No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Ethernet over mGRE

(Optional) Configuring Ethernet over mGRE

Context

When the Hub and Spokes on a DSVPN network need to transparently transmit Ethernet packets, Ethernet over mGRE can be configured. After you bind Layer 2 virtual Ethernet (VE) interfaces to the LAN-side physical Ethernet interface and WAN-side tunnel interface of a device, Ethernet packets received from the LAN-side interface are forwarded by the VE interfaces to the WAN-side tunnel interface. The WAN-side tunnel interface encapsulates the packets using GRE and transparently transmits the packets over mGRE tunnels.

Perform the following configurations on the Hub and Spokes.

Procedure

  • Configuring a LAN-side physical Ethernet interface
    1. Run system-view

      The system view is displayed.

    2. Run interface virtual-ethernet ve-number

      A VE interface is created and the VE interface view is displayed.

    3. Run portswitch

      The VE interface is changed from Layer 3 mode to Layer 2 mode.

      By default, a VE interface works in Layer 3 mode.

    4. Perform the following configurations on a Layer 2 VE interface:

      • VLAN configuration: Configuring VLAN Assignment
      • QinQ configuration: Configuring Basic QinQ, Configuring Selective QinQ, and Configuring the TPID Value in an Outer VLAN Tag
      • VLAN mapping configuration: Configuring VLAN ID-based VLAN Mapping

    5. Run quit

      Return to the system view.

    6. Run interface interface-type interface-number

      The Ethernet interface view is displayed.

    7. Run map interface virtual-ethernet ve-number

      The Layer 2 VE interface is bound to the physical Ethernet interface.

      By default, no Layer 2 VE interface is bound to a physical Ethernet interface.

  • Configuring a WAN-side tunnel interface
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run gre map virtual-ethernet forward-broadcast disable

      A VE interface from forwarding broadcast, multicast, and unknown unicast packets to devices is disabled in the same VLAN .

      By default, a VE interface can forward broadcast, multicast, and unknown unicast packets to devices in the same VLAN.

      If branch CPE fails to obtain the MAC address of the HQ CPE, it will send broadcast, multicast, and unknown unicast packets to the VE interface bound to the tunnel interface of the HQ CPE. The VE interface then forwards the packets to other CPEs in the same VLAN. This consumes large network bandwidth, increases the workload of the HQ CPE, and may lead to drop of normal packets. To prevent this problem, you can configure the gre map virtual-ethernet forward-broadcast disable command on the HQ CPE to disable the VE interface from forwarding broadcast, multicast, and unknown unicast packets to other CPEs in the same VLAN.

    3. Run interface virtual-ethernet ve-number

      A VE interface is created and the VE interface view is displayed.

    4. Run portswitch

      The VE interface is changed from Layer 3 mode to Layer 2 mode.

      By default, a VE interface works in Layer 3 mode.

    5. Perform the following configurations on a Layer 2 VE interface:

      • VLAN configuration: Configuring VLAN Assignment
      • QinQ configuration: Configuring Basic QinQ, Configuring Selective QinQ, and Configuring the TPID Value in an Outer VLAN Tag
      • VLAN mapping configuration: Configuring VLAN ID-based VLAN Mapping

    6. Run quit

      Return to the system view.

    7. Run interface tunnel interface-number

      The tunnel interface view is displayed.

    8. Run map interface virtual-ethernet ve-number

      The Layer 2 VE interface is bound to the tunnel interface.

      By default, no Layer 2 VE interface is bound to a tunnel interface.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 143587

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next