No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Static Route for GRE

Example for Configuring a Static Route for GRE

This section provides an example for configuring a static GRE route. In this networking scheme, traffic between users is transmitted through a GRE tunnel; a static route is configured between the device and its connected client.

Networking Requirements

In Figure 3-4, Device A, Device B, and Device C belong to the VPN backbone network, and OSPF runs between them.

It is required that a static route be established between Device A and Device C. To meet such a requirement, configure a GRE tunnel between Device A and Device C and specify the tunnel interface as the outbound interface of a static route so that PC1 and PC2 can communicate with each other.

PC1 takes Device A as its default gateway, and PC2 takes Device C as its default gateway.

Figure 3-4 Networking diagram of configuring a static route for GRE
NOTE:

Interfaces 1 through 3 in this example are GE 0/1/0, GE 0/2/0, Tunnel1, respectively.



Precautions

A distributed GRE tunnel is used as an example.

The distributed GRE tunnel and integrated GRE tunnel differ in that the former uses a one-dimensional interface (named only by the interface number) as the tunnel interface whereas the latter uses a three-dimensional interface (named by the slot ID, subcard ID, and interface number) as the tunnel interface.

For an integrated GRE tunnel, the tunnel interface must be a three-dimensional interface (named by the slot ID, subcard ID, and interface number). The slot ID of the tunnel interface must be consistent with the ID of the slot in which the source interface-bound tunnel service board resides. If the slot IDs are different, the GRE tunnel cannot be established.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a dynamic routing protocol on the NEs.

  2. Create a tunnel interface on Device A and Device C.

  3. Specify the source address of the tunnel interface as the IP address of the interface that sends the packet.

  4. Specify the destination address of the tunnel interface as the IP address of the interface that receives the packet.

  5. Assign network addresses to the tunnel interfaces to enable the tunnel to support the dynamic routing protocol.

  6. Configure the static route between Device A and its connected PC, and the static route between Device C and its connected PC to make the traffic between PC1 and PC2 transmitted through the GRE tunnel.

  7. Configure the egress of the static route as the local tunnel interface.

Data Preparation

To complete the configuration, you need the following data:

  • Data for running OSPF

  • Source address and destination address of the GRE tunnel, and IP addresses of tunnel interfaces

Procedure

  1. Configure the IP address for each interface.

    # Configure DeviceA.

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceA
    [*HUAWEI] commit
    [~DeviceA] vlan batch 10 20
    [*DeviceA] interface GigabitEthernet 0/1/0
    [*DeviceA-GigabitEthernet0/1/0] undo shutdown
    [*DeviceA-GigabitEthernet0/1/0] portswitch
    [*DeviceA-GigabitEthernet0/1/0] port link-type hybrid
    [*DeviceA-GigabitEthernet0/1/0] port default vlan 10
    [*DeviceA-GigabitEthernet0/1/0] quit
    [*DeviceA] interface GigabitEthernet 0/2/0
    [*DeviceA-GigabitEthernet0/2/0] undo shutdown
    [*DeviceA-GigabitEthernet0/2/0] portswitch
    [*DeviceA-GigabitEthernet0/2/0] port link-type hybrid
    [*DeviceA-GigabitEthernet0/2/0] port default vlan 20
    [*DeviceA-GigabitEthernet0/2/0] quit
    [*DeviceA] interface Vlanif10
    [*DeviceA-Vlanif10] ip address 20.1.1.1 24
    [*DeviceA-Vlanif10] quit
    [*DeviceA] interface Vlanif20
    [*DeviceA-Vlanif20] ip address 10.1.1.2 24
    [*DeviceA-Vlanif20] quit
    [*DeviceA] interface loopback1
    [*DeviceA-LoopBack1] ip address 1.1.1.9 32
    [*DeviceA-LoopBack1] quit
    [*DeviceA] commit

    # Configure DeviceB.

    [~HUAWEI] sysname DeviceB
    [*HUAWEI] commit
    [~DeviceB] vlan batch 10 20
    [*DeviceB] interface GigabitEthernet 0/1/0
    [*DeviceB-GigabitEthernet0/1/0] undo shutdown
    [*DeviceB-GigabitEthernet0/1/0] portswitch
    [*DeviceB-GigabitEthernet0/1/0] port link-type hybrid
    [*DeviceB-GigabitEthernet0/1/0] port default vlan 10
    [*DeviceB-GigabitEthernet0/1/0] quit
    [*DeviceB] interface GigabitEthernet 0/2/0
    [*DeviceB-GigabitEthernet0/2/0] undo shutdown
    [*DeviceB-GigabitEthernet0/2/0] portswitch
    [*DeviceB-GigabitEthernet0/2/0] port link-type hybrid
    [*DeviceB-GigabitEthernet0/2/0] port default vlan 20
    [*DeviceB-GigabitEthernet0/2/0] quit
    [*DeviceB] interface Vlanif10
    [*DeviceB-Vlanif10] ip address 20.1.1.2 24
    [*DeviceB-Vlanif10] quit
    [*DeviceB] interface Vlanif20
    [*DeviceB-Vlanif20] ip address 30.1.1.1 24
    [*DeviceB-Vlanif20] quit
    [*DeviceB] commit

    # Configure DeviceC.

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceC
    [*HUAWEI] commit
    [~DeviceC] vlan batch 10 20
    [*DeviceC] interface GigabitEthernet 0/1/0
    [*DeviceC-GigabitEthernet0/1/0] undo shutdown
    [*DeviceC-GigabitEthernet0/1/0] portswitch
    [*DeviceC-GigabitEthernet0/1/0] port link-type hybrid
    [*DeviceC-GigabitEthernet0/1/0] port default vlan 20
    [*DeviceC-GigabitEthernet0/1/0] quit
    [*DeviceC] interface GigabitEthernet 0/2/0
    [*DeviceC-GigabitEthernet0/2/0] undo shutdown
    [*DeviceC-GigabitEthernet0/2/0] portswitch
    [*DeviceC-GigabitEthernet0/2/0] port link-type hybrid
    [*DeviceC-GigabitEthernet0/2/0] port default vlan 10
    [*DeviceC-GigabitEthernet0/2/0] quit
    [*DeviceC] interface Vlanif10
    [*DeviceC-Vlanif10] ip address 10.2.1.2 24
    [*DeviceC-Vlanif10] quit
    [*DeviceC] interface Vlanif20
    [*DeviceC-Vlanif20] ip address 30.1.1.2 24
    [*DeviceC-Vlanif20] quit
    [*DeviceC] interface loopback1
    [*DeviceC-LoopBack1] ip address 2.2.2.9 32
    [*DeviceC-LoopBack1] quit
    [*DeviceC] commit

  2. Configure IGP for the VPN backbone network.

    # Configure DeviceA.

    [~DeviceA] ospf 1
    [*DeviceA-ospf-1] area 0
    [*DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [*DeviceA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*DeviceA-ospf-1-area-0.0.0.0] quit
    [*DeviceA-ospf-1] quit
    [*DeviceA] commit

    # Configure DeviceB.

    [~DeviceB] ospf 1
    [*DeviceB-ospf-1] area 0
    [*DeviceB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [*DeviceB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [*DeviceB-ospf-1-area-0.0.0.0] quit
    [*DeviceB-ospf-1] quit
    [*DeviceB] commit

    # Configure DeviceC.

    [~DeviceC] ospf 1
    [*DeviceC-ospf-1] area 0
    [*DeviceC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [*DeviceA-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
    [*DeviceC-ospf-1-area-0.0.0.0] quit
    [*DeviceC-ospf-1] quit
    [*DeviceC] commit

    After the configuration, run the display ip routing-table command on Device A and Device C. The command output shows that they both learn the OSPF route to the network segment of the remote interface.

    # Take Device A as an example.

    [~DeviceA] display ip routing-table
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 11       Routes : 11
    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
    
            1.1.1.9/32  Direct  0    0             D  127.0.0.1       InLoopBack0
            2.2.2.9/24  OSPF    10   2             D  20.1.1.2        Vlanif10
           10.1.1.0/24  Direct  0    0             D  10.1.1.2        Vlanif20
           10.1.1.2/32  Direct  0    0             D  127.0.0.1       Vlanif20
         10.1.1.255/32  Direct  0    0             D  127.0.0.1       Vlanif20
           20.1.1.0/24  Direct  0    0             D  20.1.1.1        Vlanif10
           20.1.1.1/32  Direct  0    0             D  127.0.0.1       Vlanif10
         20.1.1.255/32  Direct  0    0             D  127.0.0.1       Vlanif10
           30.1.1.0/24  OSPF    10   2             D  20.1.1.2        Vlanif10
          127.0.0.0/8   Direct  0    0             D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct  0    0             D  127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0
    255.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0

  3. Configure the tunnel interface.

    # Configure DeviceA.

    [~DeviceA] interface loopback1
    [*DeviceA-LoopBack1] binding tunnel gre
    [*DeviceA-LoopBack1] commit
    [~DeviceA-LoopBack1] quit
    [~DeviceA] interface tunnel1
    [*DeviceA-Tunnel1] tunnel-protocol gre
    [*DeviceA-Tunnel1] ip address 40.1.1.1 255.255.255.0
    [*DeviceA-Tunnel1] source 1.1.1.9
    [*DeviceA-Tunnel1] destination 2.2.2.9
    [*DeviceA-Tunnel1] quit
    [*DeviceA] commit

    # Configure DeviceC.

    [~DeviceC] interface loopback1
    [*DeviceC-LoopBack1] binding tunnel gre
    [*DeviceC-LoopBack1] commit
    [~DeviceC-LoopBack1] quit
    [~DeviceC] interface tunnel1
    [*DeviceC-Tunnel1] tunnel-protocol gre
    [*DeviceC-Tunnel1] ip address 40.1.1.2 255.255.255.0
    [*DeviceC-Tunnel1] source 2.2.2.9
    [*DeviceC-Tunnel1] destination 1.1.1.9
    [*DeviceC-Tunnel1] quit
    [*DeviceC] commit

    After the configuration, the status of tunnel interfaces goes Up, and the tunnel interfaces can ping each other.

    # Take Device A as an example:

    [~DeviceA] ping -a 40.1.1.1 40.1.1.2
      PING 40.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=255 time=24 ms
        Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=255 time=33 ms
        Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=255 time=48 ms
        Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=255 time=33 ms
        Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=255 time=36 ms
      --- 40.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 24/34/48 ms

  4. Configure a static route.

    # Configure DeviceA.

    [~DeviceA] ip route-static 10.2.1.0 255.255.255.0 tunnel1
    [*DeviceA] commit

    # Configure DeviceC.

    [~DeviceC] ip route-static 10.1.1.0 255.255.255.0 tunnel1
    [*DeviceC] commit

  5. Verify the configuration.

    After the configuration, run the display ip routing-table command on Device A and Device C. The command output shows the static route to the network segment of the remote user end through the tunnel interface.

    Take Device A as an example:

    [~DeviceA] display ip routing-table
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 15       Routes : 15
    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
    
            1.1.1.9/32  Direct  0    0             D  127.0.0.1       InLoopBack0
            2.2.2.9/24  OSPF    10   2             D  20.1.1.2        Vlanif10
           10.1.1.0/24  Direct  0    0             D  10.1.1.2        Vlanif20
           10.1.1.2/32  Direct  0    0             D  127.0.0.1       Vlanif20
         10.1.1.255/32  Direct  0    0             D  127.0.0.1       Vlanif20
          10.2.1.0/24 Static 60   0             D 0.0.0.0        Tunnel1
           20.1.1.0/24  Direct  0    0             D  20.1.1.1        Vlanif10
           20.1.1.1/32  Direct  0    0             D  127.0.0.1       Vlanif10
         20.1.1.255/32  Direct  0    0             D  127.0.0.1       Vlanif10
           30.1.1.0/24  OSPF    10   2             D  20.1.1.2        Vlanif10
           40.1.1.0/24  Direct  0    0             D  40.1.1.1        Tunnel1
           40.1.1.1/32  Direct  0    0             D  127.0.0.1       Tunnel1
         40.1.1.255/32  Direct  0    0             D  127.0.0.1       Tunnel1
          127.0.0.0/8   Direct  0    0             D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct  0    0             D  127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0
    255.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0

Configuration Files

  • Device A configuration file

    #
    sysname DeviceA
    #
    vlan batch 10 20
    #
    interface Vlanif10
     ip address 20.1.1.1 255.255.255.0
    #
    interface Vlanif20
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet 0/1/0
     portswitch
     undo shutdown
     port default vlan 10
    #
    interface GigabitEthernet 0/2/0
     portswitch
     undo shutdown
     port default vlan 20
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
     binding tunnel gre
    #
    interface Tunnel1
     ip address 40.1.1.1 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.9
     destination 2.2.2.9
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    ip route-static 10.2.1.0 255.255.255.0 Tunnel1
    #
    return
  • Device B configuration file

    #
    sysname DeviceB
    #
    vlan batch 10 20
    #
    interface Vlanif10
     ip address 20.1.1.2 255.255.255.0
    #
    interface Vlanif20
     ip address 30.1.1.1 255.255.255.0
    #
    interface GigabitEthernet 0/1/0
     portswitch
     undo shutdown
     port default vlan 10
    #
    interface GigabitEthernet 0/2/0
     portswitch
     undo shutdown
     port default vlan 20
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • Device C configuration file

    #
    sysname DeviceC
    #
    vlan batch 10 20
    #
    interface Vlanif10
     ip address 10.2.1.2 255.255.255.0
    #
    interface Vlanif20
     ip address 30.1.1.2 255.255.255.0
    #
    interface GigabitEthernet 0/1/0
     portswitch
     undo shutdown
     port default vlan 20
    #
    interface GigabitEthernet 0/2/0
     portswitch
     undo shutdown
     port default vlan 10
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
     binding tunnel gre
    #
    interface Tunnel1
     ip address 40.1.1.2 255.255.255.0
     tunnel-protocol gre
     source 2.2.2.9
     destination 1.1.1.9
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    ip route-static 10.1.1.0 255.255.255.0 Tunnel1
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 36898

Downloads: 61

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next