现场连接拓扑如下,使用1/6/0/41接口和1/6/0/42接口互连,其中1/6/0/42接口下绑定了VPN实例,实例名为VRF。
(本案例为保护隐私,将地址部分信息进行了隐匿,请知悉)
S7506E上两个三层接口,一个接口加入vpn实例,一个接口不加vpn实例,互联ping不通。查看设备接口都无法学习到对端接口的arp信息。
现场使用聚合口和单接口对接场景都是这种现象:
之前使用聚合口对接:
RAGG878---RAGG879
现在使用单接口对接:
1/6/0/41---1/6/042
1.首先检查两端接口的配置信息如下,检查配置都正常:
#
interface GigabitEthernet1/6/0/41
port link-mode route
ip address *.240.128.153 255.255.255.248
#
interface GigabitEthernet1/6/0/42
port link-mode route
ip binding vpn-instance VRF
ip address *.240.128.154 255.255.255.248
#
2.查看下两端接口是否能正常up,查看接口信息如下,可以发现接口地址以及接口状态都是正常:
===============display interface brief===============
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
GE1/6/0/41 UP UP *.240.128.153
GE1/6/0/42 UP UP *.240.128.154
3.查看ping测试情况如下,两端互ping异常,都无法互通:
Ping *.240.128.154 (*.240.128.154) from *.240.128.153: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
Ping *.240.128.153 (*.240.128.153): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
4.检查ARP表项,无论是全局ARP表项还是vpn实例ARP表项都没有对段接口的ARP表项。后来查看接口详细信息如下:
GigabitEthernet1/6/0/41
Current state: UP
Line protocol state: UP
Internet address: 36.240.128.153/29 (primary)
IP packet frame type: Ethernet II, hardware address: ac74-098c-a801
GigabitEthernet1/6/0/42
Current state: UP
Line protocol state: UP
Internet address: 36.240.128.154/29 (primary)
IP packet frame type: Ethernet II, hardware address: ac74-098c-a801
经查看接口详细信息发现,两个互通的接口的MAC地址是相同的,后续和产品线工程师进行确认,7500E系列的设备的接口的mac地址是一样的,这样的话,设备收到arp请求报文时,如果源MAC为自身接口MAC,不会学习ARP。故导致ping不通的情况产生。
后与产品线工程师确认,可以考虑使用配置静态arp方法。另外在端口上配置关闭报文入接口与静态MAC地址表项匹配检查功能(undo mac-address static source-check enable)。下面提供下使用vlan虚接口互通以及使用三层物理口互通的场景下的配置实现方式案例,并分别进行下说明:
(1)使用vlan虚接口互通时,具体配置如下:
#
interface
Vlan-interface10
ip address 10.0.0.1 255.0.0.0
#
interface
GigabitEthernet1/1/0/22
port link-mode
bridge
port access vlan
10
undo mac-address static source-check enable
#
interface
Vlan-interface11
ip binding vpn-instance
vpna
ip address 10.0.0.2 255.0.0.0
#
interface
GigabitEthernet1/1/0/24
port link-mode bridge
port access vlan
11
undo mac-address static source-check enable
#
ip vpn-instance vpna
route-distinguisher 100:1
#
arp static 10.0.0.2 0000-fc00-3a7b 10 GigabitEthernet1/1/0/22
arp static 10.0.0.1 0000-fc00-3a7b 11 GigabitEthernet1/1/0/24 vpn-instance vpna
[HP]dis
arp
Type: S-Static D-Dynamic
O-Openflow R-Rule M-Multiport
I-Invalid
IP address MAC
address VLAN/VSI
Interface
Aging Type
10.0.0.2 0000-fc00-3a7b
10
GE1/1/0/22
--
S
10.0.0.1 0000-fc00-3a7b 11 GE1/1/0/24 -- S
[HP]ping
10.0.0.2
Ping 10.0.0.2 (10.0.0.2): 56 data bytes, press CTRL+C to
break
56 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=3.973
ms
56 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=8.011 ms
[HP]ping -vpn-instance vpna -a 10.0.0.2
10.0.0.1
Ping 10.0.0.1 (10.0.0.1) from 10.0.0.2: 56 data bytes, press
CTRL+C to
break
56 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=3.930
ms
56 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=4.330 ms
(2)使用三层物理口互通时,具体配置方式如下;
#
interface GigabitEthernet2/3/0/19
port link-mode route
combo enable copper
ip address 10.10.10.20 255.255.255.0
undo mac-address static source-check enable
#
interface GigabitEthernet2/3/0/20
port link-mode route
combo enable copper
ip binding vpn-instance xumeng
ip address 10.10.10.10 255.255.255.0
undo mac-address static source-check enable
#
ip vpn-instance xumeng
route-distinguisher 100:1
#
arp static 10.10.10.10 5cdd-704f-113d
arp static 10.10.10.20 5cdd-704f-113d vpn-instance xumeng
#
[S105-1]ping -a 10.10.10.20 10.10.10.10
Ping 10.10.10.10 (10.10.10.10) from 10.10.10.20: 56 data bytes, press CTRL_C to break
56 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=3.151 ms
56 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=2.746 ms
56 bytes from 10.10.10.10: icmp_seq=2 ttl=255 time=2.429 ms
56 bytes from 10.10.10.10: icmp_seq=3 ttl=255 time=2.416 ms
56 bytes from 10.10.10.10: icmp_seq=4 ttl=255 time=2.833 ms
[S105-1]ping -vpn-instance xumeng -a 10.10.10.10 10.10.10.20 //vpn始发流量
Ping 10.10.10.20 (10.10.10.20) from 10.10.10.10: 56 data bytes, press CTRL_C to break
56 bytes from 10.10.10.20: icmp_seq=0 ttl=255 time=2.930 ms
56 bytes from 10.10.10.20: icmp_seq=1 ttl=255 time=2.480 ms
56 bytes from 10.10.10.20: icmp_seq=2 ttl=255 time=2.462 ms
56 bytes from 10.10.10.20: icmp_seq=3 ttl=255 time=2.616 ms
56 bytes from 10.10.10.20: icmp_seq=4 ttl=255 time=2.363 ms
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作