msr3620+s3110 VPN问题

3620路由，带VPN实例能ping 通   10.55.197.4

<CQBS-QUANDB.R1>ping -vpn-instance vpn-nrt 10.55.197.4

Ping 10.55.197.4 (10.55.197.4): 56 data bytes, press CTRL_C to break

56 bytes from 10.55.197.4: icmp_seq=0 ttl=61 time=11.245 ms

56 bytes from 10.55.197.4: icmp_seq=1 ttl=61 time=4.038 ms

56 bytes from 10.55.197.4: icmp_seq=2 ttl=61 time=4.085 ms

56 bytes from 10.55.197.4: icmp_seq=3 ttl=61 time=4.029 ms

56 bytes from 10.55.197.4: icmp_seq=4 ttl=61 time=4.041 ms

--- Ping statistics for 10.55.197.4 in VPN instance vpn-nrt ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.029/5.488/11.245/2.879 ms

<CQBS-QUANDB.R1>%Nov 12 16:43:59:361 2018 CQBS-QUANDB.R1 PING/6/PING_VPN_STATISTICS: Ping statistics for 10.55.197.4 in VPN instance vpn-nrt: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 4.029/5.488/11.245/2.879 ms.

<CQBS-QUANDB.R1>

路由下的交换机却无法ping通。

<CQ-QUANDB1.S1>ping 10.55.197.4

  PING 10.55.197.4: 56  data bytes, press CTRL_C to break

    Request time out

    Request time out

    Request time out

    Request time out

    Request time out

  --- 10.55.197.4 ping statistics ---

    5 packet(s) transmitted

    0 packet(s) received

    100.00% packet loss

<CQ-QUANDB1.S1>

是哪里出了问题？

附路由和交换机配置

<CQBS-QUANDB1.S2>

<CQBS-QUANDB1.S2>dis cu

#

 version 5.20.99, Release 1107

#

 sysname CQBS-QUANDB1.S2

#

 domain default enable system

#

 ipv6

#

 undo ip http enable

#

 password-recovery enable

#

acl number 2001

 rule 0 permit source 10.55.0.0 0.0.255.255

 rule 5 permit source 55.0.0.0 0.255.255.255

 rule 10 deny

#

vlan 1

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

 public-key peer 55.132.3.124

  public-key-code begin

   30819F300D06092A864886F70D010101050003818D0030818902818100BD71E26DAACBBD15

   50032482B013F775FA3DC7E678DA829AFF3E6C6DFF98019DD7C2272CBEC724DFA315CB9FF6

   4C8E6AD3D1C569B8295D483B7FE11361D912034AF05FA467EDB9831466DEA44F19925BA975

   A49746B97D3ECFD49CA3EDD0F5C97A597514EDE0E23419C11782932EC6688B1C099EAB203C

   8F8AEEAA8D4385EFE10203010001

  public-key-code end

 peer-public-key end

#

user-group system

 group-attribute allow-guest

#

local-user cqdl-con

 password cipher $c$3$grcYK/eHZ5q+S9OwWAe+dzE2MIXos8m3luEVxQ==

 authorization-attribute level 3

 service-type terminal

local-user cqdl-ssh

 password cipher $c$3$lUr4gH+zYzX9zNjj9BfcIr3ewOK7c+489K74WQ==

 authorization-attribute level 3

 service-type ssh

#

interface NULL0

#

interface Vlan-interface1

 ip address 55.132.3.124 255.255.255.128

#

interface Ethernet1/0/1

 description TO R1

 port link-type trunk

 port trunk permit vlan all

#

interface Ethernet1/0/2

 ip source binding mac-address 0060-6e77-9d94

#

interface Ethernet1/0/3

 shutdown

#

interface Ethernet1/0/4

 shutdown

#

interface Ethernet1/0/5

 shutdown

#               

interface Ethernet1/0/6

 shutdown

#

interface Ethernet1/0/7

 shutdown

#

interface Ethernet1/0/8

 shutdown

#

interface Ethernet1/0/9

 shutdown

#

interface Ethernet1/0/10

 shutdown

#

interface Ethernet1/0/11

 shutdown

#

interface Ethernet1/0/12

 shutdown

#

interface Ethernet1/0/13

 shutdown       

#

interface Ethernet1/0/14

 shutdown

#

interface Ethernet1/0/15

 shutdown

#

interface Ethernet1/0/16

 shutdown

#

interface Ethernet1/0/17

 shutdown

#

interface Ethernet1/0/18

 shutdown

#

interface Ethernet1/0/19

 shutdown

#

interface Ethernet1/0/20

 ip source binding mac-address 0425-c59b-cc74

#

interface Ethernet1/0/21

 shutdown

#

interface Ethernet1/0/22

 shutdown

#

interface Ethernet1/0/23

 shutdown

#

interface Ethernet1/0/24

 shutdown

#

interface GigabitEthernet1/0/25

 shutdown

#

interface GigabitEthernet1/0/26

 shutdown

#

 ip route-static 10.55.0.0 255.255.255.0 55.132.3.126

 ip route-static 55.0.0.0 255.0.0.0 55.132.3.126

#

 info-center loghost 10.55.20.124

#

 ntp-service unicast-server 10.55.197.28

#

 ssh server enable

 ssh user cqdl-ssh service-type stelnet authentication-type password

 ssh client authentication server 55.132.3.124 assign publickey 55.132.3.124

#

 load xml-configuration

#

 load tr069-configuration

#

user-interface aux 0

 authentication-mode scheme

 idle-timeout 5 0

user-interface vty 0 4

 authentication-mode scheme

 idle-timeout 5 0

user-interface vty 5 15

#

return

<CQBS-QUANDB1.S2>    quit

Connection to 55.132.3.124 closed.

<CQBS-QUANDB.R1>dis cu

#

 version 7.1.059, Release 0306P11

#

 sysname CQBS-QUANDB.R1

#

ip vpn-instance vpn-nrt

 route-distinguisher 25520:2

 vpn-target 25520:2220 30000:802 20000:200 import-extcommunity

 vpn-target 25520:2220 25588:200 export-extcommunity

#

ip vpn-instance vpn-rt

 route-distinguisher 25520:1

 vpn-target 25520:1220 30000:801 20000:100 import-extcommunity

 vpn-target 25520:1220 25588:100 export-extcommunity

#

 router id 55.2.69.6

#

ospf 1

 bandwidth-reference 1000

 area 0.0.0.1

  network 55.2.69.6 0.0.0.0

  network 55.3.184.20 0.0.0.3

  network 55.3.188.20 0.0.0.3

#              

 mpls lsr-id 55.2.69.6

 mpls ttl propagate vpn

#

 password-recovery enable

#

vlan 1

#

traffic classifier c_vpn-nrt-in operator and

 if-match acl 2001

#

traffic classifier c_vpn-nrt-out operator and

 if-match mpls-exp 3

#

traffic classifier c_vpn-rt-in operator and

 if-match acl 2001

#

traffic classifier c_vpn-rt-out operator and

 if-match mpls-exp 4

#

traffic behavior b_vpn-nrt-in

 remark dscp af31

#

traffic behavior b_vpn-nrt-out

 queue af bandwidth pct 30

#

traffic behavior b_vpn-rt-in

 remark dscp af41

#

traffic behavior b_vpn-rt-out

 queue af bandwidth pct 70

#

qos policy p_vpn-nrt-in

 classifier c_vpn-nrt-in behavior b_vpn-nrt-in

#

qos policy p_vpn-out

 classifier c_vpn-rt-out behavior b_vpn-rt-out

 classifier c_vpn-nrt-out behavior b_vpn-nrt-out

#

qos policy p_vpn-rt-in

 classifier c_vpn-rt-in behavior b_vpn-rt-in

#

mpls ldp

#

controller Cellular0/0

#

interface Async3/0

 shutdown

#

interface Async3/1

 shutdown

#

interface Async3/2

 shutdown

#

interface Async3/3

 shutdown

#

interface Async3/4

 shutdown

#

interface Async3/5

 shutdown

#

interface Async3/6

 shutdown

#

interface Async3/7

 shutdown

#              

interface Serial1/0

 description DD2-QUANDB1-2M

 fe1 unframed

 ppp mp MP-group1

#

interface Serial1/1

 description DD2-QUANDB1-2M

 fe1 unframed

 ppp mp MP-group1

#

interface Serial2/0

 description BD1-QUANDB1-2M

 fe1 unframed

 ppp mp MP-group2

#

interface Serial2/1

 description BD1-QUANDB1-2M

 fe1 unframed

 ppp mp MP-group2

#

interface MP-group1

 ip address 55.3.184.22 255.255.255.252

 ospf authentication-mode md5 1 cipher $c$3$y4+uW8YK1FhspjYjnQypfyBtyk2GXpDpdQ==

 mpls enable

 mpls ldp enable

 mpls ldp transport-address interface

#

interface MP-group2

 ip address 55.3.188.22 255.255.255.252

 ospf authentication-mode md5 1 cipher $c$3$a461ficvJKvPajqgB+my8nsGLfF40f/izQ==

 mpls enable

 mpls ldp enable

 mpls ldp transport-address interface

#

interface NULL0

#

interface LoopBack0

 ip address 55.2.69.6 255.255.255.255

#

interface GigabitEthernet0/0

 port link-mode route

 combo enable copper

 shutdown

#

interface GigabitEthernet0/1

 port link-mode route

 combo enable copper

 shutdown

#

interface GigabitEthernet0/2

 port link-mode route

 combo enable copper

 shutdown

#

interface GigabitEthernet0/3

 port link-mode route

 combo enable copper

 shutdown

#

interface GigabitEthernet0/4

 port link-mode route

 shutdown

#

interface GigabitEthernet0/5

 port link-mode route

 shutdown

#

interface GigabitEthernet5/0

 port link-mode route

 description R1-S2

 ip binding vpn-instance vpn-nrt

 ip address 55.132.3.126 255.255.255.128

#

interface GigabitEthernet6/0

 port link-mode route

 description R1-S1

 ip binding vpn-instance vpn-rt

 ip address 55.131.3.126 255.255.255.128

#

interface GigabitEthernet5/1

 port link-mode bridge

 shutdown

#

interface GigabitEthernet5/2

 port link-mode bridge

 shutdown

#

interface GigabitEthernet5/3

 port link-mode bridge

 shutdown

#

interface GigabitEthernet5/4

 port link-mode bridge

 shutdown

#

interface GigabitEthernet5/5

 port link-mode bridge

 shutdown

#

interface GigabitEthernet5/6

 port link-mode bridge

 combo enable copper

 shutdown

#

interface GigabitEthernet5/7

 port link-mode bridge

 combo enable copper

 shutdown

#

interface GigabitEthernet6/1

 port link-mode bridge

 shutdown

#

interface GigabitEthernet6/2

 port link-mode bridge

 shutdown

#

interface GigabitEthernet6/3

 port link-mode bridge

 shutdown

#

interface GigabitEthernet6/4

 port link-mode bridge

 shutdown

#

interface GigabitEthernet6/5

 port link-mode bridge

 shutdown

#

interface GigabitEthernet6/6

 port link-mode bridge

 combo enable copper

 shutdown

#

interface GigabitEthernet6/7

 port link-mode bridge

 combo enable copper

 shutdown      

#

bgp 25520

 group ibgp-peer internal

 peer ibgp-peer connect-interface LoopBack0

 peer 55.2.68.2 group ibgp-peer

 peer 55.2.68.5 group ibgp-peer

 #

 address-family ipv4 unicast

  peer ibgp-peer enable

 #

 address-family vpnv4

  peer ibgp-peer enable

 #

 ip vpn-instance vpn-nrt

  #

  address-family ipv4 unicast

   import-route direct

 #

 ip vpn-instance vpn-rt

  #

  address-family ipv4 unicast

   import-route direct

#              

 scheduler logfile size 16

#

line class console

 authentication-mode scheme

 user-role level-15

 user-role network-admin

 idle-timeout 5 0

#

line class tty

 user-role network-operator

#

line class vty

 user-role network-operator

#

line con 0

 user-role network-admin

#

line tty 49 56

 user-role network-operator

#

line vty 0 4

 authentication-mode scheme

 user-role level-15

 user-role network-admin

 protocol inbound ssh

 idle-timeout 5 0

#

line vty 5 63

 user-role network-operator

#

 info-center loghost 5.254.55.1

 info-center loghost 5.254.55.129

 info-center loghost 55.254.20.1

#

 snmp-agent

 snmp-agent local-engineid 800063A280600B031D198000000001

 snmp-agent community read CQEP-READ

 snmp-agent community write CQEP-WRITE

 snmp-agent sys-info version v3

 snmp-agent group v3 CQEP privacy read-view CQEP-READ write-view CQEP-WRITE notify-view CQEP-READ

 snmp-agent target-host trap address udp-domain 5.254.55.1 params securityname CQEP-READ

 snmp-agent target-host trap address udp-domain 5.254.55.129 params securityname CQEP-READ

 snmp-agent target-host trap address udp-domain 55.254.20.1 params securityname CQEP-READ

 snmp-agent mib-view included CQEP-READ iso

 snmp-agent mib-view included CQEP-WRITE iso

 snmp-agent usm-user v3 cqdl CQEP cipher authentication-mode sha $c$3$+cWFUUnB6LHvuX5AmN0gY8rkJ8HgbV20mYR3Zv+poVkEWKwEApc= privacy-mode des56 $c$3$Ux34l61gwHX60u6nrp3zUKr/VcTdbwriBKH6sNP9jlLqpA==

 snmp-agent trap source LoopBack0

#

 ssh server enable

 ssh user cqdl-ssh service-type stelnet authentication-type password

 ssh server acl 2002

#

 ntp-service unicast-server 55.2.68.2

 ntp-service unicast-server 55.2.68.5

#

acl basic 2002

 rule 0 permit source 5.254.55.0 0.0.0.255

 rule 5 permit source 55.254.0.0 0.0.255.255

 rule 10 permit source 55.3.0.0 0.0.255.255

 rule 15 deny

#

domain system

#

 domain default enable system

#

role name level-0

 description Predefined level-0 role

#

role name level-1

 description Predefined level-1 role

#

role name level-2

 description Predefined level-2 role

#

role name level-3

 description Predefined level-3 role

#

role name level-4

 description Predefined level-4 role

#

role name level-5

 description Predefined level-5 role

#

role name level-6

 description Predefined level-6 role

#

role name level-7

 description Predefined level-7 role

#

role name level-8

 description Predefined level-8 role

#              

role name level-9

 description Predefined level-9 role

#

role name level-10

 description Predefined level-10 role

#

role name level-11

 description Predefined level-11 role

#

role name level-12

 description Predefined level-12 role

#

role name level-13

 description Predefined level-13 role

#

role name level-14

 description Predefined level-14 role

#

user-group system

#

local-user cqdl-con class manage

 password hash $h$6$lUu9DnItfewvVrYh$ThKO3KrcdPLZiMKJteO4mguaEwyM7R2mH2Ddh02SkFzIuVcqy2mZDUDcLjLtxexJR6nKcF+YalSAov1Qxyi5IQ==

 service-type terminal

 authorization-attribute user-role level-15

 authorization-attribute user-role network-admin

#

local-user cqdl-ssh class manage

 password hash $h$6$QLFOsRrdxmA4rgRx$jsSJQUtFAV6+OXNbmzA7hx/ej6q08FEII0cWYh781IxlHjksBR75hqdY53ZFz6+Rav1kGt3ql+e07xzjDD/VNQ==

 service-type ssh

 authorization-attribute user-role level-15

 authorization-attribute user-role network-admin

#

public-key peer 55.131.3.124

 public-key-code begin

   30819F300D06092A864886F70D010101050003818D0030818902818100BD89B02D2585C490

   FECFF6FEF07F25B9F98CE910F130FC47F7BF46EFFB06381B849FA4ADF5DA1C74C21FFB3F0F

   36CF5B3C1F4766278A9D6E2464381EC7C0EF585BA4B20E5526C9B5ED81DE424FD77789A92E

   9E55491C06413DCFB7DB93733210BAE1E234D8219A165ECDDCC16BF1F03F76DD6F1B024833

   79419584D72223AF690203010001

 public-key-code end

 peer-public-key end

#

public-key peer 55.132.3.124

 public-key-code begin

   30819F300D06092A864886F70D010101050003818D0030818902818100BD71E26DAACBBD15

   50032482B013F775FA3DC7E678DA829AFF3E6C6DFF98019DD7C2272CBEC724DFA315CB9FF6

   4C8E6AD3D1C569B8295D483B7FE11361D912034AF05FA467EDB9831466DEA44F19925BA975

   A49746B97D3ECFD49CA3EDD0F5C97A597514EDE0E23419C11782932EC6688B1C099EAB203C

   8F8AEEAA8D4385EFE10203010001

 public-key-code end

 peer-public-key end

#

return