No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Layer 3 VXLAN Gateway to Enable Communication Between Users in Different Network Segments

Example for Configuring a Layer 3 VXLAN Gateway to Enable Communication Between Users in Different Network Segments

Networking Requirements

In Figure 13-19, Router1 and Router2 are the branch and headquarters gateways of an enterprise. As users in the headquarters and branch have different service requirements, they are planned in different network segments. PC_1 in the branch and PC_2 in the headquarters belong VLAN 10 and VLAN 20, respectively. The enterprise requires that users in the headquarters and branch can communicate using a Layer 3 VXLAN gateway.

Figure 13-19  Configuring a Layer 3 VXLAN gateway to enable communication between users in different network segments

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a routing protocol on Router1, Router2, and Router3 to ensure Layer 3 network connectivity.
  2. Configure a deployment mode for the VXLAN access service on Router1 and Router2.
  3. Configure information for VXLAN tunnel establishment on Router1, Router2, and Router3.
  4. Configure a Layer 3 gateway on Router3.

Procedure

  1. Configure a routing protocol.

    # Configure Router1. The configurations of Router2 and Router3 are similar to the configuration of Router1, and are not mentioned here. When OSPF is used, the 32-bit loopback address of each router must be advertised.

    <Huawei> system-view
    [Huawei] sysname Router1
    [Router1] interface loopback 1
    [Router1-LoopBack1] ip address 10.1.1.2 32
    [Router1-LoopBack1] quit
    [Router1] interface ethernet 2/0/0
    [Router1-Ethernet2/0/0] undo portswitch
    [Router1-Ethernet2/0/0] ip address 192.168.2.1 24
    [Router1-Ethernet2/0/0] quit
    [Router1] ospf
    [Router1-ospf-1] area 0
    [Router1-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.0
    [Router1-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
    [Router1-ospf-1-area-0.0.0.0] quit
    [Router1-ospf-1] quit
    

    # After OSPF is configured, the routers can learn the loopback interface address of each other and successfully ping each other. The following shows the ping result from Router1 to Router2.

    [Router1] ping 10.2.2.2
      PING 10.2.2.2: 56  data bytes, press CTRL_C to break                     
        Reply from 10.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms             
        Reply from 10.2.2.2: bytes=56 Sequence=2 ttl=255 time=5 ms             
        Reply from 10.2.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms             
        Reply from 10.2.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms             
        Reply from 10.2.2.2: bytes=56 Sequence=5 ttl=255 time=2 ms             
                                                                                    
      --- 10.2.2.2 ping statistics ---                                         
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/3/5 ms                                           
                                                                                    

  2. Configure a service access point on Router1 and Router2, respectively.

    # Configure Router1.

    [Router1] bridge-domain 10
    [Router1-bd10] quit
    [Router1] interface ethernet 2/0/1.1 mode l2
    [Router1-Ethernet2/0/1.1] encapsulation dot1q vid 10
    [Router1-Ethernet2/0/1.1] bridge-domain 10
    [Router1-Ethernet2/0/1.1] quit
    

    # Configure Router2.

    [Router2] bridge-domain 20
    [Router2-bd20] quit
    [Router2] interface ethernet 2/0/1.1 mode l2
    [Router2-Ethernet2/0/1.1] encapsulation dot1q vid 20
    [Router2-Ethernet2/0/1.1] bridge-domain 20
    [Router2-Ethernet2/0/1.1] quit
    

  3. Configure information for VXLAN tunnel establishment on Router1, Router2, and Router3.

    # Configure Router1.

    [Router1] bridge-domain 10
    [Router1-bd10] vxlan vni 2010
    [Router1-bd10] quit
    [Router1] interface nve 1
    [Router1-Nve1] source 10.1.1.2
    [Router1-Nve1] vni 2010 head-end peer-list 10.3.3.2
    [Router1-Nve1] quit
    

    # Configure Router2.

    [Router2] bridge-domain 20
    [Router2-bd20] vxlan vni 2020
    [Router2-bd20] quit
    [Router2] interface nve 1
    [Router2-Nve1] source 10.2.2.2
    [Router2-Nve1] vni 2020 head-end peer-list 10.3.3.2
    [Router2-Nve1] quit
    

    # Configure Router3.

    [Router3] bridge-domain 10
    [Router3-bd10] vxlan vni 2010
    [Router3-bd10] quit
    [Router3] interface nve 1
    [Router3-Nve1] source 10.3.3.2
    [Router3-Nve1] vni 2010 head-end peer-list 10.1.1.2
    [Router3-Nve1] quit
    [Router3] bridge-domain 20
    [Router3-bd20] vxlan vni 2020
    [Router3-bd20] quit
    [Router3] interface nve 1
    [Router3-Nve1] source 10.3.3.2
    [Router3-Nve1] vni 2020 head-end peer-list 10.2.2.2
    [Router3-Nve1] quit
    

  4. Configure a Layer 3 VXLAN gateway on Router3.

    [Router3] interface vbdif 10
    [Router3-Vbdif10] ip address 192.168.10.10 24
    [Router3-Vbdif10] quit
    [Router3] interface vbdif 20
    [Router3-Vbdif20] ip address 192.168.20.10 24
    [Router3-Vbdif20] quit
    

  5. Verify the configuration.

    # After the preceding configuration, run the display vxlan vni and display vxlan tunnel commands on Router1, Router2, and Router3. You can find that the VNI status is Up and VXLAN tunnel information is displayed. The command output on Router3 is used as an example.

    [Router3] display vxlan vni
     VNI               BD-ID             State                                      
     -----------------------------------------                                      
     2010              10                up                                         
     2020              20                up                                         
     -----------------------------------------                                      
     Number of vxlan vni bound to BD is : 2                                         
                                                                                    
     VNI               VRF-ID                                                       
     -----------------------------------------                                      
     -----------------------------------------                                      
     Number of vxlan vni bound to VPN is : 0                                        
                                              
    [Router3] display vxlan tunnel
     Tunnel ID       Source              Destination         State     Type         
     ----------------------------------------------------------------------------   
     4026531842      10.3.3.2             10.1.1.2             up        static       
     4026531841      10.3.3.2             10.2.2.2             up        static       
     ----------------------------------------------------------------------------   
     Number of vxlan tunnel : 2  

Configuration Files

  • Router1 configuration file

    #
    sysname Router1
    #
    bridge-domain 10                                                                
     vxlan vni 2010
    #                                                                               
    interface Ethernet2/0/0                                                         
     undo portswitch                                                                
     ip address 192.168.2.1 255.255.255.0                                           
    #                                                                               
    interface Ethernet2/0/1.1 mode l2                                               
     encapsulation dot1q vid 10                                                     
     bridge-domain 10
    #                                                                               
    interface LoopBack1                                                             
     ip address 10.1.1.2 255.255.255.255  
    #                                                                               
    interface Nve1                                                                  
     source 10.1.1.2                                                                 
     vni 2010 head-end peer-list 10.3.3.2                                            
    #  
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 10.1.1.2 0.0.0.0                                                       
      network 192.168.2.0 0.0.0.255 
    #                                                                               
    return 
  • Router2 configuration file

    #
    sysname Router2
    #
    bridge-domain 20                                                                
     vxlan vni 2020
    #                                                                               
    interface Ethernet2/0/0                                                         
     undo portswitch                                                                
     ip address 192.168.3.1 255.255.255.0                                           
    #                                                                               
    interface Ethernet2/0/1.1 mode l2                                               
     encapsulation dot1q vid 20                                                     
     bridge-domain 20
    #                                                                               
    interface LoopBack1                                                             
     ip address 10.2.2.2 255.255.255.255  
    #                                                                               
    interface Nve1                                                                  
     source 10.2.2.2                                                                 
     vni 2020 head-end peer-list 10.3.3.2                                            
    #  
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 10.2.2.2 0.0.0.0                                                       
      network 192.168.3.0 0.0.0.255 
    #                                                                               
    return 
  • Router3 configuration file

    #
    sysname Router3
    #                                                                               
    bridge-domain 10                                                                
     vxlan vni 2010  
    bridge-domain 20                                                                
     vxlan vni 2020  
    #                                                                               
    interface Ethernet2/0/1                              
     undo portswitch                                                                
     ip address 192.168.2.2 255.255.255.0                                           
    #                                                                               
    interface Ethernet2/0/2                              
     undo portswitch                                                                
     ip address 192.168.3.2 255.255.255.0                                           
    #                                                                               
    interface LoopBack1                                                             
     ip address 10.3.3.2 255.255.255.255  
    #                                                                               
    interface Vbdif10                                                               
     ip address 192.168.10.10 255.255.255.0                                         
    #                  
    interface Vbdif20                                                               
     ip address 192.168.20.10 255.255.255.0 
    #                                                                               
    interface Nve1                                                                  
     source 10.3.3.2                                                                 
     vni 2010 head-end peer-list 10.1.1.2                                            
     vni 2020 head-end peer-list 10.2.2.2                                            
    #  
    ospf 1                                                                          
     area 0.0.0.0                                                                   
      network 10.3.3.2 0.0.0.0                                                       
      network 192.168.2.0 0.0.0.255 
      network 192.168.3.0 0.0.0.255 
    #                                                                               
    return 
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144534

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next