426 MDS Orbit MCR/ECR Technical Manual MDS 05-6632A01, Rev. F
PKI. That is, there are 3 CAs- Root CA->Sub CA-1->Sub CA-2. The Orbit client certificate is issued by
Sub CA-2.
Orbit
(Spoke)
Cisco IOS
LAN
10.0.2.0/24
LAN
10.0.1.0/24
Customer
Network/
Internet
Cellular network
GRE Tunnels protected
by transport-mode IPsec
connections.
Orbit
(Spoke)
10.0.3.0/24
Cell/WAN IP:
172.18.175.135
GRE Tunnel IP: 172.16.0.2
Cell/WAN IP:
172.18.175.138
GRE Tunnel IP: 172.16.0.3
WAN IP: 172.18.175.45
GRE Tunnel IP: 172.16.0.1
DMVPN Tunnel Subnet
172.16.0.0/24
In example below, we disable default route over Cell and instead setup BGP dynamic routing that
advertises the local LAN network to the IOS router and received default route over the GRE tunnel form
IOS router.
Orbit 12.2.1
12.2.1.1 Configuration
# NTP configuration
set system ntp use-ntp true
set system ntp ntp-server 172.18.175.62
# Bridge/LAN interface configuration
set interfaces interface Bridge type bridge
set interfaces interface Bridge ipv4 address 10.0.3.0 prefix-length 24
set interfaces interface Bridge filter input IN_TRUSTED
set interfaces interface Bridge filter output OUT_TRUSTED
set interfaces interface Bridge bridge-settings members port ETH1
set interfaces interface Bridge bridge-settings members port ETH2
# Cell interface configuration
To Next Page
Loading...
Need help?
General
