当前位置:网站首页>Huawei equipment is configured to access the virtual private network through GRE tunnel

Huawei equipment is configured to access the virtual private network through GRE tunnel

2022-06-11 04:51:00 Tony_ long7483

Insert picture description here

  1. Configure each interface IP Address
    [CE3-GigabitEthernet0/0/0]ip add 20.1.1.1 24
    [CE3-GigabitEthernet0/0/1]ip add 10.1.1.1 24
    [CE1-GigabitEthernet0/0/0]ip add 20.1.1.2 24
    [CE1-GigabitEthernet0/0/1]ip add 30.1.1.2 24
    [PE1-GigabitEthernet0/0/0]ip add 30.1.1.3 24
    [PE1-GigabitEthernet0/0/1]ip add 40.1.1.3 24
    [PE1-LoopBack0]ip add 3.3.3.3 32
    [PE2-GigabitEthernet0/0/0]ip add 40.1.1.4 24
    [PE2-GigabitEthernet0/0/1]ip add 50.1.1.4 24
    [PE2-LoopBack0]ip add 4.4.4.4 32
    [CE2-GigabitEthernet0/0/0]ip add 50.1.1.5 24
    [CE2-GigabitEthernet0/0/1]ip add 10.2.1.5 24
  2. To configure PE Routing and MPLS: Can make MPLS LDP, And use the process as 10 Of OSPF route , send PE The inter route can reach , Auto build LSP
    [PE1]mpls lsr-id 3.3.3.3
    [PE1]mpls
    [PE1-mpls]lsp-trigger all
    [PE1]mpls ldp
    [PE1]ospf 10
    [PE1-ospf-10]area 0
    [PE1-ospf-10-area-0.0.0.0]network 3.3.3.3 0.0.0.0
    [PE1-ospf-10-area-0.0.0.0]network 40.1.1.0 0.0.0.255
    [PE1-GigabitEthernet0/0/1]mpls
    [PE1-GigabitEthernet0/0/1]mpls ldp
    [PE2]mpls lsr-id 4.4.4.4
    [PE2]mpls
    [PE2-mpls]lsp-trigger all
    [PE2]mpls ldp
    [PE2]ospf 10
    [PE2-ospf-10]area 0
    [PE2-ospf-10-area-0.0.0.0]network 4.4.4.4 0.0.0.0
    [PE2-ospf-10-area-0.0.0.0]network 40.1.1.0 0.0.0.255
    [PE2-GigabitEthernet0/0/0]mpls
    [PE2-GigabitEthernet0/0/0]mpls ldp
  3. stay PE1 establish VPN example vpn2 And with CE1 Interface binding
    [PE1]ip vpn-instance vpn2
    [PE1-vpn-instance-vpn2]route-distinguisher 100:2
    [PE1-vpn-instance-vpn2-af-ipv4]vpn-target 222:2 export-extcommunity
    [PE1-vpn-instance-vpn2-af-ipv4]vpn-target 222:2 import-extcommunity
    [PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpn2
    [PE1-GigabitEthernet0/0/0]ip add 30.1.1.3 24
  4. stay PE1 establish VPN example vpn1 And with GRE Tunnel binding
    [PE1]ip vpn-instance vpn1
    [PE1-vpn-instance-vpn1]route-distinguisher 100:1
    [PE1-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 export-extcommunity
    [PE1-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 import-extcommunity
    [PE1]int Tunnel 0/0/1
    [PE1-Tunnel0/0/1]ip binding vpn-instance vpn1
    [PE1-Tunnel0/0/1]ip add 2.2.2.2 24
  5. stay PE2 establish VPN example vpn1 And it is bound with the user side interface
    [PE2]ip vpn-instance vpn1
    [PE2-vpn-instance-vpn1]route-distinguisher 200:1
    [PE2-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 export-extcommunity
    [PE2-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 import-extcommunity
    [PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
    [PE2-GigabitEthernet0/0/1]ip add 50.1.1.4 24
  6. To configure GRE Of the tunnel Tunnel Interface
    [CE3]int Tunnel 0/0/1
    [CE3-Tunnel0/0/1]tunnel-protocol gre
    [CE3-Tunnel0/0/1]source 20.1.1.1
    [CE3-Tunnel0/0/1]destination 30.1.1.3
    [CE3-Tunnel0/0/1]ip add 2.2.2.1 24
    [PE1]int Tunnel 0/0/1
    [PE1-Tunnel0/0/1]tunnel-protocol gre
    [PE1-Tunnel0/0/1]source 30.1.1.3
    [PE1-Tunnel0/0/1]destination vpn-instance vpn2 20.1.1.1
  7. To configure CE3、CE1 and PE1 Routing protocol between
    [CE3]ospf 20
    [CE3-ospf-20]area 0
    [CE3-ospf-20-area-0.0.0.0]network 20.1.1.0 0.0.0.255
    [CE1]ospf 20
    [CE1-ospf-20]area 0
    [CE1-ospf-20-area-0.0.0.0]network 20.1.1.0 0.0.0.255
    [CE1-ospf-20-area-0.0.0.0]network 30.1.1.0 0.0.0.255
    [PE1]ospf 20 vpn-instance vpn2
    [PE1-ospf-20]area 0
    [PE1-ospf-20-area-0.0.0.0]network 30.1.1.0 0.0.0.255
  8. To configure CE3 And PE1 Between IS-IS route
    [CE3]isis 10
    [CE3-isis-10]network-entity 10.0000.0000.0001.00
    [CE3-GigabitEthernet0/0/0]isis enable 10
    [CE3]int Tunnel 0/0/1
    [CE3-Tunnel0/0/1]isis enable 10
    [PE1]isis 10 vpn-instance vpn1
    [PE1-isis-10]network-entity 10.0000.0000.0003.00
    [PE1]int Tunnel 0/0/1
    [PE1-Tunnel0/0/1]isis enable 10
  9. To configure CE2 And PE2 Between IS-IS route
    [CE2]isis 10
    [CE2-isis-10]network-entity 10.0000.0000.0005.00
    [CE2-GigabitEthernet0/0/0]isis enable 10
    [CE2-GigabitEthernet0/0/1]isis enable 10
    [PE2]isis 10 vpn-instance vpn1
    [PE2-isis-10]network-entity 10.0000.0000.0004.00
    [PE2-GigabitEthernet0/0/1]isis enable 10
  10. stay PE Establish between MP-IBGP peers
    [PE1]bgp 100
    [PE1-bgp]peer 4.4.4.4 as-number 100
    [PE1-bgp]peer 4.4.4.4 connect-interface LoopBack 0
    [PE1-bgp]ipv4-family vpnv4 // Start peer exchange VPN-IPv4 Routing information
    [PE1-bgp-af-vpnv4]peer 4.4.4.4 enable
    [PE1-bgp]ipv4-family vpn-instance vpn1 // Get into BGP Of vpn1 example
    [PE1-bgp-vpn1]import-route isis 10 // introduce IS-IS route
    [PE2]bgp 100
    [PE2-bgp]peer 3.3.3.3 as-number 100
    [PE2-bgp]peer 3.3.3.3 connect-interface LoopBack 0
    [PE2-bgp]ipv4-family vpnv4
    [PE2-bgp-af-vpnv4]peer 3.3.3.3 enable
    [PE2-bgp]ipv4-family vpn-instance vpn1
    [PE2-bgp-vpn1]import-route isis 10
  11. stay IS-IS Introduction in BGP route
    [PE1]isis 10
    [PE1-isis-10]import-route bgp
    [PE2]isis 10
    [PE2-isis-10]import-route bgp
  12. Check the configuration

Insert picture description here

原网站

版权声明
本文为[Tony_ long7483]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/162/202206110443263818.html

边栏推荐

猜你喜欢

随机推荐