华为设备配置本地VPN互访

华为设备配置本地VPN互访

1. 配置IP地址

[PE1-GigabitEthernet0/0/0]ip add 12.1.1.1 24

[PE1-GigabitEthernet0/0/1]ip add 10.1.1.1 24

[PE1-GigabitEthernet0/0/2]ip add 20.1.1.1 24

[CE1-GigabitEthernet0/0/0]ip add 10.1.1.10 24

[PE1-LoopBack0]ip add 1.1.1.1 32

[CE2-GigabitEthernet0/0/0]ip add 20.1.1.20 24

[PE2-GigabitEthernet0/0/0]ip add 12.1.1.2 24

[PE2-GigabitEthernet0/0/1]ip add 30.1.1.2 24

[PE2-GigabitEthernet0/0/2]ip add 40.1.1.2 24

[PE2-LoopBack0]ip add 2.2.2.2 32

[CE3-GigabitEthernet0/0/0]ip add 30.1.1.30 24

[CE4-GigabitEthernet0/0/0]ip add 40.1.1.40 24

2. 在PE设备上配置VPN实例，将CE接入PE

[PE1]ip vpn-instance vpna

[PE1-vpn-instance-vpna]ipv4-family

[PE1-vpn-instance-vpna-af-ipv4]route-distinguisher 100:1

[PE1-vpn-instance-vpna-af-ipv4]vpn-target 111:1 export-extcommunity

[PE1-vpn-instance-vpna-af-ipv4]vpn-target 111:1 222:2 import-extcommunity

[PE1]ip vpn-instance vpnb

[PE1-vpn-instance-vpnb]route-distinguisher 100:2

[PE1-vpn-instance-vpnb-af-ipv4]vpn-target 222:2 export-extcommunity

[PE1-vpn-instance-vpnb-af-ipv4]vpn-target 111:1 222:2 import-extcommunity

[PE1-GigabitEthernet0/0/1]ip binding vpn-instance vpna

[PE1-GigabitEthernet0/0/1]ip add 10.1.1.1 24

[PE1-GigabitEthernet0/0/2]ip binding vpn-instance vpnb

[PE1-GigabitEthernet0/0/2]ip add 20.1.1.1 24

[PE2]ip vpn-instance vpna

[PE2-vpn-instance-vpna]ipv4-family

[PE2-vpn-instance-vpna]route-distinguisher 100:1

[PE2-vpn-instance-vpna-af-ipv4]vpn-target 111:1 both

[PE2]ip vpn-instance vpnb

[PE2-vpn-instance-vpnb]ipv4-family

[PE2-vpn-instance-vpnb-af-ipv4]route-distinguisher 100:2

[PE2-vpn-instance-vpnb-af-ipv4]vpn-target 222:2 both

[PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpna

[PE2-GigabitEthernet0/0/1]ip add 30.1.1.2 24

[PE2-GigabitEthernet0/0/2]ip binding vpn-instance vpnb

[PE2-GigabitEthernet0/0/2]ip add 40.1.1.2 24

3. 配置BGP，将到本地CE的直连路由引入VPN路由表

[PE1]bgp 100

[PE1-bgp]ipv4-family vpn-instance vpna

[PE1-bgp-vpna]import-route direct

[PE1-bgp]ipv4-family vpn-instance vpnb

[PE1-bgp-vpnb]import-route direct

[PE2]bgp 100

[PE2-bgp]ipv4-family vpn-instance vpna

[PE2-bgp-vpna]import-route direct

[PE2-bgp]ipv4-family vpn-instance vpnb

[PE2-bgp-vpnb]import-route direct

4. 配置CE上的静态路由

[CE1]ip route-static 0.0.0.0 0.0.0.0 10.1.1.1

[CE2]ip route-static 0.0.0.0 0.0.0.0 20.1.1.1

[CE3]ip route-static 0.0.0.0 0.0.0.0 30.1.1.2

[CE4]ip route-static 0.0.0.0 0.0.0.0 40.1.1.2

5. 配置PE之间OSPF

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[PE2]ospf 1

[PE2-ospf-1]area 0

[PE2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0]network 40.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

6. 配置PE的MPLS基本能力和MPLS LDP，建立LDP LSP

[PE1]mpls lsr-id 1.1.1.1

[PE1]mpls

[PE1]mpls ldp

[PE1-GigabitEthernet0/0/0]mpls

[PE1-GigabitEthernet0/0/0]mpls ldp

[PE2]mpls lsr-id 2.2.2.2

[PE2]mpls

[PE2]mpls ldp

[PE2-GigabitEthernet0/0/0]mpls

[PE2-GigabitEthernet0/0/0]mpls ldp

7. 在PE之间建立MP-IBGP对等体关系

[PE1]bgp 100

[PE1-bgp]peer 2.2.2.2 as-number 100

[PE1-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[PE1-bgp]ipv4-family vpnv4

[PE1-bgp-af-vpnv4]peer 2.2.2.2 enable

[PE2]bgp 100

[PE2-bgp]peer 1.1.1.1 as-number 100

[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0

[PE2-bgp]ipv4-family vpnv4

[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable

8. 检查配置

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。