- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
33-通过静态路由实现公私网路由互通配置指南
本章节下载 (244.11 KB)
通过静态路由实现公私网路由互通配置指南
Copyright © 2023 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
如图1所示,PE1为公网中的设备,服务器Server与PE1直连。PE2连接VR1,VPN1通过PE2接入公网。需求如下:
实现公私网路由互通,VR1能够访问到Server。
要实现VR1能够访问到Server,需要按顺序完成如下配置:
(1) 在PE1和VR1创建VLAN及相应的VLAN接口;
(2) 在PE2上配置VPN实例并将VR1接入PE2;
(3) 在Server、PE1和VR1上配置静态路由保证公网路由互通;
(4) 在PE2上配置静态路由实现公私网路由互通。
# 在VR1设备上创建VLAN10,并将GigabitEthernet1/0/1端口加入VLAN10。
<VR1> system-view
[VR1] vlan 10
[VR1-vlan10] quit
[VR1] interface GigabitEthernet 1/0/1
[VR1-GigabitEthernet1/0/1] port link-type trunk
[VR1-GigabitEthernet1/0/1] port trunk permit vlan 10
[VR1-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[VR1-GigabitEthernet1/0/1] quit
# 配置Vlan-interface10接口的IP地址为10.214.10.2/24。
[VR1] interface Vlan-interface 10
[VR1-Vlan-interface10] ip address 10.214.10.2 24
[VR1-Vlan-interface10] quit
# 在PE1设备上创建VLAN30和VLAN40,并将GigabitEthernet1/0/1端口加入VLAN40,将GigabitEthernet1/0/2端口加入VLAN30。
<PE1> system-view
[PE1] vlan 30
[PE1-vlan30] quit
[PE1] vlan 40
[PE1-vlan40] quit
[PE1] interface GigabitEthernet 1/0/1
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] port trunk permit vlan 40
[PE1-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface GigabitEthernet 1/0/2
[PE1-GigabitEthernet1/0/2] port link-type trunk
[PE1-GigabitEthernet1/0/2] port trunk permit vlan 30
[PE1-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[PE1-GigabitEthernet1/0/2] quit
# 配置PE1的Vlan-interface30和Vlan-interface40接口分的IP地址分别为172.16.30.2/24和10.1.1.1/24。
[PE1] interface Vlan-interface 30
[PE1-Vlan-interface30] ip address 172.16.30.2 24
[PE1-Vlan-interface30] quit
[PE1] interface Vlan-interface 40
[PE1-Vlan-interface40] ip address 10.1.1.1 24
[PE1-Vlan-interface40] quit
# 在PE2设备上为VPN1创建VPN实例,名为“vpn1”,并配置该实例的RD值为10:1,接收和发送的VPN Target属性均为111:1。。
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 10:1
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
# 在PE2设备上创建VLAN10和VLAN30,并将GigabitEthernet1/0/10端口加入VLAN10,将GigabitEthernet1/0/3端口加入VLAN30。
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] vlan 30
[PE2-vlan30] quit
[PE2] interface GigabitEthernet 1/0/10
[PE2-GigabitEthernet1/0/10] port link-type trunk
[PE2-GigabitEthernet1/0/10] port trunk permit vlan 10
[PE2-GigabitEthernet1/0/10] undo port trunk permit vlan 1
[PE2-GigabitEthernet1/0/10] quit
[PE2] interface GigabitEthernet 1/0/3
[PE2-GigabitEthernet1/0/3] port link-type trunk
[PE2-GigabitEthernet1/0/3] port trunk permit vlan 30
[PE2-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[PE2-GigabitEthernet1/0/3] quit
# 配置Vlan-interface10接口与VPN1实例进行绑定,并配置IP地址为10.214.10.3/24。
[PE2] interface Vlan-interface 10
[PE2-Vlan-interface10] ip binding vpn-instance vpn1
[PE2-Vlan-interface10] ip address 10.214.10.3 24
[PE2-Vlan-interface10] quit
# 配置Vlan-interface30接口的IP地址为172.16.30.1/24。
[PE2] interface Vlan-interface 30
[PE2-Vlan-interface30] ip address 172.16.30.1 24
[PE2-Vlan-interface30] quit
# 在Server上指定静态路由,去往10.214.10.0网段的报文,下一跳地址为10.1.1.1。
<Server> system-view
[Server] ip route-static 10.214.10.0 255.255.255.0 10.1.1.1
# 在PE1上指定静态路由,去往10.214.10.0网段的报文,下一跳地址为172.16.30.1。
<PE1> system-view
[PE1] ip route-static 10.214.10.0 24 172.16.30.1
# 在VR1上指定静态路由,去往10.1.1.0网段的报文,下一跳地址为10.214.10.3。
<VR1> system-view
[VR1] ip route-static 10.1.1.0 24 10.214.10.3
# 在PE2上指定静态路由,去往10.214.10.0网段的报文,下一跳地址为10.214.10.2,并将此路由与VPN1实例绑定。
<PE2> system-view
[PE2] ip route-static 10.214.10.0 24 vpn-instance vpn1 10.214.10.2
# 在PE2上指定静态路由,去往10.1.1.0网段的报文,下一跳地址为172.16.30.2,并将此路由与VPN1实例绑定。
[PE2] ip route-static vpn-instance vpn1 10.1.1.0 24 172.16.30.2 public
# 显示PE2上为VPN1实例维护的路由信息。
[PE2] display ip routing-table vpn-instance vpn1
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
10.214.10.0/24 Direct 0 0 10.214.10.3 Vlan10
10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.30.0/24 Direct 0 0 172.16.30.1 Vlan30
172.16.30.1/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 Static 60 0 172.16.30.2 Vlan30
可以看到,VPN1的路由表中已经存在指向公网的静态路由。
# 显示PE2上的路由信息。
[PE1] display ip routing-table
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.100.11.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.30.0/24 Direct 0 0 172.16.30.2 Vlan30
172.16.30.0/32 Direct 0 0 172.16.30.2 Vlan30
172.16.30.2/32 Direct 0 0 127.0.0.1 InLoop0
172.16.30.255/32 Direct 0 0 172.16.30.2 Vlan30
10.214.10.0/24 Static 60 1 10.214.10.2 Vlan10
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
可以看到,指向私网网段的静态路由已经引入到公网路由表中。
# 使用ping命令验证VR1到Server的网络连通性。
<VR1>ping 10.1.1.2
Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=3.880 ms
56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=0.819 ms
56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=0.658 ms
56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=1.421 ms
56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=0.722 ms
--- Ping statistics for 10.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.658/1.500/3.880/1.221 ms
· VR1:
#
vlan 10
#
interface Vlan-interface10
ip address 10.214.10.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
#
ip route-static 10.1.1.0 24 10.214.10.3
#
· PE1:
#
vlan 30
#
vlan 40
#
interface Vlan-interface30
ip address 172.16.30.2 255.255.255.0
#
interface Vlan-interface40
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 40
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 30
#
ip route-static 10.214.10.0 24 172.16.30.1
#
· PE2:
#
ip vpn-instance vpn1
route-distinguisher 10:1
vpn-target 111:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
vlan 10
#
vlan 30
#
interface Vlan-interface10
ip binding vpn-instance vpn1
ip address 10.214.10.3 255.255.255.0
#
interface Vlan-interface30
ip binding vpn-instance vpn1
ip address 172.16.30.1 255.255.255.0
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 30
#
interface GigabitEthernet1/0/10
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10
#
ip route-static 10.214.10.0 24 vpn-instance v1 10.214.10.2
ip route-static vpn-instance v1 10.1.1.0 24 172.16.30.2 public
#
· 产品配套“三层技术-IP路由配置指导”中的“静态路由”。
· 产品配套“三层技术-IP路由命令参考”中的“静态路由”。
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
