《CISCO路由器MPLSVPN配置实例.doc》由会员分享,可在线阅读,更多相关《CISCO路由器MPLSVPN配置实例.doc(12页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、CISCO 路由器MPLS VPN配置实例 (2021-07-23 23:20:33) 标签: it 分类: IT 目 录一、网络环境. 3二、网络描述. 3三、网络拓扑图. 4四、P路由器配置. 4五、PE1路由器配置. 6六、PE2路由器配置. 9七、CE1路由器配置. 11八、CE2路由器配置. 13九、业务测试. 14一、网络环境由5台CISCO7204组成的网络,一台为P路由器,两台PE路由器,两台CE路由器;二、网络描述在P和两台PE路由器这间通过OSPF动态路由协议完成MPLS网络的建立,两台PE路由器这间启用BGP路由协议,在PE路由器上向所属的CE路由器指VPN路由,在CE路
2、由器中向PE路由器配置静态路由。配置思路:1、在P和两台PE路由器这间通过OSPF动态路由协议,在P和PE路由器两两互连的端口上启用MPLS,两台PE之间的路为备份路由,这属公网路由。2、两台PE路由器这间启用BGP路由协议,这使得属于VPN的IP地址能在两个网络两台CE所属的网络互相发布,这属私网VPN路由。3、在PE路由器上向所属的CE路由器指VPN路由,这打通了两个网络两台CE所属的网络之间的路由。三、网络拓扑图四、P路由器配置p#SHOW RUNBuilding configuration. Current configuration : 1172 bytes!service time
3、stamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname p!boot-start-markerboot-end-marker!no aaa new-modelip subnet-zero!ip cefip audit po max-events 100!interface Loopback0!interface FastEthernet0/0 description to_r2 ip ospf cost 20 duplex full tag-swi
4、tching mtu 1508 tag-switching ip!interface FastEthernet1/0 description to_r3 ip ospf cost 20 duplex full tag-switching mtu 1508 tag-switching ip!interface FastEthernet2/0 no ip address shutdown duplex half!interface FastEthernet3/0 no ip address shutdown duplex half!router ospf 100 log-adjacency-cha
5、nges redistribute connected subnets redistribute static subnets network 10.1.1.6 0.0.0.0 area 0 network 10.1.1.10 0.0.0.0 area 0!ip classlessno ip serverno ip secure-server!gatekeeper shutdown!line con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!end p# 五、
6、PE1路由器配置pe1#show runBuilding configuration. Current configuration : 1813 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname pe1!boot-start-markerboot-end-marker!no aaa new-modelip subnet-zero!ip vrf vpna rd 1:100 route-target expor
7、t 200:1 route-target import 200:1! ip cefip audit po max-events 100!interface Loopback0! interface FastEthernet0/0 description to_r5 ip vrf forwarding vpna duplex full tag-switching ip!interface FastEthernet1/0 description to_r1 ip ospf cost 20 duplex full tag-switching mtu 1508 tag-switching ip!int
8、erface FastEthernet2/0 ip ospf cost 100 duplex full tag-switching mtu 1508 tag-switching ip!interface FastEthernet3/0 no ip address shutdown duplex half!router ospf 100 log-adjacency-changes redistribute connected metric-type 1 subnets network 10.1.1.0 0.0.0.255 area 0 network 202.98.4.0 0.0.0.255 a
9、rea 0!router bgp 100 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 202.98.4.2 remote-as 100 neighbor 202.98.4.2 update-source Loopback0 neighbor 202.98.4.2 version 4 ! address-family vpnv4 neighbor 202.98.4.2 activate neighbor 202.98.4.2 send-community extended exit-address-family !
10、address-family ipv4 vrf vpna redistribute connected redistribute static no auto-summary no synchronization exit-address-family!ip classlessno ip serverno ip secure-server!ip ospf name-lookup!gatekeeper shutdown! !line con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty
11、 0 4 login!end pe1#六、PE2路由器配置pe2#show runBuilding configuration. Current configuration : 1725 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname pe2!boot-start-markerboot-end-marker!no aaa new-modelip subnet-zero!ip vrf vpna rd 1:1
12、00 route-target export 200:1 route-target import 200:1! ip cefip audit po max-events 100!interface Loopback0! interface FastEthernet0/0 description to_r1 ip ospf cost 20 duplex full tag-switching ip!interface FastEthernet1/0 ip vrf forwarding vpna duplex full tag-switching ip!interface FastEthernet2
13、/0 ip ospf cost 100 duplex full tag-switching ip!interface FastEthernet3/0 no ip address shutdown duplex half!router ospf 100 log-adjacency-changes redistribute connected metric 1 subnets redistribute static metric-type 1 subnets network 10.1.1.0 0.0.0.255 area 0!router bgp 100 no bgp default ipv4-u
14、nicast bgp log-neighbor-changes neighbor 202.98.4.1 remote-as 100 neighbor 202.98.4.1 update-source Loopback0 neighbor 202.98.4.1 version 4 ! address-family vpnv4 neighbor 202.98.4.1 activate neighbor 202.98.4.1 send-community extended exit-address-family ! address-family ipv4 vrf vpna redistribute
15、connected redistribute static no auto-summary no synchronization exit-address-family!ip classlessno ip serverno ip secure-server!gatekeeper shutdown!line con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!End七、CE1路由器配置ce1#show runBuilding configuration. Curr
16、ent configuration : 892 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname ce1!boot-start-markerboot-end-marker!no aaa new-modelip subnet-zero!ip cefip audit po max-events 100!interface Loopback0!interface FastEthernet0/0 descripti
17、on to_r3 duplex full! interface FastEthernet1/0 no ip address shutdown duplex half!interface FastEthernet2/0 no ip address shutdown duplex half!interface FastEthernet3/0 no ip address shutdown duplex half!ip classlessno ip serverno ip secure-server!gatekeeper shutdown!line con 0 exec-timeout 0 0 log
18、ging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!end八、CE2路由器配置Ce2#show runBuilding configuration. *Sep 3 13:53:56.167: %SYS-5-CONFIG_I: Configured from console by consoleCurrent configuration : 888 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno s
19、ervice password-encryption!hostname ce2!boot-start-markerboot-end-marker!no aaa new-modelip subnet-zero!ip cefip audit po max-events 100!interface Loopback0!interface FastEthernet0/0 no ip address shutdown duplex half! interface FastEthernet1/0 description to_r2 duplex full!interface FastEthernet2/0
20、 no ip address shutdown duplex half!interface FastEthernet3/0 no ip address shutdown duplex half!ip classlessno ip serverno ip secure-server!gatekeeper shutdown!line con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!end 九、业务测试Type escape sequence to abort.S
21、ending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 96/190/324 msce1# Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 336/468/588 msce2#