No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Deployment Mode for VXLAN Access Service

Configuring Deployment Mode for VXLAN Access Service

Context

When configuring VXLAN on a device, you need to select a deployment mode for the VXLAN access service on the downlink interface.

At the access side, two methods are available for deploying VXLAN services:
  • Based on VLAN: You can associate one or multiple VLANs with a BD to add users in these VLANs to the BD. This VLAN-based mode implements larger-granularity control, but is easy to configure. It applies to VXLAN deployment on a live network.

  • Based on encapsulation mode: The device sends packets of different encapsulation modes to different Layer 2 sub-interfaces based on the VLAN tags contained in the packets. You can bind a Layer 2 sub-interface to a BD to add specified users to the BD. This mode implements refined and flexible control but requires more complex configuration. It applies to VXLAN deployment on a new network.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bridge-domain bd-id

    A BD is created and the BD view is displayed.

    By default, no BD is created.

  3. (Optional) Run description description

    The description is configured for the BD.

    By default, no description is configured for a BD.

  4. Run quit

    Exit from the BD view and return to the system view.

  5. Configure a service access point.

    • Based on VLAN:
      1. Run vlan vlan-id

        A VLAN is created and the VLAN view is displayed.

      2. Run quit

        Exit from the VLAN view and return to the system view.

      3. Run bridge-domain bd-id

        The view of an existing BD is displayed.

      4. Run l2 binding vlan vlan-id

        A VLAN is associated with the BD so that data packets can be forwarded in the BD.

        By default, a VLAN is not associated with a BD.

        NOTE:
        • The VLANs to be bound to the BD have been created.

        • One VLAN can be associated with only one BD, but one BD can be associated with multiple VLANs.

        • After a global VLAN is associated with a BD, you need to add corresponding interfaces to the VLAN. An Eth-Trunk cannot be added to the VLAN.

    • Based on encapsulation mode:
      1. Run interface interface-type interface-number.subnum mode l2

        A Layer 2 sub-interface is created, and the sub-interface view is displayed.

        By default, no Layer 2 sub-interface is created.

      2. Run encapsulation { dot1q { vid pe-vid } | default | untag | qinq { vid vlan-vid ce-vid ce-vid } }

        An encapsulation mode is configured for a Layer 2 sub-interface to specify the type of packets that can pass through the sub-interface.

        By default, the encapsulation mode of packets allowed to pass a Layer 2 sub-interface is not configured.

      3. Run bridge-domain bd-id

        A specified Layer 2 sub-interface is associated with a BD so that data packets can be forwarded in the BD.

        By default, a Layer 2 sub-interface is not associated with a BD.

      NOTE:

      When configuring an encapsulation mode on a Layer 2 sub-interface, pay attention to the following points:

      • The VLAN ID in dot1q mode or outer VLAN ID in qinq mode cannot be the same as the allowed VLAN of the corresponding main interface or the global VLAN.

      • On the same main interface, the VLAN ID in dot1q mode and the outer VLAN ID in qinq mode must be different.

      • When the encapsulation mode of a Layer 2 sub-interface is default, the corresponding main interface cannot be added to any VLAN, including VLAN 1.

      • Before the encapsulation mode of a Layer 2 sub-interface is set to default, the main interface has only one sub-interface.

      • After the encapsulation mode of a Layer 2 sub-interface is set to default, no other sub-interface can be created on the main interface.

      • When the encapsulation mode of a Layer 2 sub-interface is set to untag, other sub-interfaces of the main interface cannot be set to untag.

      • When the device functions as a Layer 3 VXLAN gateway, the traffic encapsulation type on a Layer 2 sub-interface cannot be set to default.

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31588

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next