华为CE交换机配置静态路由实现公私网路由互通

适用产品和版本

CE12800/CE6800/CE5800系列产品V100R001C00或更高版本,CE7800系列产品V100R003C00或更高版本,CE8800系列产品V100R006C00或更高版本,CE12800E系列产品V200R002C50或更高版本。

组网需求

如图2-50所示,PE1为IP网络中的设备,服务器Server与PE1直连,PE2通过SwitchA连接到vpna,vpna通过PE2接入PE1。用户希望公网和私网之间路由互通,SwitchA能够访问到服务器Server。本示例中用交换机替代服务器。

图2-50 配置静态路由实现公私网路由互通示例组网图

配置思路

配置思路如下:

在PE1和SwitchA上配置VLAN和接口。

在PE2设备上配置VPN实例并将SwitchA接入PE2。

在Server、PE1和SwitchA上配置静态路由保证公网路由互通。

在PE2上配置静态路由实现公私网路由互通。

操作步骤

在PE1和SwitchA设备上配置VLAN和接口。# 配置PE1。

system-view

[~HUAWEI] sysname PE1

[*HUAWEI] commit

[~PE1] vlan batch 20 100

[*PE1] interface 10ge 1/0/1

[*PE1-10GE1/0/1] port link-type trunk

[*PE1-10GE1/0/1] port trunk allow-pass vlan 20

[*PE1-10GE1/0/1] undo port trunk allow-pass vlan 1

[*PE1-10GE1/0/1] quit

[*PE1] interface 10ge 1/0/2

[*PE1-10GE1/0/2] port link-type trunk

[*PE1-10GE1/0/2] port trunk allow-pass vlan 100

[*PE1-10GE1/0/2] undo port trunk allow-pass vlan 1

[*PE1-10GE1/0/2] quit

[*PE1] interface vlanif 20

[*PE1-Vlanif20] ip address 193.1.1.1 24

[*PE1-Vlanif20] quit

[*PE1] interface vlanif 100

[*PE1-Vlanif100] ip address 192.1.1.1 24

[*PE1-Vlanif100] quit

[*PE1] commit

# 配置SwitchA。

system-view

[~HUAWEI] sysname SwitchA

[*HUAWEI] commit

[~SwitchA] vlan batch 10

[*SwitchA] interface 10ge 1/0/1

[*SwitchA-10GE1/0/1] port link-type trunk

[*SwitchA-10GE1/0/1] port trunk allow-pass vlan 10

[*SwitchA-10GE1/0/1] undo port trunk allow-pass vlan 1

[*SwitchA-10GE1/0/1] quit

[*SwitchA] interface vlanif 10

[*SwitchA-Vlanif10] ip address 10.1.1.1 24

[*SwitchA-Vlanif10] quit

[*SwitchA] commit

在PE2设备上配置VPN实例,将SwitchA接入PE2。

system-view

[~HUAWEI] sysname PE2

[*HUAWEI] commit

[~PE2] vlan batch 10 100

[*PE2] interface 10ge 1/0/1

[*PE2-10GE1/0/1] port link-type trunk

[*PE2-10GE1/0/1] port trunk allow-pass vlan 10

[*PE2-10GE1/0/1] undo port trunk allow-pass vlan 1

[*PE2-10GE1/0/1] quit

[*PE2] interface 10ge 1/0/2

[*PE2-10GE1/0/2] port link-type trunk

[*PE2-10GE1/0/2] port trunk allow-pass vlan 100

[*PE2-10GE1/0/2] undo port trunk allow-pass vlan 1

[*PE2-10GE1/0/2] quit

[*PE2] ip vpn-instance vpna

[*PE2-vpn-instance-vpna] ipv4-family

[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1

[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both

[*PE2-vpn-instance-vpna-af-ipv4] quit

[*PE2-vpn-instance-vpna] quit

[*PE2] interface vlanif 10

[*PE2-Vlanif10] ip binding vpn-instance vpna

[*PE2-Vlanif10] ip address 10.1.1.2 24

[*PE2-Vlanif10] quit

[*PE2] interface vlanif 100

[*PE2-Vlanif100] ip address 192.1.1.2 24

[*PE2-Vlanif100] quit

[*PE2] commit

在Server、PE1和SwitchA上配置静态路由

# 配置Server。

VLAN和接口配置不在此体现。

[~Server] ip route-static 10.1.1.0 255.255.255.0 193.1.1.1 //Server指向SwitchA的静态路由。

[*Server] commit

# 配置PE1。

[~PE1] ip route-static 10.1.1.0 24 192.1.1.2 //PE1指向SwitchA的静态路由。

[*PE1] commit

# 配置SwitchA。

[~SwitchA] ip route-static 193.1.1.0 24 10.1.1.2 //SwitchA指向Server的静态路由。

[*SwitchA] commit

在PE2上配置静态路由实现公私网路由互通。

# 配置PE2。

[~PE2] ip route-static 10.1.1.0 24 vpn-instance vpna 10.1.1.1 //PE2指向SwitchA的静态路由,流量由公网入私网出。

[*PE2] ip route-static vpn-instance vpna 193.1.1.0 24 192.1.1.1 public //PE2指向Server的静态路由,流量由私网入公网出。

[*PE2] commit

验证

# 查看PE2上为vpna实例维护的路由信息,可以看到指向公网网段的静态路由被引入到了vpna实例的路由信息中。

[~PE2] display ip routing-table vpn-instance vpna

Proto: Protocol Pre: Preference

Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route

------------------------------------------------------------------------------

Routing Table : vpna

Destinations : 5 Routes : 5

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10

10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10

10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10

193.1.1.0/24 Static 60 0 RD 192.1.1.1 Vlanif100

255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

# 查看PE2上的IP路由表,可以看到指向私网网段的静态路由被引入到了公网路由表中。

[~PE2] display ip routing-table

Proto: Protocol Pre: Preference

Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route

------------------------------------------------------------------------------

Routing Table : _public_

Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Static 60 0 RD 10.1.1.1 Vlanif10

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

192.1.1.0/24 Direct 0 0 D 192.1.1.2 Vlanif100

192.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif100

192.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif100

255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

# 使用ping命令验证从SwitchA到Server的网络连通性。

[~SwitchA] ping 193.1.1.2

PING 193.1.1.2: 56 data bytes, press CTRL_C to break

Reply from 193.1.1.2: bytes=56 Sequence=1 ttl=252 time=3 ms

Reply from 193.1.1.2: bytes=56 Sequence=2 ttl=252 time=4 ms

Reply from 193.1.1.2: bytes=56 Sequence=3 ttl=252 time=3 ms

Reply from 193.1.1.2: bytes=56 Sequence=4 ttl=252 time=3 ms

Reply from 193.1.1.2: bytes=56 Sequence=5 ttl=252 time=3 ms

--- 193.1.1.2 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/3/4 ms

配置文件

PE1的配置文件

#

sysname PE1

#

vlan batch 20 100

#

interface Vlanif20

ip address 193.1.1.1 24

#

interface Vlanif100

ip address 192.1.1.1 24

#

interface 10GE1/0/1

port link-type trunk

undo port trunk allow-pass vlan 1

port trunk allow-pass vlan 20

#

interface 10GE1/0/2

port link-type trunk

undo port trunk allow-pass vlan 1

port trunk allow-pass vlan 100

#

ip route-static 10.1.1.0 255.255.255.0 192.1.1.2

#

returrn

PE2的配置文件

#

sysname PE2

#

vlan batch 10 100

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:1

vpn-target 111:1 export-extcommunity

vpn-target 111:1 import-extcommunity

#

interface Vlanif10

ip binding vpn-instance vpna

ip address 10.1.1.2 24

#

interface Vlanif100

ip address 192.1.1.2 24

#

interface 10GE1/0/1

port link-type trunk

undo port trunk allow-pass vlan 1

port trunk allow-pass vlan 10

#

interface 10GE1/0/2

port link-type trunk

undo port trunk allow-pass vlan 1

port trunk allow-pass vlan 100

#

ip route-static 10.1.1.0 255.255.255.0 vpn-instance vpna 10.1.1.1

ip route-static vpn-instance vpna 193.1.1.0 255.255.255.0 192.1.1.1 public

#

returrn

SwitchA的配置文件

#

sysname SwitchA

#

vlan batch 10

#

interface Vlanif10

ip address 10.1.1.1 24

#

interface 10GE1/0/1

port link-type trunk

undo port trunk allow-pass vlan 1

port trunk allow-pass vlan 10

#

ip route-static 193.1.1.0 255.255.255.0 10.1.1.2

#

returrn

  • 发表于:
  • 原文链接https://kuaibao.qq.com/s/20180720A093C700?refer=cp_1026
  • 腾讯「云+社区」是腾讯内容开放平台帐号(企鹅号)传播渠道之一,根据《腾讯内容开放平台服务协议》转载发布内容。

扫码关注云+社区

领取腾讯云代金券