MSR路由器SDWAN 分支CPE tte建立问题
- 0关注
- 0收藏,895浏览
问题描述:
如题,
总部MSR 3610-X1,公网ip,作为sdwan RR角色,同时配置stun server
分支msr810-lm,采用4g网络,私网ip,作为sdwan cpe角色
问题:
CPE1 CPE2 CPE3 均能与总部RR建立tte连接,但是cpe之间无法建立导致cpe间无法互通,应如果处理?
CPE1查看tte连接信息及site-tte
相关配置如下:
总部:
interface LoopBack10
ip address 10.70.70.254 255.255.255.255
interface GigabitEthernet0/0
port link-mode route
ip address 218.xx.xx.xx 255.255.255.248
interface Tunnel10 mode sdwan udp
ip address unnumbered interface GigabitEthernet0/0
source GigabitEthernet0/0
tunnel out-interface GigabitEthernet0/0
tunnel protection ipsec profile prf1
sdwan interface-id 10
sdwan routing-domain rda id 10
sdwan transport-network tna id 10
bgp 65535
peer 10.70.70.20 as-number 65535
peer 10.70.70.20 connect-interface LoopBack10
peer 10.70.70.30 as-number 65535
peer 10.70.70.30 connect-interface LoopBack10
peer 10.70.70.50 as-number 65535
peer 10.70.70.50 connect-interface LoopBack10
#
address-family ipv4 tnl-encap-ext
peer 10.70.70.20 enable
peer 10.70.70.20 reflect-client
peer 10.70.70.30 enable
peer 10.70.70.30 reflect-client
peer 10.70.70.50 enable
peer 10.70.70.50 reflect-client
address-family l2vpn evpn
undo policy vpn-target
peer 10.70.70.20 enable
peer 10.70.70.20 reflect-client
peer 10.70.70.20 advertise encap-type sdwan
peer 10.70.70.30 enable
peer 10.70.70.30 reflect-client
peer 10.70.70.30 advertise encap-type sdwan
peer 10.70.70.50 enable
peer 10.70.70.50 reflect-client
peer 10.70.70.50 advertise encap-type sdwan
ip route-static 0.0.0.0 0 218.xx.xx.yy
stun server ip 218.xx.xx.xx port 8510 alternative-ip 111.206.174.3 alternative-port 3478
sdwan site-id 10
sdwan site-name wnd
sdwan device-id 1
sdwan encapsulation global-udp-port 6668
sdwan system-ip LoopBack10
sdwan site-role rr
sdwan server port 6661
sdwan server enable
分支CPE1:
interface Eth-channel1/0:0
dialer circular enable
dialer-group 89
dialer timer autodial 5
dialer number *99# autodial
ip address cellular-alloc
tcp mss 1280
nat outbound
nat hairpin enable
apn-profile apply profile69
interface Tunnel10 mode sdwan udp
ip address unnumbered interface Eth-channel1/0:0
source Eth-channel1/0:0
tunnel out-interface Eth-channel1/0:0
stun client destination-ip 218.XX.XX.XX destination-port 8510 tunnel protection ipsec profile prf1
sdwan interface-id 35
sdwan routing-domain rda id 10
sdwan transport-network tna id 10
bgp 65535
peer 10.70.70.254 as-number 65535
peer 10.70.70.254 connect-interface LoopBack10
#
address-family ipv4 tnl-encap-ext
peer 10.70.70.254 enable
#
address-family l2vpn evpn
peer 10.70.70.254 enable
peer 10.70.70.254 advertise encap-type sdwan
ssl client-policy plc1
prefer-cipher rsa_aes_256_cbc_sha
undo server-verify enable
sdwan site-id 20
sdwan site-name msr810_03
sdwan device-id 1
sdwan encapsulation global-udp-port 6668
sdwan system-ip LoopBack10
sdwan site-role cpe
sdwan ssl-client-policy plc1
sdwan server system-ip 10.70.70.254 ip 218.XX.XX.XX port 6661
CPE2 CPE3 配置与CPE1类似, 此处不再上传
问题:
CPE1 CPE2 CPE3 均能与总部RR建立tte连接,但是cpe之间无法建立导致cpe间无法互通,应如果处理?
CPE1查看tte连接信息及site-tte
<MSR810-LM_03>display sdwan site-tte
1 10.70.70.50 100 UP UDP IPv4 Disabled Enabled 10 10
总部查看tte连接信息及site-tte
- 2025-01-10提问
- 举报
-
(1)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论