No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Communication Within a Network Segment Through a VXLAN Tunnel

Example for Configuring Communication Within a Network Segment Through a VXLAN Tunnel

Networking Requirements

In Figure 13-18, an enterprise has two departments scattered in different geographical locations. As the two departments have the same service requirements, they are planned in the same network segment. End users in both departments belong to VLAN 10. They need to communicate over the VXLAN tunnel.

Figure 13-18  Configuring communication within a network segment through a VXLAN tunnel

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a routing protocol on Router1, Router2, and Router3 to ensure Layer 3 connectivity.
  2. Configure a deployment mode for the VXLAN access service on Router1 and Router2.
  3. Configure information for VXLAN tunnel establishment on Router1 and Router2.

Procedure

  1. Configure a routing protocol.

    # Configure IP addresses for interfaces on Router1. The configurations of Router2 and Router3 are similar to the configuration of Router1, and are not mentioned here. When OSPF is used, the 32-bit loopback address of each router must be advertised.

    <Huawei> system-view
    [Huawei] sysname Router1
    [Router1] interface loopback 1
    [Router1-LoopBack1] ip address 10.1.1.2 32
    [Router1-LoopBack1] quit
    [Router1] interface ethernet 2/0/0
    [Router1-Ethernet2/0/0] undo portswitch
    [Router1-Ethernet2/0/0] ip address 192.168.2.1 24
    [Router1-Ethernet2/0/0] quit
    [Router1] ospf
    [Router1-ospf-1] area 0
    [Router1-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.0
    [Router1-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
    [Router1-ospf-1-area-0.0.0.0] quit
    [Router1-ospf-1] quit
    

    # After OSPF is configured, the Routers can learn the loopback interface address of each other and successfully ping each other. The following shows the ping result from Router1 to Router2.

    [Router1] ping 10.2.2.2
      PING 10.2.2.2: 56  data bytes, press CTRL_C to break                           
        Reply from 10.2.2.2: bytes=56 Sequence=1 ttl=255 time=240 ms                 
        Reply from 10.2.2.2: bytes=56 Sequence=2 ttl=255 time=5 ms                   
        Reply from 10.2.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms                   
        Reply from 10.2.2.2: bytes=56 Sequence=4 ttl=255 time=14 ms                  
        Reply from 10.2.2.2: bytes=56 Sequence=5 ttl=255 time=5 ms                   
                                                                                    
      --- 10.2.2.2 ping statistics ---                                               
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 5/53/240 ms  
    

  2. Configure a service access point on Router1 and Router2, respectively.

    # Configure Router1.

    [Router1] bridge-domain 10
    [Router1-bd10] quit
    [Router1] interface ethernet 2/0/1.1 mode l2
    [Router1-Ethernet2/0/1.1] encapsulation dot1q vid 10
    [Router1-Ethernet2/0/1.1] bridge-domain 10
    [Router1-Ethernet2/0/1.1] quit
    

    # Configure Router2.

    [Router2] bridge-domain 10
    [Router2-bd10] quit
    [Router2] interface ethernet 2/0/1.1 mode l2
    [Router2-Ethernet2/0/1.1] encapsulation dot1q vid 10
    [Router2-Ethernet2/0/1.1] bridge-domain 10
    [Router2-Ethernet2/0/1.1] quit
    

  3. Configure information for VXLAN tunnel establishment on Router1 and Router2.

    # Configure Router1.

    [Router1] bridge-domain 10
    [Router1-bd10] vxlan vni 2010
    [Router1-bd10] quit
    [Router1] interface nve 1
    [Router1-Nve1] source 10.1.1.2
    [Router1-Nve1] vni 2010 head-end peer-list 10.2.2.2
    [Router1-Nve1] quit
    

    # Configure Router2.

    [Router2] bridge-domain 10
    [Router2-bd10] vxlan vni 2010
    [Router2-bd10] quit
    [Router2] interface nve 1
    [Router2-Nve1] source 10.2.2.2
    [Router2-Nve1] vni 2010 head-end peer-list 10.1.1.2
    [Router2-Nve1] quit
    

  4. Verify the configuration.

    # After the configuration is complete, run the display vxlan vni command on Router1 and Router2. The command output shows that the VNI status is up. Run the display vxlan tunnel command, and you can see VXLAN tunnel information. The command output on Router1 is used as an example.

    [Router1] display vxlan vni
     VNI               BD-ID             State                                      
     -----------------------------------------                                      
     2010              10                up  
     -----------------------------------------                                      
     Number of vxlan vni bound to BD is : 2                                         
                                                                                    
     VNI               VRF-ID                                                       
     -----------------------------------------                                      
     -----------------------------------------                                      
     Number of vxlan vni bound to VPN is : 0                                        
                                              
    [Router1] display vxlan tunnel
     Tunnel ID       Source              Destination         State     Type         
     ----------------------------------------------------------------------------   
     4026531841      10.1.1.2             10.2.2.2             up        static  
     ----------------------------------------------------------------------------   
     Number of vxlan tunnel : 1  

    After the configuration is complete, users in the same network segment can communicate over a VXLAN tunnel.

Configuration Files

  • Router1 configuration file

    #
    sysname Router1
    #
    bridge-domain 10                                                                
     vxlan vni 2010
    #                                                                               
    interface Ethernet2/0/0                                                         
     undo portswitch                                                                
     ip address 192.168.2.1 255.255.255.0                                           
    #                                                                               
    interface Ethernet2/0/1.1 mode l2                                               
     encapsulation dot1q vid 10                                                     
     bridge-domain 10
    #                                                                               
    interface LoopBack1                                                             
     ip address 10.1.1.2 255.255.255.255  
    #                                                                               
    interface Nve1                                                                  
     source 10.1.1.2                                                                 
     vni 2010 head-end peer-list 10.2.2.2                                            
    #  
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 10.1.1.2 0.0.0.0                                                       
      network 192.168.2.0 0.0.0.255 
    #                                                                               
    return 
    
  • Router2 configuration file

    #
    sysname Router2
    #
    bridge-domain 10                                                                
     vxlan vni 2010
    #                                                                               
    interface Ethernet2/0/0                                                         
     undo portswitch                                                                
     ip address 192.168.3.1 255.255.255.0                                           
    #                                                                               
    interface Ethernet2/0/1.1 mode l2                                               
     encapsulation dot1q vid 10                                                     
     bridge-domain 10
    #                                                                               
    interface LoopBack1                                                             
     ip address 10.2.2.2 255.255.255.255  
    #                                                                               
    interface Nve1                                                                  
     source 10.2.2.2                                                                 
     vni 2010 head-end peer-list 10.1.1.2                                            
    #  
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 10.2.2.2 0.0.0.0                                                       
      network 192.168.3.0 0.0.0.255 
    #                                                                               
    return 
  • Router3 configuration file

    #
    sysname Router3
    #                                                                               
    interface Ethernet2/0/1                                                         
     undo portswitch                                                                
     ip address 192.168.2.2 255.255.255.0                                           
    #                                                                               
    interface Ethernet2/0/2                                                         
     undo portswitch                                                                
     ip address 192.168.3.2 255.255.255.0                                           
    #                                                                               
    interface LoopBack1                                                             
     ip address 10.3.3.2 255.255.255.255  
    #  
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 10.3.3.2 0.0.0.0                                                       
      network 192.168.2.0 0.0.0.255 
      network 192.168.3.0 0.0.0.255 
    #                                                                               
    return 
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 153232

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next