No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Establishing a Static L2TPv3 Tunnel

Example for Establishing a Static L2TPv3 Tunnel

Networking Requirements

In Figure 2-5, enterprise A has two branches that connect to the IP network through LCCE1 and LCCE2 respectively. Branch 1 deploys a local area network (LAN) and uses LCCE1 as the gateway. Branch 2 deploys a LAN and uses LCCE2 as the gateway.

Branches 1 and 2 need to transparently transmit Layer 2 data through an IP network, implementing communication between LANs.

Figure 2-5  Transmitting packets over the L2TPv3 tunnel after removing one tag

Configuration Roadmap

To implement communication between branches 1 and 2 through a Layer 3 network, deploy an L2TPv3 tunnel between LCCE1 and LCCE2 to transparently transmit Layer 2 data through an IP network.

The configuration roadmap is as follows:

  1. Configure a route to ensure communication between LCCE1 and LCCE2.

  2. Enable the L2TPv3 function globally.

  3. Establish tunnel interfaces and configure the L2TPv3 tunnel parameters.

  4. Configure a Dot1q sub-interface on the AC interface and connect the Dot1q sub-interface to the L2TPv3 tunnel.

  5. Configure the link bridge function to bind an AC interface to a tunnel interface.

NOTE:

Upload a license to enable the L2TPv3 function.

Procedure

  1. Configure IP addresses and a static route for the PW interfaces on LCCE1 and LCCE2 respectively.

    # Configure an IP address for the PW interface on LCCE1.

    <Huawei> system-view
    [Huawei] sysname LCCE1
    [LCCE1] interface gigabitethernet 0/0/1
    [LCCE1-GigabitEthernet0/0/1] ip address 10.1.1.2 24
    [LCCE1-GigabitEthernet0/0/1] quit

    # Configure a static route to LCCE2 on LCCE1. This example assumes that the next hop address in the route is 10.1.1.3.

    [LCCE1]ip route-static 10.1.2.0 255.255.255.0 10.1.1.3
    

    # Configure an IP address for the PW interface on LCCE2.

    <Huawei> system-view
    [Huawei] sysname LCCE2
    [LCCE2] interface gigabitethernet 0/0/1
    [LCCE2-GigabitEthernet0/0/1] ip address 10.1.2.2 24
    [LCCE2-GigabitEthernet0/0/1] quit

    # Configure a static route to LCCE1 on LCCE2. This example assumes that the next hop address in the route is 10.1.2.3.

    [LCCE2]ip route-static 10.1.1.0 255.255.255.0 10.1.2.3
    

  2. Enable the L2TPv3 function globally.

    # Enable the L2TPv3 function on LCCE1.

    [LCCE1] l2tpv3 enable
    

    # Enable the L2TPv3 function on LCCE2.

    [LCCE2] l2tpv3 enable
    

  3. Configure L2TPv3 parameters for tunnel interfaces.

    # Create a tunnel on LCCE1 and configure parameters for the tunnel.

    [LCCE1] interface tunnel 0/0/1
    [LCCE1-Tunnel0/0/1] tunnel-protocol svpn
    [LCCE1-Tunnel0/0/1] encapsulation l2tpv3 static
    [LCCE1-Tunnel0/0/1] l2tpv3 local session-id 1
    [LCCE1-Tunnel0/0/1] l2tpv3 remote session-id 4
    [LCCE1-Tunnel0/0/1] l2tpv3 local cookie length 4 plain lower-value 11
    [LCCE1-Tunnel0/0/1] l2tpv3 remote cookie length 4 plain lower-value 22
    [LCCE1-Tunnel0/0/1] tunnel-source 10.1.1.2
    [LCCE1-Tunnel0/0/1] tunnel-destination 10.1.2.2
    [LCCE1-Tunnel0/0/1] quit
    

    # Create a tunnel on LCCE2 and configure parameters for the tunnel.

    [LCCE2] interface tunnel 0/0/1
    [LCCE2-Tunnel0/0/1] tunnel-protocol svpn
    [LCCE2-Tunnel0/0/1] encapsulation l2tpv3 static
    [LCCE2-Tunnel0/0/1] l2tpv3 local session-id 4
    [LCCE2-Tunnel0/0/1] l2tpv3 remote session-id 1
    [LCCE2-Tunnel0/0/1] l2tpv3 local cookie length 4 plain lower-value 22
    [LCCE2-Tunnel0/0/1] l2tpv3 remote cookie length 4 plain lower-value 11
    [LCCE2-Tunnel0/0/1] tunnel-source 10.1.2.2
    [LCCE2-Tunnel0/0/1] tunnel-destination 10.1.1.2
    [LCCE2-Tunnel0/0/1] quit
    

  4. Configure a Dot1q sub-interface on the AC interface and connect the Dot1q sub-interface to the L2TPv3 tunnel.

    # Create a sub-interface on LCCE1. Connect the sub-interface to the L2TPv3 tunnel as a Dot1q sub-interface.

    [LCCE1] interface gigabitethernet 0/0/2.1
    [LCCE1-GigabitEthernet0/0/2.1] dot1q termination vid 9 

    # Create a sub-interface on LCCE2. Connect the sub-interface to the L2TPv3 tunnel as a Dot1q sub-interface.

    [LCCE2] interface gigabitethernet 0/0/2.1
    [LCCE2-GigabitEthernet0/0/2.1] dot1q termination vid 20 

  5. Configure the link bridge function.

    # Configure the link bridge function on LCCE1 and bind an AC interface to a tunnel interface.

    [LCCE1-GigabitEthernet0/0/2.1] link-bridge tunnel0/0/1 tagged

    # Configure the link bridge function on LCCE2 and bind an AC interface to a tunnel interface.

    [LCCE2-GigabitEthernet0/0/2.1] link-bridge tunnel0/0/1 tagged

  6. Verify the configuration.

    # After the configurations are complete, run the display interface brief command on LCCE1 and LCCE2 to view the brief interface and IP information, including the IP addresses, subnet mask, physical and protocol status (Up or Down), and the number of interfaces in different status. The command output on LCCE1 is used as an example.

    [LCCE1] display interface brief
    PHY: Physical
    *down: administratively down
    (l): loopback
    (s): spoofing
    (b): BFD down
    ^down: standby
    (e): ETHOAM down
    InUti/OutUti: input utility/output utility
    Interface                   PHY   Protocol  InUti OutUti   inErrors  outErrors
    Atm8/0/0                    down  down         0%     0%          0          0
    Atm8/0/1                    down  down         0%     0%          0          0
    Atm8/0/2                    down  down         0%     0%          0          0
    Atm8/0/3                    down  down         0%     0%          0          0
    Cellular0/0/0               down  down         0%     0%          0          0
    Cellular0/0/1               down  down         0%     0%          0          0
    Ethernet1/0/0               up    up           0%     0%          0          0
    Ethernet1/0/1               up    down      0.01%     0%          0          0
    Ethernet2/0/0               down  down         0%     0%          0          0
    GigabitEthernet0/0/0        up    up        0.01%  0.01%          0          0
    GigabitEthernet0/0/1        up    up        0.01%     0%          0          0
    GigabitEthernet0/0/2        up    up        0.01%     0%          0          0
    GigabitEthernet0/0/2.1      up    up           0%     0%          0          0
    GigabitEthernet0/0/3        up    down      0.01%     0%          0          0
    GigabitEthernet3/0/0        down  down         0%     0%          0          0
    MFR0/0/1                    down  down         0%     0%          0          0
    Mp-group0/0/1               down  down         0%     0%          0          0
    NULL0                       up    up(s)        0%     0%          0          0
    Serial4/0/0                 up    up        0.05%  0.05%          0          0
    Serial6/0/0                 down  down         0%     0%          0          0
    Serial6/0/1                 down  down         0%     0%          0          0
    Serial6/0/2                 down  down         0%     0%          0          0
    Serial6/0/3                 down  down         0%     0%          0          0
    Serial6/0/4                 down  down         0%     0%          0          0
    Serial6/0/5                 down  down         0%     0%          0          0
    Serial6/0/6                 down  down         0%     0%          0          0
    Serial6/0/7                 down  down         0%     0%          0          0
    Tunnel0/0/1                 up    up(s)        0%     0%          0          0
    Virtual-Template1           up    down         0%     0%          0          0

    # Run the display interface tunnel 0/0/1 command on LCCE1 and LCCE2 to view the tunnel interface status. You can find that the status is Up (spoofing). The command output on LCCE1 is used as an example.

    [LCCE1] display interface tunnel 0/0/1
    Tunnel0/0/1 current state : UP
    Line protocol current state : UP (spoofing)
    Description:HUAWEI, AR Series, Tunnel0/0/1 Interface
    Route Port,The Maximum Transmit Unit is 1500
    Internet protocol processing : disabled
    Encapsulation is TUNNEL, loopback not set
    Tunnel protocol/transport SVPN/IP
    Current system time: 2016-02-25 17:10:48
        300 seconds input rate 0 bits/sec, 0 packets/sec
        300 seconds output rate 0 bits/sec, 0 packets/sec
        99 seconds input rate 0 bits/sec, 0 packets/sec
        99 seconds output rate 0 bits/sec, 0 packets/sec
        0 packets input,  0 bytes
        0 input error
        0 packets output,  0 bytes
        0 output error
        Input bandwidth utilization  :    0%
        Output bandwidth utilization :    0%

Configuration Files

  • LCCE1 configuration file

    #
     sysname LCCE1
    #
     l2tpv3 enable
    #
    interface GigabitEthernet0/0/1
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/2.1
     dot1q termination vid 9
     link-bridge Tunnel0/0/1 tagged
    #
    interface Tunnel0/0/1
     tunnel-protocol svpn
     encapsulation l2tpv3 
     l2tpv3 local session-id 1
     l2tpv3 remote session-id 4
     l2tpv3 local cookie length 4 plain lower-value 11
     l2tpv3 remote cookie length 4 plain lower-value 22
     tunnel-source 10.1.1.2
     tunnel-destination 10.1.2.2
    #
    ip route-static 10.1.2.0 255.255.255.0 10.1.1.3
    #
    return
    
  • LCCE2 configuration file

    #
     sysname LCCE2
    #
     l2tpv3 enable
    #
    interface GigabitEthernet0/0/1
     ip address 10.1.2.2 255.255.255.0
    #
    interface GigabitEthernet0/0/2.1
     dot1q termination vid 20
     link-bridge Tunnel0/0/1 tagged
    #
    interface Tunnel0/0/1
     tunnel-protocol svpn
     encapsulation l2tpv3 
     l2tpv3 local session-id 4
     l2tpv3 remote session-id 1
     l2tpv3 local cookie length 4 plain lower-value 22
     l2tpv3 remote cookie length 4 plain lower-value 11
     tunnel-source 10.1.2.2
     tunnel-destination 10.1.1.2
    #
    ip route-static 10.1.1.0 255.255.255.0 10.1.2.3
    #
    return
    
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 152258

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next