No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Static Route for GRE to Implement Interworking Between IPv4 Networks

Example for Configuring a Static Route for GRE to Implement Interworking Between IPv4 Networks

Networking Requirements

As shown in Figure 2-11, RouterA, RouterB, and RouterC run OSPF to implement interworking over the public network. PC1 and PC2 run the IPv4 proprietary protocol and communicate with each other over the public network.

PC1 and PC2 use RouterA and RouterC as their default gateways respectively.

Figure 2-11  Configuring a static route for GRE

Configuration Roadmap

To allow PC1 to communicate with PC2, you can configure a direct link between RouterA and RouterC to set up a GRE tunnel and configure a static route to forward packets through tunnel interfaces to the peer.

The configuration roadmap is as follows:

  1. Run OSPF on the devices to implement interworking among them.

  2. Create tunnel interfaces on RouterA and RouterC to set up a GRE tunnel, and configure a static route passing through tunnel interfaces on RouterA and RouterC, so that traffic between PC1 and PC2 can be transmitted over the GRE tunnel.

Procedure

  1. Configure an IP address for each physical interface.

    # Configure RouterA.

    <Huawei> system-view
    [Huawei] sysname RouterA
    [RouterA] interface gigabitethernet 1/0/0
    [RouterA-GigabitEthernet1/0/0] ip address 20.1.1.1 255.255.255.0
    [RouterA-GigabitEthernet1/0/0] quit
    [RouterA] interface gigabitethernet 2/0/0
    [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.2 255.255.255.0
    [RouterA-GigabitEthernet2/0/0] quit

    # Configure RouterB.

    <Huawei> system-view
    [Huawei] sysname RouterB
    [RouterB] interface gigabitethernet 1/0/0
    [RouterB-GigabitEthernet1/0/0] ip address 20.1.1.2 255.255.255.0
    [RouterB-GigabitEthernet1/0/0] quit
    [RouterB] interface gigabitethernet 2/0/0
    [RouterB-GigabitEthernet2/0/0] ip address 30.1.1.1 255.255.255.0
    [RouterB-GigabitEthernet2/0/0] quit

    # Configure RouterC.

    <Huawei> system-view
    [Huawei] sysname RouterC
    [RouterC] interface gigabitethernet 1/0/0
    [RouterC-GigabitEthernet1/0/0] ip address 30.1.1.2 255.255.255.0
    [RouterC-GigabitEthernet1/0/0] quit
    [RouterC] interface gigabitethernet 2/0/0
    [RouterC-GigabitEthernet2/0/0] ip address 10.2.1.2 255.255.255.0
    [RouterC-GigabitEthernet2/0/0] quit

  2. Configure OSPF on the devices.

    # Configure RouterA.

    [RouterA] ospf 1
    [RouterA-ospf-1] area 0
    [RouterA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [RouterA-ospf-1-area-0.0.0.0] quit
    [RouterA-ospf-1] quit

    # Configure RouterB.

    [RouterB] ospf 1
    [RouterB-ospf-1] area 0
    [RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [RouterB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [RouterB-ospf-1-area-0.0.0.0] quit
    [RouterB-ospf-1] quit

    # Configure RouterC.

    [RouterC] ospf 1
    [RouterC-ospf-1] area 0
    [RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [RouterC-ospf-1-area-0.0.0.0] quit
    [RouterC-ospf-1] quit

    # After the configuration is complete, run the display ip routing-table command on RouterA and RouterC. The command output shows that they have learned the OSPF route destined for the network segment of the peer.

    # The command output on RouterA is used as an example.

    [RouterA] display ip routing-table protocol ospf
    <keyword conref="../commonterms/commonterms.xml#commonterms/route-flags"></keyword>                                          
    ------------------------------------------------------------------------------       
    Public routing table : OSPF                                                          
             Destinations : 1        Routes : 1                                          
                                                                                         
    OSPF routing table status : <Active>                                                 
             Destinations : 1        Routes : 1                                          
                                                                                         
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface           
                                                                                         
           30.1.1.0/24  OSPF    10   2           D   20.1.1.2        GigabitEthernet1/0/0
                                                                                         
    OSPF routing table status : <Inactive>                                               
             Destinations : 0        Routes : 0                                          
                                                                                         

  3. Configure a tunnel interface.

    # Configure RouterA.

    [RouterA] interface tunnel 0/0/1
    [RouterA-Tunnel0/0/1] tunnel-protocol gre
    [RouterA-Tunnel0/0/1] ip address 10.3.1.1 255.255.255.0
    [RouterA-Tunnel0/0/1] source 20.1.1.1
    [RouterA-Tunnel0/0/1] destination 30.1.1.2
    [RouterA-Tunnel0/0/1] quit

    # Configure RouterC.

    [RouterC] interface tunnel 0/0/1
    [RouterC-Tunnel0/0/1] tunnel-protocol gre
    [RouterC-Tunnel0/0/1] ip address 10.3.1.2 255.255.255.0
    [RouterC-Tunnel0/0/1] source 30.1.1.2
    [RouterC-Tunnel0/0/1] destination 20.1.1.1
    [RouterC-Tunnel0/0/1] quit

    # After the configuration is complete, the tunnel interfaces turn Up and can ping each other. This indicates that a direct tunnel has been set up.

    # The command output on RouterA is used as an example.

    [RouterA] ping -a 10.3.1.1 10.3.1.2
      PING 10.3.1.2: 56  data bytes, press CTRL_C to break        
        Reply from 10.3.1.2: bytes=56 Sequence=1 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
        Reply from 10.3.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms
                                                                  
      --- 10.3.1.2 ping statistics ---                            
        5 packet(s) transmitted                                   
        5 packet(s) received                                      
        0.00% packet loss                                         
        round-trip min/avg/max = 1/1/1 ms                         
                                                                  

  4. Configure a static route.

    # Configure RouterA.

    [RouterA] ip route-static 10.2.1.0 255.255.255.0 tunnel 0/0/1

    # Configure RouterC.

    [RouterC] ip route-static 10.1.1.0 255.255.255.0 tunnel 0/0/1

    # After the configuration is complete, run the display ip routing-table command on RouterA and RouterC. The command output shows the static route from the tunnel interface to the user-side network segment.

    # The command output on RouterA is used as an example.

    [RouterA] display ip routing-table 10.2.1.0
    <keyword conref="../commonterms/commonterms.xml#commonterms/route-flags"></keyword>                                   
    ------------------------------------------------------------------------------
    Routing Table : Public                                                        
    Summary Count : 1                                                             
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface    
                                                                                  
           10.2.1.0/24  Static  60   0           D   10.3.1.2        Tunnel0/0/1  
                                                                                  

    PC1 and PC2 can ping each other.

Configuration Files

  • Configuration file of RouterA

    #
     sysname RouterA
    #
    interface GigabitEthernet1/0/0
     ip address 20.1.1.1 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 10.1.1.2 255.255.255.0
    #
    interface Tunnel0/0/1
     ip address 10.3.1.1 255.255.255.0
     tunnel-protocol gre
     source 20.1.1.1
     destination 30.1.1.2
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    ip route-static 10.2.1.0 255.255.255.0 Tunnel0/0/1
    #
    return
  • Configuration file of RouterB

    #
     sysname RouterB
    #
    interface GigabitEthernet1/0/0
     ip address 20.1.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 30.1.1.1 255.255.255.0
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • Configuration file of RouterC

    #
     sysname RouterC
    #
    interface GigabitEthernet1/0/0
     ip address 30.1.1.2 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 10.2.1.2 255.255.255.0
    #
    interface Tunnel0/0/1
     ip address 10.3.1.2 255.255.255.0
     tunnel-protocol gre
     source 30.1.1.2
     destination 20.1.1.1
    #
    ospf 1
     area 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    ip route-static 10.1.1.0 255.255.255.0 Tunnel0/0/1
    #
    return
Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31593

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next