No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the Link Bridge Function

(Optional) Configuring the Link Bridge Function

Context

Customers want to use GRE to transparently transmit FR, HDLC, PPP, or Ethernet packets over networks of a different network layer protocol, such as the IPv4 network. To transmit FR, HDLC, PPP, or Ethernet packets over a GRE tunnel, they need to configure the link bridge function to bind a serial, an Ethernet, a GE, an XGE, or a VLANIF interface with a tunnel interface, so that packets received from the serial, Ethernet, GE, XGE, or VLANIF interface can be directly sent out from the tunnel interface bound to it.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run link-bridge tag-id interface interface-type interface-number out-interface interface-type interface-number [ untagged | tagged vlan-id ]

    The link-bridge command binds an inbound interface to an outbound interface, so that packets received from the specified inbound interface can only be sent through the specified outbound interface.

    By default, the link bridge function is not configured.

    When configuring the link bridge function, pay attention to the following points:
    • After you configure the link bridge function, the protocol status of the inbound interface turns Down and network-layer configurations on the inbound interface do not take effect. The inbound interface only functions as a bridge.
    • After you configure this command, the protocol status of the inbound interface which is a serial interface turns Down and network-layer configurations on the inbound interface do not take effect. The inbound interface only functions as a bridge.

    • After link bridge is bound to an interface, the interface does not support QoS.The inbound interface to which link bridge is bound supports traffic policy, traffic policing, traffic statistics collection, and mapping between 802.1p and DSCP priorities.
    • Two link bridges must be configured with different tag IDs. The tag ID of a link bridge must be globally unique. If the tag ID of two link bridges is the same, an error message is displayed.

    • Only one link bridge can be configured on a physical interface. If two link bridges are configured on the same physical interface, an error message is displayed.

    • Only one link bridge can be configured on a tunnel interface. If two link bridges are configured on the same tunnel interface, an error message is displayed.

    • If you specify the untagged mode, Ethernet packets transmitted over a GRE tunnel do not contain VLAN tags; otherwise, packets contain VLAN tags. You can determine whether to configure the untagged mode based on your actual networking to ensure normal traffic transmission over a tunnel. The following table describes the packet transmission rules.

      Interface Type Traffic Flow Default Processing on Ethernet Packet With Tag Without Tag (Untagged)
      Layer 2 Ethernet interface From an Ethernet interface to a tunnel interface The interface transparently transmits the packet. The interface adds an outer tag to the packet before sending the packet. If the packet contains a tag, the interface removes the tag before sending the packet.
      From a tunnel interface to an Ethernet interface The interface transparently transmits the packet. If the tag differs from the specified one, the interface discards the packet. Otherwise, the interface removes the outer tag before sending the packet. The interface transparently transmits the packet.
      Layer 3 Ethernet interface From an Ethernet interface to a tunnel interface The interface transparently transmits the packet. The interface adds an outer tag to the packet before sending the packet. If the packet contains a tag, the interface removes the tag before sending the packet.
      From a tunnel interface to an Ethernet interface The interface transparently transmits the packet. If the tag differs from the specified one, the interface discards the packet. Otherwise, the interface removes the outer tag before sending the packet. The interface transparently transmits the packet.
      VLANIF interface From a VLANIF interface to a tunnel interface If the VLAN ID in the packet is the same as the PVID, the interface removes the tag; otherwise, the interface transparently transmits the packet. The interface adds an outer tag to the packet before sending the packet. If the packet contains a tag, the interface removes the tag before sending the packet.
      From a tunnel interface to a VLANIF interface The device checks whether the VLAN ID in the packet is the same as that of the VLANIF interface. If so, the interface sends the packet; otherwise, the interface discards the packet. If the tag differs from the specified one, the interface discards the packet. Otherwise, the interface removes the outer tag before sending the packet. The interface adds the VLAN ID of the VLANIF interface to the packet before sending the packet.
      Ethernet sub-interface From an Ethernet sub-interface to a tunnel interface The interface transparently transmits the packet. The interface adds an outer tag to the packet before sending the packet. If the packet contains a tag, the interface removes the tag before sending the packet.
      From a tunnel interface to an Ethernet sub-interface The device checks whether the VLAN ID in the packet is the same as that of the Dot1q or QinQ sub-interface. If so, the interface sends the packet; otherwise, the interface discards the packet. If the tag differs from the specified one, the interface discards the packet. Otherwise, the interface removes the outer tag before sending the packet. The interface adds the VLAN ID of the Dot1q or QinQ sub-interface to the packet before sending the packet.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144576

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next