.
Step7: Remove the RIPv2 protocol for the global routing table.
Step8: Configure the OSPF protocol for vrf DMVPN and advertise default-route with OSPF.
Step9: Save configurations.
okes
Task3: Configure spokes:
Step1: Create vrf instance DMVPN
Step2: Put interface g0/1 and Tunnel1 into vrf DMVPN and reassign IP addresses.
Step3: Remove RIPv2 protocol for the global routing table.
Step4: Configure OSPF protocol for vrf DMVPN
Step5: Save configurations.
Step6: Verify Connectivity and vrf DMVPN routing table.
Command reference:
Configuration:
HQ(config)# vrf definition DMVPN
HQ(config-vrf)# address-family ipv4
!
HO(config)# router ospf 10 vrf DMVPN
HQ(config-router)# network 10.0.0.0 0.0.0.255 area 0
HQ(config-router)# network 172.16.0.0 0.0.0.255 area 0
!
HQ(config)# interface Tunnel0
HQ(config-if)# vrf forwarding DMVPN
HQ(config-if)# ip address 10.0.0.1 255.255.255.0
HQ(config-if)# ip ospf network broadcast
HQ(config-if)# ip ospf priority 200
Verification:
HQ# show vrf
HQ# show ip route vrf DMVPN ospf
Step2: Configure interface G0/2, assign this interface to vrf DMVPN, give the ip address of 209.65.200.2/30, and enable nat outside.
Step3: Configure interface G0/1, assign this interface to vrf DMVPN, give the ip address of 172.16.0.1/24, and enable nat inside.
Step4: Configure interface Tunnel0, assign this interface to vrf DMVPN, give ip address fo 10.0.0.1/24, and enable nat inside.
Step5: Configure an ACL for NAT, include all networks that need to be translated.
Step6: Configure NAT overload.
Step7: Remove the RIPv2 protocol for the global routing table.
Step8: Configure the OSPF protocol for vrf DMVPN and advertise default-route with OSPF.
Step9: Save configurations.
okes
Task3: Configure spokes:
Step1: Create vrf instance DMVPN
Step2: Put interface g0/1 and Tunnel1 into vrf DMVPN and reassign IP addresses.
Step3: Remove RIPv2 protocol for the global routing table.
Step4: Configure OSPF protocol for vrf DMVPN
Step5: Save configurations.
Step6: Verify Connectivity and vrf DMVPN routing table.
Command reference:
Configuration:
HQ(config)# vrf definition DMVPN
HQ(config-vrf)# address-family ipv4
!
HO(config)# router ospf 10 vrf DMVPN
HQ(config-router)# network 10.0.0.0 0.0.0.255 area 0
HQ(config-router)# network 172.16.0.0 0.0.0.255 area 0
!
HQ(config)# interface Tunnel0
HQ(config-if)# vrf forwarding DMVPN
HQ(config-if)# ip address 10.0.0.1 255.255.255.0
HQ(config-if)# ip ospf network broadcast
HQ(config-if)# ip ospf priority 200
Verification:
HQ# show vrf
HQ# show ip route vrf DMVPN ospf
Comments
Post a Comment