【需求】
路由器MCE通过多实例CE实现VPN互通。
【组网图】BT无线网络破解教程
【配置脚本-OSPF多实例方式】
MCE配置脚本 |
# sysname MCE # radius scheme system # ip vpn-instance vpna /创建vpna/ route-distinguisher 100:1 /配置RD,可不用配置RT/ # ip vpn-instance vpnb /创建vpnb/ route-distinguisher 200:1 /配置RD,可不用配置RT/ # domain system # interface Ethernet1/0/0 # interface Ethernet1/0/0.10 ip binding vpn-instance vpna ip address 192.168.15.2 255.255.255.0 vlan-type dot1q vid 10 # interface Ethernet1/0/0.20 ip binding vpn-instance vpnb ip address 192.168.16.2 255.255.255.0 vlan-type dot1q vid 20 # interface NULL0 # interface LoopBack10 ip binding vpn-instance vpna ip address 192.168.16.1 255.255.255.0 # interface LoopBack20 ip binding vpn-instance vpnb ip address 192.168.26.1 255.255.255.0 # ospf 10 vpn-instance vpna /ospf 进程10和vpna绑定/ vpn-instance-capability simple /配置路由器成为多实例CE / import-route direct area 0.0.0.0 network 192.168.15.0 0.0.0.255 network 192.168.16.0 0.0.0.255 # ospf 20 vpn-instance vpnb /ospf 进程20和vpnb绑定/ vpn-instance-capability simple /配置路由器成为多实例CE / area 0.0.0.0 network 192.168.25.0 0.0.0.255 network 192.168.26.0 0.0.0.255 # user-interface con 0 user-interface vty 0 4 # return |
RT1配置脚本 |
# sysname RT1 #BT4 router id 1.1.1.1 # mpls lsr-id 1.1.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity # domain system # interface Ethernet1/0/0 # interface Ethernet1/0/0.10 ip binding vpn-instance vpna ip address 192.168.15.1 255.255.255.0 vlan-type dot1q vid 10 # interface Ethernet1/0/0.20 ip binding vpn-instance vpnb ip address 192.168.25.1 255.255.255.0 vlan-type dot1q vid 20 # interface Serial2/0/0 link-protocol ppp ip address 10.0.0.1 255.255.255.252 mpls mpls ldp enable # interface NULL0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack11 ip binding vpn-instance vpna ip address 192.168.11.1 255.255.255.0 # interface LoopBack21 ip binding vpn-instance vpnb ip address 192.168.21.1 255.255.255.0 # bgp 100 undo synchronization group inter internal peer 2.2.2.2 group inter peer 2.2.2.2 connect-interface LoopBack0 # ipv4-family vpn-instance vpna import-route direct import-route ospf 10 /引入ospf 10路由/ undo synchronization # ipv4-family vpn-instance vpnb import-route direct import-route ospf 20 /引入ospf 20路由/ undo synchronization # ipv4-family vpnv4 peer inter enable peer 2.2.2.2 group inter # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.0.0.0 0.0.0.3 network 10.0.0.8 0.0.0.3 # ospf 10 vpn-instance vpna /ospf 进程10和vpna绑定/ import-route bgp /引入BGP私网路由/ import-route direct area 0.0.0.0 network 192.168.15.0 0.0.0.255 # ospf 20 vpn-instance vpnb /ospf 进程20和vpnb绑定/ import-route bgp /引入BGP私网路由/ import-route direct area 0.0.0.0 network 192.168.25.0 0.0.0.255 # user-interface con 0 user-interface vty 0 4 # return |
注:RT2、RT3的配置和普通MPLS/VPN的配置一致,可以参考前面的典型配置。
【配置脚本-静态路由方式】
MCE配置脚本 |
# sysname MCE # radius scheme system # ip vpn-instance vpna /创建vpna/ route-distinguisher 100:1 /配置RD,可不用配置RT/ # ip vpn-instance vpnb /创建vpnb/ route-distinguisher 200:1 /配置RD,可不用配置RT/ # domain system # interface Ethernet1/0/0 # interface Ethernet1/0/0.10 /创建子接口/ ip binding vpn-instance vpna /绑定到vpna/ ip address 192.168.15.2 255.255.255.0 vlan-type dot1q vid 10 # interface Ethernet1/0/0.20 /创建子接口/ ip binding vpn-instance vpnb /绑定到vpnb/ ip address 192.168.16.2 255.255.255.0 vlan-type dot1q vid 20 # interface NULL0 # interface LoopBack10 ip binding vpn-instance vpna ip address 192.168.16.1 255.255.255.0 # interface LoopBack20 ip binding vpn-instance vpnb ip address 192.168.26.1 255.255.255.0 ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 192.168.15.1 preference 60 /在vpna内创建缺省路由/ ip route-static vpn-instance vpnb 0.0.0.0 0.0.0.0 192.168.25.1 preference 60 /在vpnb内创建缺省路由/ # user-interface con 0 user-interface vty 0 4 # return |
RT1配置脚本 |
# sysname RT1 # router id 1.1.1.1 # mpls lsr-id 1.1.1.1 # radius scheme system # mpls # mpls ldp # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity # domain system # interface Ethernet1/0/0 # interface Ethernet1/0/0.10 /创建子接口/ ip binding vpn-instance vpna /绑定到vpna/ ip address 192.168.15.1 255.255.255.0 vlan-type dot1q vid 10 # interface Ethernet1/0/0.20 /创建子接口/ ip binding vpn-instance vpnb /绑定到vpnb/ ip address 192.168.25.1 255.255.255.0 vlan-type dot1q vid 20 # interface Serial2/0/0 link-protocol ppp ip address 10.0.0.1 255.255.255.252 mpls mpls ldp enable # interface NULL0 interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack11 ip binding vpn-instance vpna ip address 192.168.11.1 255.255.255.0 # interface LoopBack21 ip binding vpn-instance vpnb ip address 192.168.21.1 255.255.255.0 # bgp 100 undo synchronization group inter internal peer 2.2.2.2 group inter peer 2.2.2.2 connect-interface LoopBack0 peer 4.4.4.4 group inter peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family vpn-instance vpna import-route direct import-route static /引入静态路由/ undo synchronization ipv4-family vpn-instance vpnb import-route direct import-route static /引入静态路由/ undo synchronization # ipv4-family vpnv4 peer inter enable peer 2.2.2.2 group inter peer 4.4.4.4 group inter # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.0.0.0 0.0.0.3 network 10.0.0.8 0.0.0.3 # ip route-static vpn-instance vpna 192.168.16.0 255.255.255.0 192.168.15.2 preference 60 /在vpna内创建静态路由/ ip route-static vpn-instance vpnb 192.168.26.0 255.255.255.0 192.168.25.2 preference 60 /在vpnb内创建静态路由/ user-interface con 0 user-interface vty 0 4 # return |
注:RT2、RT3的配置和普通MPLS/VPN的配置一致,可以参考前面的典型配置。
【验证】
在MCE中vpna、vpnb都可以学习到私网路由,并可以ping通。
[MCE]disp ip rout vpn-instance vpna
vpna Route Information
Routing Table: vpna Route-Distinguisher: 100:1
Destination/Mask Protocol Pre Cost Nexthop Interface
192.168.11.0/24 O_ASE 150 1 192.168.15.1 Ethernet1/0/0.10
192.168.12.0/24 O_ASE 150 1 192.168.15.1 Ethernet1/0/0.10
192.168.13.0/24 O_ASE 150 1 192.168.15.1 Ethernet1/0/0.10
192.168.15.0/24 DIRECT 0 0 192.168.15.2 Ethernet1/0/0.10
192.168.15.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.16.0/24 DIRECT 0 0 192.168.16.1 LoopBack10
192.168.16.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
【提示】
1、使用OSPF方式,需要在PE1上进行OSPF和BGP路由的相互引入,来实现路由的互通。
2、创建vpn的VRF只是为了将接口和OSPF进程绑定到对应的vpn,因此可以不用配置RT。linux 论坛 思科论坛 Cisco
张sir CCIE R&S v4.0 课程视频总集
Cisco N7K 的硬件架构 Cisco R&S N4 版本解密视频分享 CCIE Security 2009 IOS防火墙合集
http://bbs.net527.cn/forum-26-1.html
http://www.net527.cn/a/luyoujiaohuan/index.html
http://www.net527.com