CE12808S提交流动机(V200R002C50SPC800)完成VPN实例间事情互畅通效实

  

  上图为该项目拓扑构造(信版),中心区域为2台CE12808S堆(V200R002C50SPC800+SPH015)和2台USG9560备火墙(V500R001C60SPC500+SPH015)。CE12808S做杜撰体系VS,瓜分VS1和VS2,备火墙USG9560串行接入VS1和VS2间,VS2下行接入3个事情区,并为每个事情区瓜分VPN实例;VS1下行接USG9560,下行接公网;备火墙USG9560瓜分3个虚墙区别对接3个事情区。需在VS1上完成各VPN实例路由互伸并将各VPN路由伸入Public;

  如次为初始规划CE12808S-VS1脚丫儿子本(存放在删减),首要带拥有各区域路由互伸和VPN与Public路由互伸:

  VS配备

  ========================================================

  admin

  virtual-system vs1

  port-mode group

  assing int 10ge1/7/0/0 to 10ge1/7/0/47

  assign int 10ge2/7/0/0 to 10ge2/7/0/47

  #

  ========================================================

  创立VPN实例并绑定接口:

  #

  ip vpn-instance YWGL //创立YWGL实例

  ipv4-family

  route-distinguisher 100:102

  #

  interface vlanif 3101

  ip binding vpn-instance YWGL

  ip add 10.10.231.1 30

  #

  interface vlanif 3201

  ip binding vpn-instance YWGL

  ip add 10.10.231.5 30

  #

  ip vpn-instance AQBZ //创立AQBZ实例

  ipv4-family

  route-distinguisher 100:103

  #

  interface vlanif 3102

  ip binding vpn-instance AQBZ

  ip add 10.10.231.17 30

  #

  interface vlanif 3202

  ip binding vpn-instance AQBZ

  ip add 10.10.231.21 30

  #

  ip vpn-instance XXSB //创立XXSB实例

  ipv4-family

  route-distinguisher 100:104

  #

  interface vlanif 3103

  ip binding vpn-instance XXSB

  ip add 10.10.231.33 30

  #

  interface vlanif 3203

  ip binding vpn-instance XXSB

  ip add 10.10.231.37 30

  ==================================================

  CE12808S与USG9560互包地址配备:

  vlan batch 3101 to 3104 3201 to 3204 3301 to 3304 3401 to 3404

  #

  interface eth-trunk 10

  trunkport 10ge 1/7/0/1

  trunkport 10ge 1/7/0/3

  trunkport 10ge 1/7/0/5

  trunkport 10ge 1/7/0/7

  trunkport 10ge 1/7/0/9

  trunkport 10ge 1/7/0/11

  trunkport 10ge 1/7/0/13

  trunkport 10ge 1/7/0/15

  mode lacp-static

  #

  interface eth-trunk 11

  trunkport 10ge 2/7/0/1

  trunkport 10ge 2/7/0/3

  trunkport 10ge 2/7/0/5

  trunkport 10ge 2/7/0/7

  trunkport 10ge 2/7/0/9

  trunkport 10ge 2/7/0/11

  trunkport 10ge 2/7/0/13

  trunkport 10ge 2/7/0/15

  mode lacp-static

  ospf经过配备

  interface loopback 0

  ip add 10.10.255.1 32

  #

  interface loopback 1

  ip binding vpn-instance YWGL

  ip address id 10.10.255.12 32

  #

  interface loopback 2

  ip binding vpn-instance AQBZ

  ip address id 10.10.255.14 32

  #

  interface loopback 3

  ip binding vpn-instance XXSB

  ip address id 10.10.255.15 32

  #

  ospf 1 router id 10.10.255.1

  area 0

  network 10.10.255.1 0.0.0.0

  #

  ospf 10 vpn-instance YWGL router id 10.10.255.12

  import-route static route-policy YWGL

  area 0

  network 10.10.231.1 0.0.0.0

  #

  ospf 20 vpn-instance AQBZ router id 10.10.255.14

  import-route static route-policy AQBZ

  area 0

  network 10.10.231.17 0.0.0.0

  #

  ospf 30 vpn-instance XXSB router id 10.10.255.15

  import-route static route-policy XXSB

  area 0

  network 10.10.231.33 0.0.0.0

  #

  将VPN实例OSPF路由重分发进公网

  ip import-rib vpn-instance YWGL protocol ospf 10 valid-route

  ip import-rib vpn-instance YWGL protocol direct

  #

  ip import-rib vpn-instance XXSB protocol ospf 30 valid-route

  ip import-rib vpn-instance XXSB protocol direct

  #

  #

  ip import-rib vpn-instance AQBZ protocol ospf 20 valid-route

  ip import-rib vpn-instance AQBZ protocol direct

  #

  配备动态路由:

  ip route-static vpn-instance YWGL 10.10.30.0 24 public

  ip route-static vpn-instance YWGL 10.10.40.0 24 public

  ip route-static vpn-instance YWGL 10.10.50.0 24 public

  #

  ip ip-pref YWGL index 10 10.10.30.0 24

  ip ip-pref YWGL index 20 10.10.40.0 24

  ip ip-pref YWGL index 30 10.10.50.0 24

  #

  route-policy YWGL premit node 10

  if-match ip ip-pref YWGL

  #

  ip route-static vpn-instance AQBZ 10.10.30.0 24 public

  ip route-static vpn-instance AQBZ 10.10.40.0 24 public

  ip route-static vpn-instance AQBZ 10.10.60.0 24 public

  #

  ip ip-pref AQBZ index 10 10.10.30.0 24

  ip ip-pref AQBZ index 20 10.10.40.0 24

  ip ip-pref AQBZ index 30 10.10.60.0 24

  #

  route-policy AQBZ premit node 10

  if-match ip ip-pref AQBZ

  #

  ip route-static vpn-instance XXSB 10.10.30.0 24 public

  ip route-static vpn-instance XXSB 10.10.50.0 24 public

  #

  ip ip-pref XXSB index 10 10.10.30.0 24

  ip ip-pref XXSB index 20 10.10.50.0 24

  ip ip-pref XXSB index 30 10.10.60.0 24

  #

  route-policy XXSB premit node 10

  if-match ip ip-pref XXSB

  完成配备后存放在如次效实:

  1、在Public中却以看到所拥有区域的路由章,但各区域间无法彼此念书路由;

  2、在Public中检查路由章时VPN区域路由是以优先级为15的OSPF存放在,与预期的O-ASE优先级150不符;(鉴于事情需寻求需在Public上ospf经过下颁布匹默许路由,如此存放在路由迭代效实,若网绕摆荡对即兴网影响较父亲)