Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Device as a DHCP Relay Agent (Connected to a DHCP Server over a BGP/MPLS IP VPN Tunnel)
Networking Requirements
In Figure 3-16, branch 1 and branch 2 of an enterprise are connected to the headquarters through BGP/MPLS IP VPN tunnels to implement secure interconnection. CE_1 and CE_2 are the egress gateways of branch 1 and branch 2, respectively. For service isolation, branch 1 and branch 2 are deployed in vpna and vpnb, respectively. The enterprise administrator deploys a DHCP server in the headquarters and a multi-VPN-instance customer edge (MCE) as the headquarters egress gateway so that the DHCP server can allocate IP addresses on 10.1.1.0/24 to terminals in branch1 and branch 2.
Configuration Roadmap
Configure Open Shortest Path First (OSPF) between PE_1 and PE_2 to implement interworking between them and configure MP-IBGP to exchange VPN routing information.
Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up an LDP LSP.
Create VPN instances vpna and vpnb on the MCE, PE_1, and PE_2 to isolate services.
Set up EBGP peer relationships between PE_1 and its connected CEs and import BGP routes to the VPN routing table of PE1.
Configure the MCE as a DHCP server to allocate IP addresses from the global address pool to terminals in branch 1 and branch 2.
Configure the DHCP relay function on CE_1 and CE_2 to forward DHCP messages between the DHCP server and terminals so that the terminals can apply to the DHCP server for IP addresses.
Configure the terminals to dynamically obtain IP addresses from the DHCP server.
This example uses Huawei AR series routers running V200R005C20 as PE_1 and PE_2, and a Huawei S series switch as the MCE.
Procedure
- Create VLANs, add interfaces to the VLANs, and configure IP addresses for the VLANIF interfaces.
# Configure CE_1.
<HUAWEI> system-view [HUAWEI] sysname CE_1 [CE_1] vlan batch 10 20 [CE_1] interface gigabitethernet 1/0/1 [CE_1-GigabitEthernet1/0/1] port link-type hybrid [CE_1-GigabitEthernet1/0/1] port hybrid pvid vlan 10 [CE_1-GigabitEthernet1/0/1] port hybrid untagged vlan 10 [CE_1-GigabitEthernet1/0/1] quit [CE_1] interface gigabitethernet 1/0/2 [CE_1-GigabitEthernet1/0/2] port link-type hybrid [CE_1-GigabitEthernet1/0/2] port hybrid pvid vlan 20 [CE_1-GigabitEthernet1/0/2] port hybrid untagged vlan 20 [CE_1-GigabitEthernet1/0/2] quit [CE_1] interface vlanif 10 [CE_1-Vlanif10] ip address 10.1.1.1 24 [CE_1-Vlanif10] quit [CE_1] interface vlanif 20 [CE_1-Vlanif20] ip address 10.1.2.1 24 [CE_1-Vlanif20] quit
# Configure CE_2.
<HUAWEI> system-view [HUAWEI] sysname CE_2 [CE_2] vlan batch 10 20 [CE_2] interface gigabitethernet 1/0/1 [CE_2-GigabitEthernet1/0/1] port link-type hybrid [CE_2-GigabitEthernet1/0/1] port hybrid pvid vlan 10 [CE_2-GigabitEthernet1/0/1] port hybrid untagged vlan 10 [CE_2-GigabitEthernet1/0/1] quit [CE_2] interface gigabitethernet 1/0/2 [CE_2-GigabitEthernet1/0/2] port link-type hybrid [CE_2-GigabitEthernet1/0/2] port hybrid pvid vlan 20 [CE_2-GigabitEthernet1/0/2] port hybrid untagged vlan 20 [CE_2-GigabitEthernet1/0/2] quit [CE_2] interface vlanif 10 [CE_2-Vlanif10] ip address 10.1.1.1 24 [CE_2-Vlanif10] quit [CE_2] interface vlanif 20 [CE_2-Vlanif20] ip address 10.1.2.1 24 [CE_2-Vlanif20] quit
# Configure PE_1.
<HUAWEI> system-view [HUAWEI] sysname PE_1 [PE_1] interface loopback 0 [PE_1-LoopBack0] ip address 10.10.10.9 32 [PE_1-LoopBack0] quit [PE_1] interface gigabitethernet 3/0/0 [PE_1-GigabitEthernet3/0/0] ip address 10.1.3.1 24 [PE_1-GigabitEthernet3/0/0] quit
# Configure PE_2.
<HUAWEI> system-view [HUAWEI] sysname PE_2 [PE_2] interface loopback 0 [PE_2-LoopBack0] ip address 10.20.20.9 32 [PE_2-LoopBack0] quit [PE_2] interface gigabitethernet 2/0/0 [PE_2-GigabitEthernet2/0/0] ip address 10.1.3.2 24 [PE_2-GigabitEthernet2/0/0] quit
- Configure OSPF routes between PE_1 and PE_2.
# Configure PE_1.
[PE_1] ospf 1 [PE_1-ospf-1] area 0 [PE_1-ospf-1-area-0.0.0.0] network 10.10.10.9 0.0.0.0 [PE_1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [PE_1-ospf-1-area-0.0.0.0] quit [PE_1-ospf-1] quit
# Configure PE_2.
[PE_2] ospf 1 [PE_2-ospf-1] area 0 [PE_2-ospf-1-area-0.0.0.0] network 10.20.20.9 0.0.0.0 [PE_2-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [PE_2-ospf-1-area-0.0.0.0] quit [PE_2-ospf-1] quit
# After the configuration is complete, PE_1 and PE_2 set up the OSPF neighbor relationship. Run the display ip routing-table command on PE_1 and PE_2 to view the routes to each other.
- Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up an LDP LSP.
# Configure PE_1.
[PE_1] mpls lsr-id 10.10.10.9 [PE_1] mpls [PE_1-mpls] quit [PE_1] mpls ldp [PE_1-mpls-ldp] quit [PE_1] interface gigabitethernet 3/0/0 [PE_1-GigabitEthernet3/0/0] mpls [PE_1-GigabitEthernet3/0/0] mpls ldp [PE_1-GigabitEthernet3/0/0] quit
# Configure PE_2.
[PE_2] mpls lsr-id 10.20.20.9 [PE_2] mpls [PE_2-mpls] quit [PE_2] mpls ldp [PE_2-mpls-ldp] quit [PE_2] interface gigabitethernet 2/0/0 [PE_2-GigabitEthernet2/0/0] mpls [PE_2-GigabitEthernet2/0/0] mpls ldp [PE_2-GigabitEthernet2/0/0] quit
# After the configuration is complete, PE_1 and PE_2 set up an LDP session. Run the display mpls ldp session command on PE_1 and PE_2. The command output shows that the Status field is Operational. Run the display mpls ldp lsp command. Information about the established LDP LSP is displayed.
- Configure VPN instances on the MCE, PE_1, and PE_2.
# Configure PE_1.
[PE_1] ip vpn-instance vpna [PE_1-vpn-instance-vpna] ipv4-family [PE_1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 [PE_1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE_1-vpn-instance-vpna-af-ipv4] quit [PE_1-vpn-instance-vpna] quit [PE_1] ip vpn-instance vpnb [PE_1-vpn-instance-vpnb] ipv4-family [PE_1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2 [PE_1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE_1-vpn-instance-vpnb-af-ipv4] quit [PE_1-vpn-instance-vpnb] quit [PE_1] interface gigabitethernet 2/0/0 [PE_1-GigabitEthernet2/0/0] ip binding vpn-instance vpna [PE_1-GigabitEthernet2/0/0] ip address 10.1.2.2 24 [PE_1-GigabitEthernet2/0/0] quit [PE_1] interface gigabitethernet 1/0/0 [PE_1-GigabitEthernet1/0/0] ip binding vpn-instance vpnb [PE_1-GigabitEthernet1/0/0] ip address 10.1.2.2 24 [PE_1-GigabitEthernet1/0/0] quit
# Configure PE_2.
[PE_2] ip vpn-instance vpna [PE_2-vpn-instance-vpna] ipv4-family [PE_2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1 [PE_2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE_2-vpn-instance-vpna-af-ipv4] quit [PE_2-vpn-instance-vpna] quit [PE_2] ip vpn-instance vpnb [PE_2-vpn-instance-vpnb] ipv4-family [PE_2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 [PE_2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE_2-vpn-instance-vpnb-af-ipv4] quit [PE_2-vpn-instance-vpnb] quit [PE_2] interface gigabitethernet 1/0/0.1 [PE_2-GigabitEthernet1/0/0.1] dot1q termination vid 10 [PE_2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna [PE_2-GigabitEthernet1/0/0.1] ip address 10.1.4.2 24 [PE_2-GigabitEthernet1/0/0.1] arp broadcast enable [PE_2-GigabitEthernet1/0/0.1] quit [PE_2] interface gigabitethernet 1/0/0.2 [PE_2-GigabitEthernet1/0/0.2] dot1q termination vid 20 [PE_2-GigabitEthernet1/0/0.2] ip binding vpn-instance vpnb [PE_2-GigabitEthernet1/0/0.2] ip address 10.1.5.2 24 [PE_2-GigabitEthernet1/0/0.2] arp broadcast enable [PE_2-GigabitEthernet1/0/0.2] quit
# Configure the MCE.
<HUAWEI> system-view [HUAWEI] sysname MCE [MCE] ip vpn-instance vpna [MCE-vpn-instance-vpna] ipv4-family [MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1 [MCE-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [MCE-vpn-instance-vpna-af-ipv4] quit [MCE-vpn-instance-vpna] quit [MCE] ip vpn-instance vpnb [MCE-vpn-instance-vpnb] ipv4-family [MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 [MCE-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [MCE-vpn-instance-vpnb-af-ipv4] quit [MCE-vpn-instance-vpnb] quit [MCE] interface GigabitEthernet 1/0/1 [MCE-GigabitEthernet1/0/1] undo portswitch [MCE-GigabitEthernet1/0/1] quit [MCE] interface gigabitethernet 1/0/1.1 [MCE-GigabitEthernet1/0/1.1] ip binding vpn-instance vpna [MCE-GigabitEthernet1/0/1.1] dot1q termination vid 10 [MCE-GigabitEthernet1/0/1.1] ip address 10.1.4.1 24 [MCE-GigabitEthernet1/0/1.1] arp broadcast enable [MCE-GigabitEthernet1/0/1.1] quit [MCE] interface gigabitethernet 1/0/1.2 [MCE-GigabitEthernet1/0/1.2] ip binding vpn-instance vpnb [MCE-GigabitEthernet1/0/1.2] dot1q termination vid 20 [MCE-GigabitEthernet1/0/1.2] ip address 10.1.5.1 24 [MCE-GigabitEthernet1/0/1.2] arp broadcast enable [MCE-GigabitEthernet1/0/1.2] quit
- Set up an MP-IBGP peer relationship between PE_1 and PE_2.
# Configure PE_1.
[PE_1] bgp 100 [PE_1-bgp] peer 10.20.20.9 as-number 100 [PE_1-bgp] peer 10.20.20.9 connect-interface loopback0 [PE_1-bgp] ipv4-family vpnv4 [PE_1-bgp-af-vpnv4] peer 10.20.20.9 enable [PE_1-bgp-af-vpnv4] quit [PE_1-bgp] ipv4-family vpn-instance vpna [PE_1-bgp-vpna] import-route direct [PE_1-bgp-vpna] quit [PE_1-bgp] ipv4-family vpn-instance vpnb [PE_1-bgp-vpnb] import-route direct [PE_1-bgp-vpnb] quit [PE_1-bgp] quit
# Configure PE_2.
[PE_2] bgp 100 [PE_2-bgp] peer 10.10.10.9 as-number 100 [PE_2-bgp] peer 10.10.10.9 connect-interface loopback0 [PE_2-bgp] ipv4-family vpnv4 [PE_2-bgp-af-vpnv4] peer 10.10.10.9 enable [PE_2-bgp-af-vpnv4] quit [PE_2-bgp] ipv4-family vpn-instance vpna [PE_2-bgp-vpna] import-route direct [PE_2-bgp-vpna] quit [PE_2-bgp] ipv4-family vpn-instance vpnb [PE_2-bgp-vpnb] import-route direct [PE_2-bgp-vpnb] quit [PE_2-bgp] quit
# After the configuration is complete, run the display bgp peer command on PE_1 and PE_2. The command output shows that an MP-IBGP peer relationship has been set up between PEs and the relationship is in Established state.
- Configure EBGP peer relationships between CE_1 and PE_1 and between CE_2 and PE_1.
# Configure CE_1.
[CE_1] bgp 65410 [CE_1-bgp] peer 10.1.2.2 as-number 100 [CE_1-bgp] ipv4-family unicast [CE_1-bgp-af-ipv4] undo synchronization [CE_1-bgp-af-ipv4] import-route direct
# Configure CE_2.
[CE_2] bgp 65411 [CE_2-bgp] peer 10.1.2.2 as-number 100 [CE_2-bgp] ipv4-family unicast [CE_2-bgp-af-ipv4] undo synchronization [CE_2-bgp-af-ipv4] import-route direct
# Configure PE_1.
[PE_1] bgp 100 [PE_1-bgp] ipv4-family vpn-instance vpna [PE_1-bgp-vpna] peer 10.1.2.1 as-number 65410 [PE_1-bgp-vpna] import-route direct [PE_1-bgp-vpna] quit [PE_1-bgp] ipv4-family vpn-instance vpnb [PE_1-bgp-vpnb] peer 10.1.2.1 as-number 65411 [PE_1-bgp-vpnb] import-route direct [PE_1-bgp-vpnb] quit [PE_1-bgp] quit
- Configure OSPF multi-instance between the MCE and PE_2.
# Configure PE_2.
To configure OSPF multi-instance between the MCE and PE2, perform the following tasks on PE_2:
- In the OSPF view, import BGP routes and advertise VPN routes of PE_1 to the MCE.
- In the BGP view, import routes of the OSPF processes and advertise the VPN routes of the MCE to PE_1.
[PE_2] ospf 100 vpn-instance vpna [PE_2-ospf-100] import-route bgp [PE_2-ospf-100] area 0 [PE_2-ospf-100-area-0.0.0.0] network 10.1.4.0 0.0.0.255 [PE_2-ospf-100-area-0.0.0.0] quit [PE_2-ospf-100] quit [PE_2] ospf 200 vpn-instance vpnb [PE_2-ospf-200] import-route bgp [PE_2-ospf-200] area 0 [PE_2-ospf-200-area-0.0.0.0] network 10.1.5.0 0.0.0.255 [PE_2-ospf-200-area-0.0.0.0] quit [PE_2-ospf-200] quit [PE_2] bgp 100 [PE_2-bgp] ipv4-family vpn-instance vpna [PE_2-bgp-vpna] import-route ospf 100 [PE_2-bgp-vpna] quit [PE_2-bgp] ipv4-family vpn-instance vpnb [PE_2-bgp-vpnb] import-route ospf 200 [PE_2-bgp-vpnb] quit [PE_2-bgp] quit
# Configure the MCE.
Import VPN routes to the OSPF processes.
[MCE] ospf 100 vpn-instance vpna [MCE-ospf-100] vpn-instance-capability simple [MCE-ospf-100] area 0 [MCE-ospf-100-area-0.0.0.0] network 10.1.4.0 0.0.0.255 [MCE-ospf-100-area-0.0.0.0] quit [MCE-ospf-100] quit [MCE] ospf 200 vpn-instance vpnb [MCE-ospf-200] vpn-instance-capability simple [MCE-ospf-200] area 0 [MCE-ospf-200-area-0.0.0.0] network 10.1.5.0 0.0.0.255 [MCE-ospf-200-area-0.0.0.0] quit [MCE-ospf-200] quit
# After the configuration is complete, run the display ip routing-table vpn-instance command on the MCE to view the routes to the remote CEs.
# Run the display ip routing-table vpn-instance command on PE_1 to view the routes to the remote CEs.
- Configure the MCE as the DHCP server.
# Enable DHCP.
[MCE] dhcp enable
# Create global address pools pool1 and pool2 to allocate IP addresses to terminals in branch 1 and branch 2.
[MCE] ip pool pool1 [MCE-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.0 [MCE-ip-pool-pool1] vpn-instance vpna [MCE-ip-pool-pool1] gateway-list 10.1.1.1 [MCE-ip-pool-pool1] quit [MCE] ip pool pool2 [MCE-ip-pool-pool2] network 10.1.1.0 mask 255.255.255.0 [MCE-ip-pool-pool2] vpn-instance vpnb [MCE-ip-pool-pool2] gateway-list 10.1.1.1 [MCE-ip-pool-pool2] quit
# Configure clients to obtain IP addresses from the global address pools.[MCE] interface gigabitethernet 1/0/1.1 [MCE-GigabitEthernet1/0/1.1] dhcp select global [MCE-GigabitEthernet1/0/1.1] quit [MCE] interface gigabitethernet 1/0/1.2 [MCE-GigabitEthernet1/0/1.2] dhcp select global [MCE-GigabitEthernet1/0/1.2] quit
- Configure CE_1 and CE_2 as the DHCP relay agents.
# Configure CE_1.
[CE_1] dhcp enable [CE_1] interface vlanif 10 [CE_1-Vlanif10] dhcp select relay [CE_1-Vlanif10] dhcp relay server-ip 10.1.4.1 [CE_1-Vlanif10] quit
# Configure CE_2.
[CE_2] dhcp enable [CE_2] interface vlanif 10 [CE_2-Vlanif10] dhcp select relay [CE_2-Vlanif10] dhcp relay server-ip 10.1.5.1 [CE_2-Vlanif10] quit
- Verify the configuration.
# Run the display ip pool name command on the MCE to view IP address allocation in the address pools. The command output for pool1 is used as an example.
[MCE] display ip pool name pool1 Pool-name : pool1 Pool-No : 0 Lease : 1 Days 0 Hours 0 Minutes Domain-name : - DNS-server0 : - NBNS-server0 : - Netbios-type : - Position : Local Status : Unlocked Gateway-0 : 10.1.1.1 Network : 10.1.1.0 Mask : 255.255.255.0 VPN instance : vpna ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 10.1.1.1 10.1.1.254 253 1 252(0) 0 0 -----------------------------------------------------------------------------
Configuration Files
PE_1 configuration file
# sysname PE_1 # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 10.10.10.9 mpls # mpls ldp # interface GigabitEthernet3/0/0 ip address 10.1.3.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpnb ip address 10.1.2.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip binding vpn-instance vpna ip address 10.1.2.2 255.255.255.0 # interface LoopBack0 ip address 10.10.10.9 255.255.255.255 # bgp 100 peer 10.20.20.9 as-number 100 peer 10.20.20.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.20.20.9 enable # ipv4-family vpnv4 policy vpn-target peer 10.20.20.9 enable # ipv4-family vpn-instance vpna import-route direct peer 10.1.2.1 as-number 65410 # ipv4-family vpn-instance vpnb import-route direct peer 10.1.2.1 as-number 65411 # ospf 1 area 0.0.0.0 network 10.10.10.9 0.0.0.0 network 10.1.3.0 0.0.0.255 # return
PE_2 configuration file
# sysname PE_2 # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 10.20.20.9 mpls # mpls ldp # interface GigabitEthernet2/0/0 ip address 10.1.3.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.1.4.2 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/0.2 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.1.5.2 255.255.255.0 arp broadcast enable # interface LoopBack0 ip address 10.20.20.9 255.255.255.255 # bgp 100 peer 10.10.10.9 as-number 100 peer 10.10.10.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.9 enable # ipv4-family vpnv4 policy vpn-target peer 10.10.10.9 enable # ipv4-family vpn-instance vpna import-route ospf 100 # ipv4-family vpn-instance vpnb import-route ospf 200 # ospf 1 area 0.0.0.0 network 10.20.20.9 0.0.0.0 network 10.1.3.0 0.0.0.255 # ospf 100 vpn-instance vpna import-route bgp area 0.0.0.0 network 10.1.4.0 0.0.0.255 # ospf 200 vpn-instance vpnb import-route bgp area 0.0.0.0 network 10.1.5.0 0.0.0.255 # return
CE_1 configuration file
# sysname CE_1 # vlan batch 10 20 # dhcp enable # interface Vlanif10 ip address 10.1.1.1 255.255.255.0 dhcp select relay dhcp relay server-ip 10.1.4.1 # interface Vlanif20 ip address 10.1.2.1 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type hybrid port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface GigabitEthernet1/0/2 port link-type hybrid port hybrid pvid vlan 20 port hybrid untagged vlan 20 # bgp 65410 peer 10.1.2.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable # return
CE_2 configuration file
# sysname CE_2 # vlan batch 10 20 # dhcp enable # interface Vlanif10 ip address 10.1.1.1 255.255.255.0 dhcp select relay dhcp relay server-ip 10.1.5.1 # interface Vlanif20 ip address 10.1.2.1 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type hybrid port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface GigabitEthernet1/0/2 port link-type hybrid port hybrid pvid vlan 20 port hybrid untagged vlan 20 # bgp 65411 peer 10.1.2.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable # return
MCE configuration file
# sysname MCE # dhcp enable # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # ip pool pool1 vpn-instance vpna gateway-list 10.1.1.1 network 10.1.1.0 mask 255.255.255.0 # ip pool pool2 vpn-instance vpnb gateway-list 10.1.1.1 network 10.1.1.0 mask 255.255.255.0 # interface GigabitEthernet1/0/1 undo portswitch # interface GigabitEthernet1/0/1.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.1.4.1 255.255.255.0 arp broadcast enable dhcp select global # interface GigabitEthernet1/0/1.2 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.1.5.1 255.255.255.0 arp broadcast enable dhcp select global # ospf 100 vpn-instance vpna vpn-instance-capability simple area 0.0.0.0 network 10.1.4.0 0.0.0.255 # ospf 200 vpn-instance vpnb vpn-instance-capability simple area 0.0.0.0 network 10.1.5.0 0.0.0.255 # return