No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring an Ethernet over GRE Tunnel

Example for Configuring an Ethernet over GRE Tunnel

Networking Requirements

In Figure 2-15, RouterA, RouterB, and RouterC use the Open Shortest Path First (OSPF) protocol to implement communication over the public network. PC1 and PC2 on the branch Ethernet networks belong to the same network segment, and need to communicate over the public network.

Figure 2-15  Ethernet over GRE tunnel

Configuration Roadmap

The configuration roadmap is as follows:

  1. Run OSPF on all the routers to implement reachable routes among them.

  2. Create a GRE tunnel between RouterA and RouterC and configure Ethernet over GRE on them to transmit packets between PC1 and PC2 over the GRE tunnel.

Procedure

  1. Configure an IP address for each physical interface.

    # Configure RouterA.

    <Huawei> system-view
    [Huawei] sysname RouterA
    [RouterA] interface gigabitethernet 1/0/0
    [RouterA-GigabitEthernet1/0/0] ip address 20.1.1.1 255.255.255.0
    [RouterA-GigabitEthernet1/0/0] quit

    # Configure RouterB.

    <Huawei> system-view
    [Huawei] sysname RouterB
    [RouterB] interface gigabitethernet 1/0/0
    [RouterB-GigabitEthernet1/0/0] ip address 20.1.1.2 255.255.255.0
    [RouterB-GigabitEthernet1/0/0] quit
    [RouterB] interface gigabitethernet 2/0/0
    [RouterB-GigabitEthernet2/0/0] ip address 30.1.1.1 255.255.255.0
    [RouterB-GigabitEthernet2/0/0] quit

    # Configure RouterC.

    <Huawei> system-view
    [Huawei] sysname RouterC
    [RouterC] interface gigabitethernet 1/0/0
    [RouterC-GigabitEthernet1/0/0] ip address 30.1.1.2 255.255.255.0
    [RouterC-GigabitEthernet1/0/0] quit

  2. Configure OSPF on the routers.

    # Configure RouterA.

    [RouterA] ospf 1
    [RouterA-ospf-1] area 0
    [RouterA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [RouterA-ospf-1-area-0.0.0.0] quit
    [RouterA-ospf-1] quit

    # Configure RouterB.

    [RouterB] ospf 1
    [RouterB-ospf-1] area 0
    [RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [RouterB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [RouterB-ospf-1-area-0.0.0.0] quit
    [RouterB-ospf-1] quit

    # Configure RouterC.

    [RouterC] ospf 1
    [RouterC-ospf-1] area 0
    [RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [RouterC-ospf-1-area-0.0.0.0] quit
    [RouterC-ospf-1] quit

    # After the configuration is complete, run the display ip routing-table command on RouterA and RouterC. You can find that they have learned the OSPF routes destined for the network segment of the peer.

    # The command output on RouterA is used as an example.

    [RouterA] display ip routing-table protocol ospf
    <keyword conref="../commonterms/commonterms.xml#commonterms/route-flags"></keyword>
    ------------------------------------------------------------------------------
    Public routing table : OSPF
             Destinations : 1        Routes : 1
    
    OSPF routing table status : <Active>
             Destinations : 1        Routes : 1
    
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface
    
           30.1.1.0/24  OSPF    10   2           D   20.1.1.2        GigabitEthernet1/0/0
    
    OSPF routing table status : <Inactive>
             Destinations : 0        Routes : 0
    
    

  3. Configure tunnel interfaces and create a GRE tunnel.

    # Configure RouterA.

    [RouterA] interface tunnel 0/0/1
    [RouterA-Tunnel0/0/1] tunnel-protocol gre
    [RouterA-Tunnel0/0/1] ip address 10.3.1.1 255.255.255.0
    [RouterA-Tunnel0/0/1] source 20.1.1.1
    [RouterA-Tunnel0/0/1] destination 30.1.1.2
    [RouterA-Tunnel0/0/1] quit

    # Configure RouterC.

    [RouterC] interface tunnel 0/0/1
    [RouterC-Tunnel0/0/1] tunnel-protocol gre
    [RouterC-Tunnel0/0/1] ip address 10.3.1.2 255.255.255.0
    [RouterC-Tunnel0/0/1] source 30.1.1.2
    [RouterC-Tunnel0/0/1] destination 20.1.1.1
    [RouterC-Tunnel0/0/1] quit

    # After the configuration is complete, the tunnel interfaces turn Up and can ping each other.

    # The command output on RouterA is used as an example.

    [RouterA] ping -a 10.3.1.1 10.3.1.2
      PING 10.3.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.3.1.2: bytes=56 Sequence=1 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms
    
      --- 10.3.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 1/1/1 ms 
    
    

  4. Configure Ethernet over GRE.

    # The configuration on RouterC is the same as that on RouterA. The configuration on RouterA is used as an example.

    # Configure a Layer 2 VE interface VE0/0/2 and bind it to the LAN-side physical Ethernet interface GE2/0/0.

    [RouterA] vlan 100
    [RouterA-vlan100] quit
    [RouterA] interface virtual-ethernet 0/0/2
    [RouterA-Virtual-Ethernet0/0/2] portswitch
    [RouterA-Virtual-Ethernet0/0/2] port link-type access
    [RouterA-Virtual-Ethernet0/0/2] port default vlan 100
    [RouterA-Virtual-Ethernet0/0/2] quit
    [RouterA] interface gigabitethernet 2/0/0
    [RouterA-GigabitEthernet0/0/2] map interface virtual-ethernet 0/0/2
    [RouterA-GigabitEthernet0/0/2] quit
    

    # Configure a Layer 2 VE interface VE0/0/1 and bind it to the WAN-side tunnel interface Tunnel0/0/1.

    [RouterA] interface virtual-ethernet 0/0/1
    [RouterA-Virtual-Ethernet0/0/1] portswitch
    [RouterA-Virtual-Ethernet0/0/1] port link-type trunk
    [RouterA-Virtual-Ethernet0/0/1] port trunk allow-pass vlan 100
    [RouterA-Virtual-Ethernet0/0/1] quit
    [RouterA] interface tunnel 0/0/1
    [RouterA-Tunnel0/0/1] map interface virtual-ethernet 0/0/1
    [RouterA-Tunnel0/0/1] quit
    

  5. Verify the configuration.

    # After the configurations are complete, PC1 and PC2 can ping each other successfully.

Configuration Files

  • RouterA configuration file

    #
     sysname RouterA
    #
    vlan batch 100
    # 
    interface GigabitEthernet1/0/0
     ip address 20.1.1.1 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     map interface Virtual-Ethernet0/0/2
    #
    interface Virtual-Ethernet0/0/1
     portswitch
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface Virtual-Ethernet0/0/2
     portswitch
     port link-type access
     port default vlan 100
    #
    interface Tunnel0/0/1
     ip address 10.3.1.1 255.255.255.0
     tunnel-protocol gre
     source 20.1.1.1
     destination 30.1.1.2
     map interface Virtual-Ethernet0/0/1
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    return
  • RouterB configuration file

    #
     sysname RouterB
    #
    interface GigabitEthernet1/0/0
     ip address 20.1.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 30.1.1.1 255.255.255.0
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • RouterC configuration file

    #
     sysname RouterC
    #
    vlan batch 100
    #
    interface GigabitEthernet1/0/0
     ip address 30.1.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     map interface Virtual-Ethernet0/0/2
    #
    interface Virtual-Ethernet0/0/1
     portswitch
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface Virtual-Ethernet0/0/2
     portswitch
     port link-type access
     port default vlan 100
    #
    interface Tunnel0/0/1
     ip address 10.3.1.2 255.255.255.0
     tunnel-protocol gre
     source 30.1.1.2
     destination 20.1.1.1
     map interface Virtual-Ethernet0/0/1
    #
    ospf 1
     area 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    return
Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 34868

Downloads: 48

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next