CISCO 路由器MPLS VPN配置实例(9页).doc

《CISCO 路由器MPLS VPN配置实例(9页).doc》由会员分享，可在线阅读，更多相关《CISCO 路由器MPLS VPN配置实例(9页).doc（9页珍藏版）》请在得力文库 - 分享文档赚钱的网站上搜索。

1、-CISCO 路由器MPLS VPN配置实例-第 9 页CISCO 路由器MPLS VPN配置实例 (2009-07-23 23:20:33) 标签： it 分类： IT 目 录一、网络环境. 3二、网络描述. 3三、网络拓扑图. 4四、P路由器配置. 4五、PE1路由器配置. 6六、PE2路由器配置. 9七、CE1路由器配置. 11八、CE2路由器配置. 13九、业务测试. 14一、网络环境由5台CISCO7204组成的网络,一台为P路由器,两台PE路由器,两台CE路由器;二、网络描述在P和两台PE路由器这间通过OSPF动态路由协议完成MPLS网络的建立，两台PE路由器这间启用BGP路由协议

2、，在PE路由器上向所属的CE路由器指VPN路由，在CE路由器中向PE路由器配置静态路由。配置思路：1、在P和两台PE路由器这间通过OSPF动态路由协议，在P和PE路由器两两互连的端口上启用MPLS，两台PE之间的路为备份路由，这属公网路由。2、两台PE路由器这间启用BGP路由协议，这使得属于VPN的IP地址能在两个网络（两台CE所属的网络）互相发布，这属私网（VPN）路由。3、在PE路由器上向所属的CE路由器指VPN路由，这打通了两个网络（两台CE所属的网络）之间的路由。三、网络拓扑图四、P路由器配置p#SHOW RUNBuilding configuration.Current config

3、uration : 1172 bytesservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryptionhostname pboot-start-markerboot-end-markerno aaa new-modelip subnet-zeroip cefip audit po max-events 100interface Loopback0interface FastEthernet0/0 description to_r2 ip ospf c

4、ost 20 duplex full tag-switching mtu 1508 tag-switching ipinterface FastEthernet1/0 description to_r3 ip ospf cost 20 duplex full tag-switching mtu 1508 tag-switching ipinterface FastEthernet2/0 no ip address shutdown duplex halfinterface FastEthernet3/0 no ip address shutdown duplex halfrouter ospf

5、 100 log-adjacency-changes redistribute connected subnets redistribute static subnets network 10.1.1.6 0.0.0.0 area 0 network 10.1.1.10 0.0.0.0 area 0ip classlessno ip http serverno ip http secure-servergatekeeper shutdownline con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits

6、1line vty 0 4 loginendp#五、PE1路由器配置pe1#show runBuilding configuration.Current configuration : 1813 bytesservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryptionhostname pe1boot-start-markerboot-end-markerno aaa new-modelip subnet-zeroip vrf vpna rd 1:10

7、0 route-target export 200:1 route-target import 200:1ip cefip audit po max-events 100interface Loopback0interface FastEthernet0/0 description to_r5 ip vrf forwarding vpna duplex full tag-switching ipinterface FastEthernet1/0 description to_r1 ip ospf cost 20 duplex full tag-switching mtu 1508 tag-sw

8、itching ipinterface FastEthernet2/0 ip ospf cost 100 duplex full tag-switching mtu 1508 tag-switching ipinterface FastEthernet3/0 no ip address shutdown duplex halfrouter ospf 100 log-adjacency-changes redistribute connected metric-type 1 subnets network 10.1.1.0 0.0.0.255 area 0 network 202.98.4.0

9、0.0.0.255 area 0router bgp 100 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 202.98.4.2 remote-as 100 neighbor 202.98.4.2 update-source Loopback0 neighbor 202.98.4.2 version 4 address-family vpnv4 neighbor 202.98.4.2 activate neighbor 202.98.4.2 send-community extended exit-address-f

10、amily address-family ipv4 vrf vpna redistribute connected redistribute static no auto-summary no synchronization exit-address-familyip classlessno ip http serverno ip http secure-serverip ospf name-lookupgatekeeper shutdownline con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits

11、 1line vty 0 4 loginendpe1#六、PE2路由器配置pe2#show runBuilding configuration.Current configuration : 1725 bytesservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryptionhostname pe2boot-start-markerboot-end-markerno aaa new-modelip subnet-zeroip vrf vpna rd 1

12、:100 route-target export 200:1 route-target import 200:1ip cefip audit po max-events 100interface Loopback0interface FastEthernet0/0 description to_r1 ip ospf cost 20 duplex full tag-switching ipinterface FastEthernet1/0 ip vrf forwarding vpna duplex full tag-switching ipinterface FastEthernet2/0 ip

13、 ospf cost 100 duplex full tag-switching ipinterface FastEthernet3/0 no ip address shutdown duplex halfrouter ospf 100 log-adjacency-changes redistribute connected metric 1 subnets redistribute static metric-type 1 subnets network 10.1.1.0 0.0.0.255 area 0router bgp 100 no bgp default ipv4-unicast b

14、gp log-neighbor-changes neighbor 202.98.4.1 remote-as 100 neighbor 202.98.4.1 update-source Loopback0 neighbor 202.98.4.1 version 4 address-family vpnv4 neighbor 202.98.4.1 activate neighbor 202.98.4.1 send-community extended exit-address-family address-family ipv4 vrf vpna redistribute connected re

15、distribute static no auto-summary no synchronization exit-address-familyip classlessno ip http serverno ip http secure-servergatekeeper shutdownline con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 loginEnd七、CE1路由器配置ce1#show runBuilding configuration.Current con

16、figuration : 892 bytesservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryptionhostname ce1boot-start-markerboot-end-markerno aaa new-modelip subnet-zeroip cefip audit po max-events 100interface Loopback0interface FastEthernet0/0 description to_r3 duple

17、x fullinterface FastEthernet1/0 no ip address shutdown duplex halfinterface FastEthernet2/0 no ip address shutdown duplex halfinterface FastEthernet3/0 no ip address shutdown duplex halfip classlessno ip http serverno ip http secure-servergatekeeper shutdownline con 0 exec-timeout 0 0 logging synchr

18、onous stopbits 1line aux 0 stopbits 1line vty 0 4 loginend八、CE2路由器配置Ce2#show runBuilding configuration.*Sep 3 13:53:56.167: %SYS-5-CONFIG_I: Configured from console by consoleCurrent configuration : 888 bytesservice timestamps debug datetime msecservice timestamps log datetime msecno service passwor

19、d-encryptionhostname ce2boot-start-markerboot-end-markerno aaa new-modelip subnet-zeroip cefip audit po max-events 100interface Loopback0interface FastEthernet0/0 no ip address shutdown duplex halfinterface FastEthernet1/0 description to_r2 duplex fullinterface FastEthernet2/0 no ip address shutdown

20、 duplex halfinterface FastEthernet3/0 no ip address shutdown duplex halfip classlessno ip http serverno ip http secure-servergatekeeper shutdownline con 0 exec-timeout 0 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 loginend九、业务测试Type escape sequence to abort.Sending 5, 100-byte

21、ICMP Echos to 172.16.1.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 96/190/324 msce1#Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:Success rate is 100 percent (5/5), round-trip min/avg/max = 336/468/588 msce2#