No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Static Route for GRE to Implement Interworking Between IPv4 Networks

Example for Configuring a Static Route for GRE to Implement Interworking Between IPv4 Networks

Networking Requirements

As shown in Figure 1-13:
  • SwitchA, SwitchB, and SwitchC communicate with each other through a public network. (The OSPF protocol is used in this example.)
  • PC1 and PC2 run the IPv4 proprietary protocol and communicate with each other over the public network.
  • PC1 and PC2 use SwitchA and SwitchC as their default gateways respectively.

Figure 1-13 Configuring a static route for GRE

Configuration Roadmap

To allow PC1 to communicate with PC2, you can configure a direct link between SwitchA and SwitchC to set up a GRE tunnel and configure a static route to forward packets through tunnel interfaces to the peer.

The configuration roadmap is as follows:

  1. Run OSPF on the devices to implement interworking among them.

  2. Create tunnel interfaces on SwitchA and SwitchC to set up a GRE tunnel, and configure a static route passing through tunnel interfaces on SwitchA and SwitchC, so that traffic between PC1 and PC2 can be transmitted over the GRE tunnel.

Procedure

  1. Configure an IP address for each physical interface.

    # Configure SwitchA.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 10 30
    [*SwitchA] interface 10ge 1/0/0
    [*SwitchA-10GE1/0/0] port link-type trunk
    [*SwitchA-10GE1/0/0] port trunk allow-pass vlan 10
    [*SwitchA-10GE1/0/0] quit
    [*SwitchA] interface 10ge 2/0/0
    [*SwitchA-10GE2/0/0] port link-type access
    [*SwitchA-10GE2/0/0] port default vlan 30
    [*SwitchA-10GE2/0/0] quit
    [*SwitchA] interface vlanif 10
    [*SwitchA-Vlanif10] ip address 20.1.1.1 24
    [*SwitchA-Vlanif10] quit
    [*SwitchA] interface vlanif 30
    [*SwitchA-Vlanif30] ip address 10.1.1.2 24
    [*SwitchA-Vlanif30] quit
    [*SwitchA] commit
    

    # Configure SwitchB.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [*HUAWEI] commit
    [~SwitchB] vlan batch 10 20
    [*SwitchB] interface 10ge 1/0/0
    [*SwitchB-10GE1/0/0] port link-type trunk
    [*SwitchB-10GE1/0/0] port trunk allow-pass vlan 10
    [*SwitchB-10GE1/0/0] quit
    [*SwitchB] interface 10ge 2/0/0
    [*SwitchB-10GE2/0/0] port link-type trunk
    [*SwitchB-10GE2/0/0] port trunk allow-pass vlan 20
    [*SwitchB-10GE2/0/0] quit
    [*SwitchB] interface vlanif 10
    [*SwitchB-Vlanif10] ip address 20.1.1.2 24
    [*SwitchB-Vlanif10] quit
    [*SwitchB] interface vlanif 20
    [*SwitchB-Vlanif20] ip address 30.1.1.1 24
    [*SwitchB-Vlanif20] quit
    [*SwitchB] commit

    # Configure SwitchC.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchC
    [*HUAWEI] commit
    [~SwitchC] vlan batch 20 30
    [*SwitchC] interface 10ge 1/0/0
    [*SwitchC-10GE1/0/0] port link-type trunk
    [*SwitchC-10GE1/0/0] port trunk allow-pass vlan 20
    [*SwitchC-10GE1/0/0] quit
    [*SwitchC] interface 10ge 2/0/0
    [*SwitchC-10GE2/0/0] port link-type access
    [*SwitchC-10GE2/0/0] port default vlan 30 
    [*SwitchC-10GE2/0/0] quit
    [*SwitchC] interface vlanif 20
    [*SwitchC-Vlanif20] ip address 30.1.1.2 24
    [*SwitchC-Vlanif20] quit
    [*SwitchC] interface vlanif 30
    [*SwitchC-Vlanif30] ip address 10.2.1.2 24
    [*SwitchC-Vlanif30] quit
    [*SwitchC] commit

  2. Configure OSPF on the devices.

    # Configure SwitchA.

    [~SwitchA] ospf 1
    [*SwitchA-ospf-1] area 0
    [*SwitchA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [*SwitchA-ospf-1-area-0.0.0.0] quit
    [*SwitchA-ospf-1] quit
    [*SwitchA] commit

    # Configure SwitchB.

    [~SwitchB] ospf 1
    [*SwitchB-ospf-1] area 0
    [*SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
    [*SwitchB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [*SwitchB-ospf-1-area-0.0.0.0] quit
    [*SwitchB-ospf-1] quit
    [*SwitchB] commit

    # Configure SwitchC.

    [~SwitchC] ospf 1
    [*SwitchC-ospf-1] area 0
    [*SwitchC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
    [*SwitchC-ospf-1-area-0.0.0.0] quit
    [*SwitchC-ospf-1] quit
    [*SwitchC] commit

    # After the configuration is complete, run the display ip routing-table command on SwitchA and SwitchC. The command output shows that they have learned the OSPF route destined for the network segment of the peer.

  3. Configure the tunnel mode.

    NOTE:

    This command takes effect only after the configuration is saved and device restarts. You can choose to restart the device immediately or after all configurations are complete.

    # Configure SwitchA.

    [~SwitchA] ip tunnel mode gre
    [*SwitchA] commit

    # Configure SwitchC.

    [~SwitchC] ip tunnel mode gre
    [*SwitchC] commit

  4. Configure a tunnel interface.

    # Configure SwitchA.

    [~SwitchA] interface tunnel 1
    [*SwitchA-Tunnel1] tunnel-protocol gre
    [*SwitchA-Tunnel1] ip address 40.1.1.1 255.255.255.0
    [*SwitchA-Tunnel1] source 20.1.1.1
    [*SwitchA-Tunnel1] destination 30.1.1.2
    [*SwitchA-Tunnel1] quit
    [*SwitchA] commit

    # Configure SwitchC.

    [~SwitchC] interface tunnel 1
    [*SwitchC-Tunnel1] tunnel-protocol gre
    [*SwitchC-Tunnel1] ip address 40.1.1.2 255.255.255.0
    [*SwitchC-Tunnel1] source 30.1.1.2
    [*SwitchC-Tunnel1] destination 20.1.1.1
    [*SwitchC-Tunnel1] quit
    [*SwitchC] commit

    # After the configuration is complete, the tunnel interfaces turn Up and can ping each other. This indicates that a direct tunnel has been set up.

    # The command output on SwitchA is used as an example.

    [~SwitchA] ping -a 40.1.1.1 40.1.1.2
      PING 40.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=255 time=1 ms
        Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
        Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
        Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
        Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms
    
      --- 40.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 1/1/1 ms
    

  5. Configure a static route.

    # Configure SwitchA.

    [~SwitchA] ip route-static 10.2.1.0 255.255.255.0 tunnel 1
    [*SwitchA] commit

    # Configure SwitchC.

    [~SwitchC] ip route-static 10.1.1.0 255.255.255.0 tunnel 1
    [*SwitchC] commit

    # After the configuration is complete, run the display ip routing-table command on SwitchA and SwitchC. The command output shows the static route from the tunnel interface to the user-side network segment.

    # The command output on SwitchA is used as an example.

    [~SwitchA] display ip routing-table 10.2.1.0
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------  
    Routing Table : _public_                                                        
    Summary Count : 1                                                               
                                                                                    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface    
                                                                                    
           10.2.1.0/24  Static  60   0             D  0.0.0.0         Tunnel1       

    PC1 and PC2 can ping each other.

Configuration Files

  • Configuration file of SwitchA

    #
    sysname SwitchA
    #
    vlan batch 10 30
    #
    ip tunnel mode gre
    #
    interface Vlanif10
     ip address 20.1.1.1 255.255.255.0
    #
    interface Vlanif30
     ip address 10.1.1.2 255.255.255.0
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/0
     port link-type access
     port default vlan 30
    #
    interface Tunnel1
     ip address 40.1.1.1 255.255.255.0
     tunnel-protocol gre
     source 20.1.1.1
     destination 30.1.1.2
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    ip route-static 10.2.1.0 255.255.255.0 Tunnel1
    #
    return
  • Configuration file of SwitchB

    #
    sysname SwitchB
    #
    vlan batch 10 20
    #
    interface Vlanif10
     ip address 20.1.1.2 255.255.255.0
    #
    interface Vlanif20
     ip address 30.1.1.1 255.255.255.0
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    ospf 1
     area 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • Configuration file of SwitchC

    #
    sysname SwitchC
    #
    vlan batch 20 30
    #
    ip tunnel mode gre
    #
    interface Vlanif20
     ip address 30.1.1.2 255.255.255.0
    #
    interface Vlanif30
     ip address 10.2.1.2 255.255.255.0
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE2/0/0
     port link-type access
     port default vlan 30
    #
    interface Tunnel1
     ip address 40.1.1.2 255.255.255.0
     tunnel-protocol gre
     source 30.1.1.2
     destination 20.1.1.1
    #
    ospf 1
     area 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    ip route-static 10.1.1.0 255.255.255.0 Tunnel1
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14620

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next