风之韵 2007-12-15 16:59
Redundancy VPDN With HSRP Solution
[img]http://www.one-tom.com/bbs/download/file.php?id=129[/img]
vpdn冗余其中一个方式是指定多个 initiate-to ip 到多个LNS,还有一种就是基于HSRP的LNS
为了加快收敛可以考虑调整HSRP timer
可以自由组合以下套餐:
* ipsec over vpdn(pppoe)
* vpdn over ipsec
* vpdn inject into mpls-vpn
* vpdn with ipsec inject into mpls-vpn
* ipsec over vpdn inject into mpls-vpn
配置如下:
VPDN-Client#sh running-config
Building configuration...
Current configuration : 1407 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPDN-Client
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip cef
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
speed auto
half-duplex
pppoe enable
pppoe-client dial-pool-number 2
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 2
no peer neighbor-route
ppp chap hostname [email=cisco@cisco.com][color=#0000ff]cisco@cisco.com[/color][/email]
ppp chap password 0 cisco
!
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
line con 0
line aux 0
line vty 0 4
!
!
end
----------------------------------------------------------
LAC#sh run
Building configuration...
Current configuration : 1864 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LAC
!
logging queue-limit 100
!
aaa new-model
!
!
aaa authentication login PPPOE none
aaa authentication ppp default none
aaa authentication ppp PPPOE none
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group pppoe
accept-dialin
protocol pppoe
virtual-template 1
!
vpdn-group vpdn
request-dialin
protocol l2tp
domain cisco.com
initiate-to ip 10.10.23.100
local name LAC
no l2tp tunnel authentication
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no shutdown
pppoe enable
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 10.10.23.2 255.255.255.0
!
interface Virtual-Template1
no ip address
ppp authentication chap PPPOE
!
router rip
version 2
passive-interface Loopback0
network 2.0.0.0
network 10.0.0.0
no auto-summary
!
ip classless
!
line con 0
password cisco
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
-------------------------------------------------------
LNS_SERVER#sh running-config
Building configuration...
Current configuration : 2140 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LNS_SERVER
!
logging queue-limit 100
!
username CCIE password 0 CCIE
username [email=cisco@cisco.com][color=#0000ff]cisco@cisco.com[/color][/email] password 0 cisco
aaa new-model
!
!
aaa authentication login default none
aaa authentication login PPPOE local
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
vpdn-group vpdn
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
local name LNS_SERVER
no l2tp tunnel authentication
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no shutdown
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 10.10.23.3 255.255.255.0
standby 1 ip 10.10.23.100
standby 1 priority 150
standby 1 preempt
!
interface Virtual-Template1
ip address 10.10.123.2 255.255.255.0
no peer neighbor-route
peer default ip address pool pppoepool
ppp authentication chap callin PPPOE
!
router rip
version 2
passive-interface Loopback0
network 3.0.0.0
network 10.0.0.0
no auto-summary
!
ip local pool pppoepool 10.10.123.10 10.10.123.20
!
line con 0
password cisco
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
-------------------------------------------------------------------------
LNS_SERVER#sh running-config
Building configuration...
Current configuration : 2295 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LNS_SERVER
!
logging queue-limit 100
!
username CCIE password 0 CCIE
username [email=cisco@cisco.com][color=#0000ff]cisco@cisco.com[/color][/email] password 0 cisco
aaa new-model
!
!
aaa authentication login default none
aaa authentication login PPPOE local
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
vpdn-group vpdn
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
local name LNS_SERVER
no l2tp tunnel authentication
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
no shutdown
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 10.10.23.4 255.255.255.0
standby 1 ip 10.10.23.100
standby 1 priority 90
standby 1 preempt
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
half-duplex
!
interface Virtual-Template1
ip address 10.10.123.2 255.255.255.0
no peer neighbor-route
peer default ip address pool pppoepool
ppp authentication chap callin PPPOE
crypto map cisco
!
router rip
version 2
passive-interface Loopback0
network 3.0.0.0
network 4.0.0.0
network 10.0.0.0
no auto-summary
!
ip local pool pppoepool 10.10.123.10 10.10.123.20
!
line con 0
password cisco
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
