华为设备配置OptionA方式跨域VPN

原创

Tony7483 2022-06-10 20:23:05 ©著作权

文章标签 华为网络 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者Tony7483的原创作品，请联系作者获取转载授权，否则将追究法律责任

华为设备配置OptionA方式跨域VPN_华为

1. 配置接口IP地址

[ASBR-PE1-LoopBack0]ip add 1.1.1.1 32

[ASBR-PE1-GigabitEthernet0/0/0]ip add 12.1.1.1 24

[ASBR-PE1-GigabitEthernet0/0/1]ip add 20.1.1.1 24

[ASBR-PE2-LoopBack0]ip add 2.2.2.2 32

[ASBR-PE2-GigabitEthernet0/0/0]ip add 12.1.1.2 24

[ASBR-PE2-GigabitEthernet0/0/1]ip add 30.1.1.2 24

[PE1-LoopBack0]ip add 3.3.3.3 32

[PE1-GigabitEthernet0/0/0]ip add 20.1.1.3 24

[PE1-GigabitEthernet0/0/1]ip add 10.1.1.3 24

[PE2-LoopBack0]ip add 4.4.4.4 32

[PE2-GigabitEthernet0/0/0]ip add 30.1.1.4 24

[PE2-GigabitEthernet0/0/1]ip add 10.2.1.4 24

[CE1-GigabitEthernet0/0/0]ip add 10.1.1.5 24

[CE2-GigabitEthernet0/0/0]ip add 10.2.1.6 24

2. 在AS100和AS200的MPLS骨干网上分别配置OSPF协议，实现各自骨干网ASBR-PE和PE之间的互通

[ASBR-PE1]ospf 1

[ASBR-PE1-ospf-1]area 0

[ASBR-PE1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255

[ASBR-PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[ASBR-PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[ASBR-PE2]ospf 1

[ASBR-PE2-ospf-1]area 0

[ASBR-PE2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[ASBR-PE2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255

[ASBR-PE2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[PE2]ospf 1

[PE2-ospf-1]area 0

[PE2-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0

[PE2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255

3. 在AS100和AS200的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP，建立LDP LSP

[ASBR-PE1]mpls lsr-id 1.1.1.1

[ASBR-PE1]mpls

[ASBR-PE1-mpls]label advertise non-null

[ASBR-PE1]mpls ldp

[ASBR-PE1-GigabitEthernet0/0/1]mpls

[ASBR-PE1-GigabitEthernet0/0/1]mpls ldp

[ASBR-PE2]mpls lsr-id 2.2.2.2

[ASBR-PE2]mpls

[ASBR-PE2-mpls]label advertise non-null

[ASBR-PE2]mpls ldp

[ASBR-PE2-GigabitEthernet0/0/1]mpls

[ASBR-PE2-GigabitEthernet0/0/1]mpls ldp

[PE1]mpls lsr-id 3.3.3.3

[PE1]mpls

[PE1-mpls]label advertise non-null

[PE1]mpls ldp

[PE1-GigabitEthernet0/0/0]mpls

[PE1-GigabitEthernet0/0/0]mpls ldp

[PE2]mpls lsr-id 4.4.4.4

[PE2]mpls

[PE2-mpls]label advertise non-null

[PE2]mpls ldp

[PE2-GigabitEthernet0/0/0]mpls

[PE2-GigabitEthernet0/0/0]mpls ldp

华为设备配置OptionA方式跨域VPN_网络_02

华为设备配置OptionA方式跨域VPN_华为_03

4. PE与ASBR-PE之间建立MP-IBGP对等体关系，交换VPN路由信息

[ASBR-PE1]bgp 100

[ASBR-PE1-bgp]peer 3.3.3.3 as-number 100

[ASBR-PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0

[ASBR-PE1-bgp]ipv4-family vpnv4

[ASBR-PE1-bgp-af-vpnv4]peer 3.3.3.3 enable

[PE1]bgp 100

[PE1-bgp]peer 1.1.1.1 as-number 100

[PE1-bgp]peer 1.1.1.1 connect-interface LoopBack 0

[PE1-bgp]ipv4-family vpnv4

[PE1-bgp-af-vpnv4]peer 1.1.1.1 enable

[ASBR-PE2]bgp 200

[ASBR-PE2-bgp]peer 4.4.4.4 as-number 200

[ASBR-PE2-bgp]peer 4.4.4.4 connect-interface LoopBack 0

[ASBR-PE2-bgp]ipv4-family vpnv4

[ASBR-PE2-bgp-af-vpnv4]peer 4.4.4.4 enable

[PE2]bgp 200

[PE2-bgp]peer 2.2.2.2 as-number 200

[PE2-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[PE2-bgp]ipv4-family vpnv4

[PE2-bgp-af-vpnv4]peer 2.2.2.2 enable

5. 在PE设备上配置使能IPv4地址族的VPN实例，将CE接入PE

[PE1]ip vpn-instance vpn1

[PE1-vpn-instance-vpn1]ipv4-family

[PE1-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1

[PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both

[PE1-GigabitEthernet0/0/1]ip binding vpn-instance vpn1

[PE1-GigabitEthernet0/0/1]ip add 10.1.1.3 24

[PE2]ip vpn-instance vpn1

[PE2-vpn-instance-vpn1]ipv4-family

[PE2-vpn-instance-vpn1-af-ipv4]route-distinguisher 200:1

[PE2-vpn-instance-vpn1-af-ipv4]vpn-target 2:2 both

[PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpn1

[PE2-GigabitEthernet0/0/1]ip add 10.2.1.4 24

6. 配置PE与CE建立EBGP对等体关系，交换VPN路由

[CE1]bgp 65001

[CE1-bgp]peer 10.1.1.3 as-number 100

[CE1-bgp]import-route direct

[PE1]bgp 100

[PE1-bgp]ipv4-family vpn-instance vpn1

[PE1-bgp]peer 10.1.1.5 as-number 65001

[PE1-bgp]import-route direct

华为设备配置OptionA方式跨域VPN_华为_04

[CE2]bgp 65002

[CE2-bgp]peer 10.2.1.4 as-number 200

[CE2-bgp]import-route direct

[PE2]bgp 200

[PE2-bgp]ipv4-family vpn-instance vpn1

[PE2-bgp-vpn1]peer 10.2.1.6 as-number 65002

[PE2-bgp-vpn1]import-route direct

华为设备配置OptionA方式跨域VPN_华为_05

7. 配置OptionA方式的跨域VPN

[ASBR-PE1]ip vpn-instance vpn1

[ASBR-PE1-vpn-instance-vpn1]ipv4-family

[ASBR-PE1-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:2

[ASBR-PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both

[ASBR-PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpn1

[ASBR-PE1-GigabitEthernet0/0/0]ip add 12.1.1.1 24

[ASBR-PE2]ip vpn-instance vpn1

[ASBR-PE2-vpn-instance-vpn1]ipv4-family

[ASBR-PE2-vpn-instance-vpn1-af-ipv4]route-distinguisher 200:2

[ASBR-PE2-vpn-instance-vpn1-af-ipv4]vpn-target 2:2

[ASBR-PE2-GigabitEthernet0/0/0]ip binding vpn-instance vpn1

[ASBR-PE2-GigabitEthernet0/0/0]ip add 12.1.1.2 24

[ASBR-PE1]bgp 100

[ASBR-PE1-bgp]ipv4-family vpn-instance vpn1

[ASBR-PE1-bgp-vpn1]peer 12.1.1.2 as-number 200

[ASBR-PE1-bgp-vpn1]import-route direct

[ASBR-PE2]bgp 200

[ASBR-PE2-bgp]ipv4-family vpn-instance vpn1

[ASBR-PE2-bgp-vpn1]peer 12.1.1.1 as-number 100

[ASBR-PE2-bgp-vpn1]import-route direct

8. 检查配置

华为设备配置OptionA方式跨域VPN_网络_06

华为设备配置OptionA方式跨域VPN_华为_07

华为设备配置OptionA方式跨域VPN_网络_08

上一篇：华为设备配置Hub and Spoke

下一篇：华为设备配置MCE

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯