S5500与思科3750对接多VPN实例OSPF典型组网配置案例
- 0关注
- 0收藏 1857浏览
组网及说明
组网说明:
在日常项目实施过程中,经常遇到不同厂商设备的互联,因此本案例使用H3C S5500交换机与思科3750交换机对接多VPN实例OSPF路由协议。
VPN实例规划如下:
|
VPN实例名称 |
RD值 |
RT值 |
备注 |
|
vpn-rt |
100:1 |
100:1 |
|
|
vpn-nrt |
200:1 |
200:1 |
|
|
|
|
|
|
IP地址规划表如下:
|
设备名称 |
端口 |
IP地址 |
子网掩码 |
VPN绑定 |
|
|
S5500 |
Vlan 400 |
10.0.0.1 |
30 |
vpn-rt |
|
|
Vlan 500 |
10.0.0.1 |
30 |
vpn-nrt |
|
|
|
Loopback 0 |
1.1.1.1 |
32 |
vpn-rt |
|
|
|
Loopback 1 |
3.3.3.3 |
32 |
vpn-nrt |
|
|
|
Cisco3750 |
Vlan 400 |
10.0.0.2 |
30 |
vpn-rt |
|
|
Vlan 500 |
10.0.0.2 |
30 |
vpn-nrt |
|
|
|
Loopback 0 |
2.2.2.2 |
32 |
vpn-rt |
|
|
|
Loopback 1 |
4.4.4.4 |
32 |
vpn-nrt |
|
S5500与思科3750的互联采用二层模式,通过VLAN 400及VLAN 500实现互联,同时将VLAN 400、VLAN 500绑定到不同的VPN实例,实现VPN的隔离。
最终要求将不同的VLAN绑定到不同的VPN实例,实现隔离。
H3C S5500版本信息如下:
<H3C>dis version
H3C Comware Platform Software
Comware Software, Version 5.20, Release 5206
Copyright (c) 2004-2013 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C S5500-58C-HI uptime is 0 week, 0 day, 0 hour, 10 minutes
H3C S5500-58C-HI with 2 Processors
1024M bytes SDRAM
4096K bytes Nor Flash Memory
512M bytes Nand Flash Memory
Hardware Version is REV.C
CPLD Version is 003
Bootrom Version is 211
[SubSlot 0] 48GE+4SFP+2SFP PLUS Hardware Version is REV.C
<H3C>
思科3750版本信息如下:
Switch#sh version
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 19:15 by nachen
Image text-base: 0x00003000, data-base: 0x01280000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1)
Switch uptime is 8 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipservices-mz.122-35.SE5/c3750-i
00:08:14: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively downpservices-mz.122-35.SE5.bin"
cisco WS-C3750G-48TS (PowerPC405) processor (revision H0) with 118784K/12280K bytes of memory.
Processor board ID FOC1446Y09V
Last reset from power-on
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : F0:25:72:81:F3:00
Motherboard assembly number : 73-10218-10
Power supply part number : 341-0107-01
Motherboard serial number : FOC14453BA2
Power supply serial number : AZS143207R7
Model revision number : H0
Motherboard revision number : A0
Model number : WS-C3750G-48TS-E
System serial number : FOC1446Y09V
Top Assembly Part Number : 800-27483-05
Top Assembly Revision Number : D0
Version ID : V07
CLEI Code Number : CMMAN00ARA
Hardware Board Revision Number : 0x09
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3750G-48TS 12.2(35)SE5 C3750-IPSERVICES-M
Configuration register is 0xF
Switch#
配置步骤
H3C S5500配置如下:
[S5500]ip vpn-instance vpn-rt
[S5500-vpn-instance-vpn-rt]route-distinguisher 100:1
[S5500-vpn-instance-vpn-rt]vpn-target 100:1
[S5500-vpn-instance-vpn-rt]quit
[S5500]ip vpn-instance vpn-nrt
[S5500-vpn-instance-vpn-nrt]route-distinguisher 200:1
[S5500-vpn-instance-vpn-nrt]vpn-target 200:1
[S5500-vpn-instance-vpn-nrt]quit
[S5500]int LoopBack 0
[S5500-LoopBack0]ip binding vpn-instance vpn-rt
[S5500-LoopBack0]ip address 1.1.1.1 32
[S5500-LoopBack0]quit
[S5500]int LoopBack 1
[S5500-LoopBack1]ip binding vpn-instance vpn-nrt
[S5500-LoopBack1]ip address 3.3.3.3 32
[S5500-LoopBack1]quit
[S5500]vlan 400
[S5500-vlan400]quit
[S5500]vlan 500
[S5500-vlan500]quit
[S5500]int vlan 400
[S5500-Vlan-interface400]ip binding vpn-instance vpn-rt
[S5500-Vlan-interface400]ip address 10.0.0.1 30
[S5500-Vlan-interface400]quit
[S5500]int vlan 500
[S5500-Vlan-interface500]ip binding vpn-instance vpn-nrt
[S5500-Vlan-interface500]ip address 10.0.0.1 30
[S5500-Vlan-interface500]quit
[S5500]int gi 1/0/1
[S5500-GigabitEthernet1/0/1]port link-type trunk
[S5500-GigabitEthernet1/0/1]undo port trunk permit vlan 1
[S5500-GigabitEthernet1/0/1]port trunk permit vlan 400 500
[S5500-GigabitEthernet1/0/1]quit
[S5500]ospf 10 vpn-instance vpn-rt router-id 1.1.1.1
[S5500-ospf-10]area 0.0.0.0
[S5500-ospf-10-area-0.0.0.0]network 10.0.0.1 0.0.0.0
[S5500-ospf-10-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[S5500-ospf-10-area-0.0.0.0]quit
[S5500-ospf-10]quit
[S5500]ospf 20 vpn-instance vpn-nrt router-id 3.3.3.3
[S5500-ospf-20]area 0.0.0.0
[S5500-ospf-20-area-0.0.0.0]network 10.0.0.1 0.0.0.0
[S5500-ospf-20-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[S5500-ospf-20-area-0.0.0.0]quit
[S5500-ospf-20]quit
思科3750配置如下:
Switch>ena
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hos cisco3750
cisco3750(config)#ip routing
cisco3750(config)#ip vrf vpn-rt
cisco3750(config-vrf)#rd 100:1
cisco3750(config-vrf)#route-target both 100:1
cisco3750(config-vrf)#exit
cisco3750(config)#ip vrf vpn-nrt
cisco3750(config-vrf)#rd 200:1
cisco3750(config-vrf)#route-target both 200:1
cisco3750(config-vrf)#exit
cisco3750(config)#int loopback 0
cisco3750(config-if)#ip vrf forwarding vpn-rt
cisco3750(config-if)#ip address 2.2.2.2 255.255.255.255
cisco3750(config-if)#no shutdown
cisco3750(config-if)#exit
cisco3750(config)#int loopback 1
cisco3750(config-if)#ip vrf forwarding vpn-nrt
cisco3750(config-if)#ip address 4.4.4.4 255.255.255.255
cisco3750(config-if)#no shutdown
cisco3750(config-if)#exit
cisco3750(config)#vlan 400
cisco3750(config-vlan)#exit
cisco3750(config)#vlan 500
cisco3750(config-vlan)#exit
cisco3750(config)#int vlan 400
cisco3750(config-if)#ip vrf forwarding vpn-rt
cisco3750(config-if)#ip address 10.0.0.2 255.255.255.252
cisco3750(config-if)#no shutdown
cisco3750(config-if)#exit
cisco3750(config)#int vlan 500
cisco3750(config-if)#ip vrf forwarding vpn-nrt
cisco3750(config-if)#ip address 10.0.0.2 255.255.255.252
cisco3750(config-if)#no shutdown
cisco3750(config-if)#exit
cisco3750(config)#int gi 1/0/1
cisco3750(config-if)#switchport trunk encapsulation dot1q
cisco3750(config-if)#switchport mode trunk
cisco3750(config-if)#switchport trunk allowed
cisco3750(config-if)#switchport trunk allowed vlan 400,500
cisco3750(config-if)#exit
cisco3750(config)#router ospf 10 vrf vpn-rt
cisco3750(config-router)#router-id 2.2.2.2
cisco3750(config-router)#network 10.0.0.2 0.0.0.0 area 0
cisco3750(config-router)#network 2.2.2.2 0.0.0.0 area 0
cisco3750(config-router)#exit
cisco3750(config)#router ospf 20 vrf vpn-nrt
cisco3750(config-router)#router-id 4.4.4.4
cisco3750(config-router)#network 10.0.0.2 0.0.0.0
cisco3750(config-router)#network 10.0.0.2 0.0.0.0 area 0
cisco3750(config-router)#network 4.4.4.4 0.0.0.0 area 0
cisco3750(config-router)#exit
查看思科3750的OSPF邻居信息:
cisco3750(config)#do sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/DR 00:00:32 10.0.0.1 Vlan500
1.1.1.1 1 FULL/DR 00:00:32 10.0.0.1 Vlan400
cisco3750(config)#
查看思科3750的VPN路由表:
cisco3750#show ip route vrf vpn-rt
Routing Table: vpn-rt
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1] via 10.0.0.1, 00:01:41, Vlan400
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Vlan400
cisco3750#
cisco3750#show ip route vrf vpn-nrt
Routing Table: vpn-nrt
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/1] via 10.0.0.1, 00:01:16, Vlan500
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback1
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Vlan500
cisco3750#
查看S5500的OSPF邻居信息:
<S5500>dis ospf peer
OSPF Process 10 with Router ID 1.1.1.1
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time Interface State
2.2.2.2 10.0.0.2 1 39 Vlan400 Full/BDR
OSPF Process 20 with Router ID 3.3.3.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time Interface State
4.4.4.4 10.0.0.2 1 36 Vlan500 Full/BDR
<S5500>
查看S5500的VPN路由表:
<S5500>dis ip routing-table vpn-instance vpn-rt
Routing Tables: vpn-rt
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.2/32 OSPF 10 2 10.0.0.2 Vlan400
10.0.0.0/30 Direct 0 0 10.0.0.1 Vlan400
10.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
<S5500>
<S5500>dis ip routing-table vpn-instance vpn-nrt
Routing Tables: vpn-nrt
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost NextHop Interface
3.3.3.3/32 Direct 0 0 127.0.0.1 InLoop0
4.4.4.4/32 OSPF 10 2 10.0.0.2 Vlan500
10.0.0.0/30 Direct 0 0 10.0.0.1 Vlan500
10.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
<S5500>
至此,S5500与思科3750对接多VPN实例OSPF典型组网配置案例已完成!
配置关键点
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作