• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
案例类型
搜索
取消
产品线
关键字
发布者
发布时间

两台H3C路由器互联配置后,网关互ping不通

  • 0关注
  • 0收藏,59浏览
0

问题描述:

这是两台路由器的配置,各位大神能给指导指导吗?

站端

<zhanduan1>dis cu
#
 version 5.20, Release 1508P02, Standard
#
 sysname zhanduan1
#
 clock timezone Beijing add 08:00:00
#
 domain default enable system
#
 router id 37.2.92.160
#
ip vpn-instance vpn-rt
 route-distinguisher 23726:1
 vpn-target 23726:101 export-extcommunity
 vpn-target 23726:100 20000:100 30000:100 import-extcommunity
#
ip vpn-instance vpn-nrt
 route-distinguisher 23726:2
 vpn-target 23726:201 export-extcommunity
 vpn-target 23726:200 20000:200 30000:200 import-extcommunity
#
ip vpn-instance vpn-pw
 route-distinguisher 23726:4
 vpn-target 23726:401 export-extcommunity
 vpn-target 23726:400 import-extcommunity
#
vlan 1
#
vlan 10
 description NMS
#
vlan 199
 description To_vpn-rt
#
vlan 299
 description To_vpn-nrt
#
vlan 499
 description To_vpn-pw
#
mpls lsr-id 37.2.92.160
#
mpls
#
mpls ldp
#
domain system  
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
local-user bzzdh
 password cipher IV/L%>K11XF,YWX*NZ55OA!!
 service-type ssh terminal
#
acl number 2000
 rule 1 permit source 37.172.0.250 0
 rule 2 permit source 37.172.0.200 0
 rule 3 permit source 37.172.160.1 0
 rule 5 deny
acl number 2001
 rule 1 permit source 37.172.0.250 0
#
acl number 3001
 rule 0 deny tcp destination-port eq 135
 rule 5 deny tcp destination-port eq 137
 rule 10 deny tcp destination-port eq 138
 rule 15 deny tcp destination-port eq 139
 rule 20 deny tcp destination-port eq 445
 rule 25 deny udp destination-port eq 135
 rule 30 deny udp destination-port eq netbios-ns
 rule 35 deny udp destination-port eq netbios-dgm
 rule 40 deny udp destination-port eq netbios-ssn
 rule 45 deny udp destination-port eq 445
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Serial6/0
 link-protocol ppp
#
interface Serial6/1
 link-protocol ppp
#
interface Serial6/2
 link-protocol ppp
#
interface Serial6/3
 link-protocol ppp
#
interface NULL0
#
interface LoopBack0
 ip address 37.2.92.160 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0.10
 vlan-type dot1q vid 10
 description To_NMS
 ip address 37.172.160.30 255.255.255.240
#
interface GigabitEthernet0/0.199
 vlan-type dot1q vid 199
 description to vpn-rt
 ip binding vpn-instance vpn-rt
 ip address 37.173.160.126 255.255.255.128
#
interface GigabitEthernet0/0.299
 vlan-type dot1q vid 299
 description to vpn-nrt
 ip binding vpn-instance vpn-nrt
 ip address 37.174.160.126 255.255.255.128
#
interface GigabitEthernet0/1
 port link-mode route
 ip address 37.172.160.2 255.255.255.252
 ospf cost 10
 mpls
 mpls ldp
#
bgp 23726
 undo synchronization
 timer keepalive 5 hold 15
 group hexin internal
 peer hexin connect-interface LoopBack0
 peer 37.2.92.170 group hexin
 #
 ipv4-family vpnv4
  peer hexin enable
  peer 37.2.92.170 enable
  peer 37.2.92.170 group hexin
 #
 ipv4-family vpn-instance vpn-rt
  import-route direct
 #
 ipv4-family vpn-instance vpn-nrt
  import-route direct
 #
 ipv4-family vpn-instance vpn-pw
  import-route direct
#
ospf 1
 import-route direct
 area 0.0.0.1
  network 37.172.160.0 0.0.0.3
#
 ip route-static 37.172.160.0 255.255.255.252 37.172.160.1
 ip route-static 37.173.0.0 255.255.0.0 37.172.160.1
 ip route-static 37.174.0.0 255.255.0.0 37.172.160.1
#
 ssh server enable
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
 acl 2000 inbound
 authentication-mode scheme
 idle-timeout 5 0
 protocol inbound ssh
#
return


核心

<hexin>dis cu
#
 version 5.20, Release 1508P02, Standard
#
 sysname hexin
#
 clock timezone Beijing add 08:00:00
#
 domain default enable system
#
 router id 37.2.92.170
#
ip vpn-instance vpn-rt
 route-distinguisher 23726:1
 vpn-target 23726:100 20000:100 30000:100 export-extcommunity
 vpn-target 23726:101 23726:100 30000:100 20000:100 import-extcommunity
#
ip vpn-instance vpn-nrt
 route-distinguisher 23726:2
 vpn-target 23726:201 export-extcommunity
 vpn-target 23726:200 20000:200 30000:200 import-extcommunity
#
ip vpn-instance vpn-pw
 route-distinguisher 23726:4
 vpn-target 23726:401 export-extcommunity
 vpn-target 23726:400 import-extcommunity
#
vlan 1
#
vlan 10
 description NMS
#
vlan 199
 description To_vpn-rt
#
vlan 299
 description To_vpn-nrt
#
vlan 499
 description To_vpn-pw
#
mpls lsr-id 37.2.92.170
#
mpls
#
mpls ldp
#
domain system  
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
local-user admin
 password cipher H;-]Ma5VSZD=`&4T-(O7UH*2_*aAEH84Z7W/O2`\89H>(,<4Z,BO&L"TX$_S#6.NM(0=0\)*5WWQ=^Q`MAF4<1!!
 service-type telnet
local-user bzzdh
 password cipher IV/L%>K11XF,YWX*NZ55OA!!
 service-type ssh terminal
#
acl number 2000
 rule 1 permit source 37.172.0.250 0
 rule 2 permit source 37.172.0.200 0
 rule 3 permit source 37.172.160.1 0
 rule 5 deny
acl number 2001
 rule 1 permit source 37.172.0.250 0
#
acl number 3001
 rule 0 deny tcp destination-port eq 135
 rule 5 deny tcp destination-port eq 137
 rule 10 deny tcp destination-port eq 138
 rule 15 deny tcp destination-port eq 139
 rule 20 deny tcp destination-port eq 445
 rule 25 deny udp destination-port eq 135
 rule 30 deny udp destination-port eq netbios-ns
 rule 35 deny udp destination-port eq netbios-dgm
 rule 40 deny udp destination-port eq netbios-ssn
 rule 45 deny udp destination-port eq 445
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Serial6/0
 link-protocol ppp
#
interface Serial6/1
 link-protocol ppp
#
interface Serial6/2
 link-protocol ppp
#
interface Serial6/3
 link-protocol ppp
#
interface NULL0
#
interface LoopBack0
 ip address 37.2.92.170 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0.10
 vlan-type dot1q vid 10
 description To_NMS
 ip address 37.172.170.30 255.255.255.240
#
interface GigabitEthernet0/0.199
 vlan-type dot1q vid 199
 description vpn-rt
 ip binding vpn-instance vpn-rt
 ip address 37.173.170.126 255.255.255.128
#
interface GigabitEthernet0/0.299
 vlan-type dot1q vid 299
 description vpn-nrt
 ip binding vpn-instance vpn-nrt
 ip address 37.174.92.126 255.255.255.128
#
interface GigabitEthernet0/1
 port link-mode route
 description to zhuanduan1
 ip address 37.172.160.1 255.255.255.252
 ospf cost 10
#
bgp 23726
 undo synchronization
 timer keepalive 5 hold 15
 group zhanduan1 internal
 peer zhanduan1 connect-interface LoopBack0
 peer 37.2.92.160 group zhanduan1
 #
 ipv4-family vpnv4
  peer zhanduan1 enable
  peer zhanduan1 route-policy Deny-DD-Sum-Pri export
  peer 37.2.92.160 enable
  peer 37.2.92.160 group zhanduan1
 #
 ipv4-family vpn-instance vpn-rt
  import-route direct
 #
 ipv4-family vpn-instance vpn-nrt
  import-route direct
#
ospf 1
 import-route direct
 area 0.0.0.1
  description to zhanduan
  network 37.172.160.0 0.0.0.3
#
 ip route-static 37.173.0.0 255.255.0.0 37.172.160.2
 ip route-static 37.173.160.0 255.255.255.0 37.172.160.2
 ip route-static 37.174.0.0 255.255.0.0 37.172.160.2
#
user-interface con 0
 authentication-mode scheme
 idle-timeout 5 0
user-interface aux 0
user-interface vty 0 4
 acl 2000 inbound
 authentication-mode scheme
 idle-timeout 5 0
 protocol inbound ssh
#
return

<hexin>ping -vpn-instance vpn-rt 37.173.170.2
  PING 37.173.170.2: 56  data bytes, press CTRL_C to break
    Reply from 37.173.170.2: bytes=56 Sequence=1 ttl=128 time=1 ms
    Reply from 37.173.170.2: bytes=56 Sequence=2 ttl=128 time=1 ms
    Reply from 37.173.170.2: bytes=56 Sequence=3 ttl=128 time=1 ms
    Reply from 37.173.170.2: bytes=56 Sequence=4 ttl=128 time=1 ms
    Reply from 37.173.170.2: bytes=56 Sequence=5 ttl=128 time=1 ms

  --- 37.173.170.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/1/1 ms

<hexin>ping -vpn-instance vpn-rt 37.173.160.126
  PING 37.173.160.126: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

组网及组网描述:


最佳答案

0

问题

1:dis mpls ldp peer
你的mpls邻居就没建立
1:核心侧对联接口,没有使能
2:即使你使能了,也无法建立,因为核心与分支没有彼此的loopback路由

2:dis bgp peer vpnv4
不用说,你的BGP邻居根本无法建立,原因如同mpls无法建立的第二点,分支与核心侧没有彼此的更新源路由

处理
1:宣告彼此的loopback口
2:核心侧对联接口的,使能mpls

Bgp 和ospf都建立了啊。

请你不要到处扣扣 发表时间:2019-09-11

没注意到你把直连宣告到OSPF,BGP确实能起来.但是你的MPLS,起不来,你上面的配置就没使能

一页书 发表时间:2019-09-11
1 个回答
0

先看看路由学到没

有到loopback地址的路由,业务的加的静态路由

请你不要到处扣扣 发表时间:2019-09-11

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明