1、实验拓扑图
2、实验目的
ce1与ce2通过hub-ce实现互访
3、实验配置
CE1:
<ce1>display current-configuration
[V200R003C00]
#
sysname ce1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 192.168.1.1 255.255.255.0
#
bgp 65001
peer 10.1.1.2 as-number 7
peer 10.1.1.2 ebgp-max-hop 2
peer 10.1.1.2 connect-interface GigabitEthernet0/0/0
#
ipv4-family unicast
undo synchronization
network 192.168.1.0
peer 10.1.1.2 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<ce1>
CE2:
<ce2>display current-configuration
[V200R003C00]
#
sysname ce2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 192.168.2.1 255.255.255.0
#
bgp 65001
peer 20.1.1.2 as-number 7
peer 20.1.1.2 ebgp-max-hop 2
peer 20.1.1.2 connect-interface GigabitEthernet0/0/0
#
ipv4-family unicast
undo synchronization
network 192.168.2.0
peer 20.1.1.2 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<ce2>
PE1:
<pe1>display current-configuration
[V200R003C00]
#
sysname pe1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance VPNA
ipv4-family
route-distinguisher 1:2
vpn-target 7:65001 export-extcommunity
vpn-target 65001:7 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0010.0100.1001.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip binding vpn-instance VPNA
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 30.1.1.1 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 100
#
bgp 7
peer 4.4.4.4 as-number 7
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance VPNA
peer 10.1.1.1 as-number 65001
peer 10.1.1.1 ebgp-max-hop 2
peer 10.1.1.1 connect-interface GigabitEthernet0/0/0
peer 10.1.1.1 substitute-as
#
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<pe1>
PE2:
<pe2>display current-configuration
[V200R003C00]
#
sysname pe2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance VPNA
ipv4-family
route-distinguisher 2:2
vpn-target 7:65001 export-extcommunity
vpn-target 65001:7 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0020.0200.2002.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip binding vpn-instance VPNA
ip address 20.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 40.1.1.1 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 100
#
bgp 7
peer 4.4.4.4 as-number 7
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance VPNA
peer 20.1.1.1 as-number 65001
peer 20.1.1.1 ebgp-max-hop 2
peer 20.1.1.1 connect-interface GigabitEthernet0/0/0
peer 20.1.1.1 substitute-as
#
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<pe2>
P:
<p>display current-configuration
[V200R003C00]
#
sysname p
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0050.0500.5005.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 30.1.1.2 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 40.1.1.2 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 50.1.1.1 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<p>
HUB-PE:
<hub-pe>display current-configuration
[V200R003C00]
#
sysname hub-pe
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance VPNIN
ipv4-family
route-distinguisher 6:7
vpn-target 7:65001 import-extcommunity
#
ip vpn-instance VPNOUT
ipv4-family
route-distinguisher 7:6
vpn-target 65001:7 export-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0001.0040.0400.4004.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 50.1.1.2 255.255.255.0
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance VPNIN
ip address 60.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance VPNOUT
ip address 70.1.1.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 100
#
bgp 7
peer 1.1.1.1 as-number 7
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 7
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
peer 2.2.2.2 enable
#
ipv4-family vpn-instance VPNIN
peer 60.1.1.1 as-number 65001
peer 60.1.1.1 ebgp-max-hop 2
peer 60.1.1.1 connect-interface GigabitEthernet0/0/1
peer 60.1.1.1 substitute-as#启用 AS 号码替换功能,令 PE 使用本地 AS 号码替换收到的私网路由中 CE 所在 VPN 站点的 AS 号码
#
ipv4-family vpn-instance VPNOUT
peer 70.1.1.1 as-number 65001
peer 70.1.1.1 ebgp-max-hop 2
peer 70.1.1.1 connect-interface GigabitEthernet0/0/2
peer 70.1.1.1 substitute-as#启用 AS 号码替换功能,令 PE 使用本地 AS 号码替换收到的私网路由中 CE 所在 VPN 站点的 AS 号码
peer 70.1.1.1 allow-as-loop 2 #允许本地 AS 号码重复 2 次
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<hub-pe>
HUB-CE:
<hub-ce>display current-configuration
[V200R003C00]
#
sysname hub-ce
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 60.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 70.1.1.1 255.255.255.0
#
interface NULL0
#
bgp 65001
peer 60.1.1.2 as-number 7
peer 60.1.1.2 ebgp-max-hop 2
peer 60.1.1.2 connect-interface GigabitEthernet0/0/1
peer 70.1.1.2 as-number 7
peer 70.1.1.2 ebgp-max-hop 2
peer 70.1.1.2 connect-interface GigabitEthernet0/0/2
#
ipv4-family unicast
undo synchronization
peer 60.1.1.2 enable
peer 70.1.1.2 enable
#
user-interface con 0
authentication-mode password
idle-timeout 0 0
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<hub-ce>