网络拓扑

XRV1的配置:

===========================================================================

#
sysname XRV1
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 3010
rule 5 permit ip source 10.133.0.0 0.0.255.255 destination 10.125.0.0 0.0.255.255
rule 10 permit ip source 10.79.0.0 0.0.255.255 destination 10.38.0.0 0.0.255.255
acl number 3020
rule 5 permit ip source 10.158.0.0 0.0.255.255 destination 10.114.0.0 0.0.255.255
rule 10 permit ip source 10.79.0.0 0.0.255.255 destination 10.45.0.0 0.0.255.255
#
ipsec proposal tran1
ipsec proposal tran2
#
ike peer spub v1
pre-shared-key simple huawei
remote-address 10.201.1.2
ike peer spuc v1
pre-shared-key simple huawei
remote-address 10.201.1.10
#
ipsec policy map1 10 isakmp
security acl 3010
ike-peer spub
proposal tran1
ipsec policy map2 10 isakmp
security acl 3020
ike-peer spuc
proposal tran2
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.1000.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.1.1 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/1
ip address 10.201.1.1 255.255.255.252
ipsec policy map1
#
interface GigabitEthernet0/0/2
ip address 10.201.1.9 255.255.255.252
ipsec policy map2
#
interface GigabitEthernet1/0/0
ip address 10.10.1.5 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.1 255.255.255.255
isis enable 100
#
bfd 10 bind peer-ip 10.201.1.2 source-ip 10.201.1.1
#
bfd 20 bind peer-ip 10.201.1.10 source-ip 10.201.1.9
#
bgp 65000
router-id 10.255.255.1
graceful-restart
group external external
peer external bfd min-tx-interval 250 min-rx-interval 250
peer external bfd enable
peer external password simple cisco
peer 10.201.1.2 as-number 65001
peer 10.201.1.2 group external
peer 10.201.1.10 as-number 65002
peer 10.201.1.10 group external
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.2 as-number 65000
peer 10.255.255.2 group internal
peer 10.255.255.7 as-number 65000
peer 10.255.255.7 group internal
#
ipv4-family unicast
undo synchronization
peer external enable
peer external route-policy external-import import
peer external route-policy internal-export export
peer external advertise-community
peer 10.201.1.2 enable
peer 10.201.1.2 group external
peer 10.201.1.10 enable
peer 10.201.1.10 group external
peer internal enable
peer internal next-hop-local
peer internal advertise-community
peer 10.255.255.2 enable
peer 10.255.255.2 group internal
peer 10.255.255.7 enable
peer 10.255.255.7 group internal
#
route-policy internal-export permit node 10
if-match ip-prefix internal-bangong-export
apply as-path 65000 65000 65000 65000 additive
#
route-policy internal-export permit node 20
if-match ip-prefix internal-oa-export
#
route-policy external-import permit node 10
if-match ip-prefix as65001-bangong-import
apply cost + 12000
#
route-policy external-import permit node 20
if-match ip-prefix external-as65001-oa-import
apply local-preference 2000
#
ip ip-prefix internal-bangong-export index 10 permit 10.133.1.0 24
ip ip-prefix internal-bangong-export index 20 permit 10.133.2.0 24
ip ip-prefix internal-bangong-export index 30 permit 10.133.3.0 24
ip ip-prefix internal-bangong-export index 40 permit 10.133.4.0 24
ip ip-prefix internal-oa-export index 10 permit 10.79.1.0 24
ip ip-prefix internal-oa-export index 20 permit 10.79.2.0 24
ip ip-prefix internal-oa-export index 30 permit 10.79.3.0 24
ip ip-prefix internal-oa-export index 40 permit 10.79.4.0 24
ip ip-prefix external-as65001-oa-import index 10 permit 10.38.1.0 24
ip ip-prefix external-as65001-oa-import index 20 permit 10.38.2.0 24
ip ip-prefix external-as65001-oa-import index 30 permit 10.38.3.0 24
ip ip-prefix external-as65001-oa-import index 40 permit 10.38.4.0 24
ip ip-prefix external-as65001-bangong-import index 10 permit 10.125.1.0 24
ip ip-prefix external-as65001-bangong-import index 20 permit 10.125.2.0 24
ip ip-prefix external-as65001-bangong-import index 30 permit 10.125.3.0 24
ip ip-prefix external-as65001-bangong-import index 40 permit 10.125.4.0 24
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

XRV2的配置:

===========================================================================

#
sysname XRV2
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 3010
rule 5 permit ip source 10.158.0.0 0.0.255.255 destination 10.54.0.0 0.0.255.255
rule 10 permit ip source 10.38.0.0 0.0.255.255 destination 10.79.0.0 0.0.255.255
acl number 3020
rule 5 permit ip source 10.158.0.0 0.0.255.255 destination 10.114.0.0 0.0.255.255
rule 10 permit ip source 10.79.0.0 0.0.255.255 destination 10.45.0.0 0.0.255.255
#
ipsec proposal tran1
ipsec proposal tran2
#
ike peer spub v1
pre-shared-key simple huawei
remote-address 10.201.1.6
ike peer spuc v1
pre-shared-key simple huawei
remote-address 10.201.1.14
#
ipsec policy map1 10 isakmp
security acl 3010
ike-peer spub
proposal tran1
ipsec policy map2 10 isakmp
security acl 3020
ike-peer spuc
proposal tran2
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.2000.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.1.2 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/1
ip address 10.201.1.5 255.255.255.252
ipsec policy map1
#
interface GigabitEthernet0/0/2
ip address 10.201.1.13 255.255.255.252
ipsec policy map2
#
interface GigabitEthernet1/0/0
ip address 10.10.1.9 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.2 255.255.255.255
isis enable 100
#
bfd 20 bind peer-ip 10.201.1.14 source-ip 10.201.1.13
#
bgp 65000
router-id 10.255.255.2
graceful-restart
group external external
peer external bfd min-tx-interval 250 min-rx-interval 250
peer external bfd enable
peer external password simple cisco
peer 10.201.1.6 as-number 65001
peer 10.201.1.6 group external
peer 10.201.1.14 as-number 65002
peer 10.201.1.14 group external
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.1 as-number 65000
peer 10.255.255.1 group internal
peer 10.255.255.7 as-number 65000
peer 10.255.255.7 group internal
#
ipv4-family unicast
undo synchronization
peer external enable
peer external route-policy external-import import
peer external route-policy internal-export export
peer 10.201.1.6 enable
peer 10.201.1.6 group external
peer 10.201.1.14 enable
peer 10.201.1.14 group external
peer internal enable
peer internal next-hop-local
peer internal advertise-community
peer 10.255.255.1 enable
peer 10.255.255.1 group internal
peer 10.255.255.7 enable
peer 10.255.255.7 group internal
#
route-policy internal-export permit node 10
if-match ip-prefix internal-shengchan-export
apply as-path 65000 65000 65000 65000 additive
#
route-policy internal-export permit node 20
if-match ip-prefix internal-oa-export
#
route-policy external-import permit node 10
if-match ip-prefix external-as65001-shengchan
apply cost + 12000
#
route-policy external-import permit node 20
if-match ip-prefix external-as65001-oa-import
apply local-preference 2000
#
ip ip-prefix internal-shengchan-export index 10 permit 10.133.1.0 24
ip ip-prefix internal-shengchan-export index 20 permit 10.133.2.0 24
ip ip-prefix internal-shengchan-export index 30 permit 10.133.3.0 24
ip ip-prefix internal-shengchan-export index 40 permit 10.133.4.0 24
ip ip-prefix internal-oa-export index 10 permit 10.79.1.0 24
ip ip-prefix internal-oa-export index 20 permit 10.79.2.0 24
ip ip-prefix internal-oa-export index 30 permit 10.79.3.0 24
ip ip-prefix internal-oa-export index 40 permit 10.79.4.0 24
ip ip-prefix external-as65001-shengchan-import index 10 permit 10.54.1.0 24
ip ip-prefix external-as65001-shengchan-import index 20 permit 10.54.2.0 24
ip ip-prefix external-as65001-shengchan-import index 30 permit 10.54.3.0 24
ip ip-prefix external-as65001-shengchan-import index 40 permit 10.54.4.0 24
ip ip-prefix external-as65001-oa-import index 10 permit 10.38.1.0 24
ip ip-prefix external-as65001-oa-import index 20 permit 10.38.2.0 24
ip ip-prefix external-as65001-oa-import index 30 permit 10.38.3.0 24
ip ip-prefix external-as65001-oa-import index 40 permit 10.38.4.0 24
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

XRV3的配置:

===========================================================================

#
sysname XRV3
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 3010
rule 5 permit ip source 10.125.0.0 0.0.255.255 destination 10.133.0.0 0.0.255.255
rule 10 permit ip source 10.38.0.0 0.0.255.255 destination 10.79.0.0 0.0.255.255
#
ipsec proposal tran1
#
ike peer spub v1
pre-shared-key simple huawei
remote-address 10.201.1.1
#
ipsec policy map1 10 isakmp
security acl 3010
ike-peer spub
proposal tran1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.3000.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.2.1 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/1
ip address 10.201.1.2 255.255.255.252
ipsec policy map1
#
interface GigabitEthernet0/0/2
ip address 10.10.2.5 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.3 255.255.255.255
isis enable 100
#
bfd 10 bind peer-ip 10.201.1.1 source-ip 10.201.1.2
#
bgp 65001
router-id 10.255.255.3
graceful-restart
group external external
peer external bfd min-tx-interval 250 min-rx-interval 250
peer external bfd enable
peer external password simple cisco
peer 10.201.1.1 as-number 65000
peer 10.201.1.1 group external
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.4 as-number 65001
peer 10.255.255.4 group internal
peer 10.255.255.8 as-number 65001
peer 10.255.255.8 group internal
#
ipv4-family unicast
undo synchronization
peer external enable
peer external route-policy external-import import
peer external route-policy internal-export export
peer external advertise-community
peer 10.201.1.1 enable
peer 10.201.1.1 group external
peer internal enable
peer internal next-hop-local
peer internal advertise-community
peer 10.255.255.4 enable
peer 10.255.255.4 group internal
peer 10.255.255.8 enable
peer 10.255.255.8 group internal
#
route-policy internal-export permit node 10
if-match ip-prefix internal-bangong-export
apply as-path 65001 65001 65001 65001 additive
#
route-policy internal-export permit node 20
if-match ip-prefix internal-oa-export
#
route-policy external-import permit node 10
if-match ip-prefix external-as65000-bangong
apply cost + 12000
#
route-policy external-import permit node 20
if-match ip-prefix external-as65000-oa
apply local-preference 2000
#
ip ip-prefix internal-bangong-export index 10 permit 10.125.1.0 24
ip ip-prefix internal-bangong-export index 20 permit 10.125.2.0 24
ip ip-prefix internal-bangong-export index 30 permit 10.125.3.0 24
ip ip-prefix internal-bangong-export index 40 permit 10.125.4.0 24
ip ip-prefix internal-oa-export index 10 permit 10.38.1.0 24
ip ip-prefix internal-oa-export index 20 permit 10.38.2.0 24
ip ip-prefix internal-oa-export index 30 permit 10.38.3.0 24
ip ip-prefix internal-oa-export index 40 permit 10.38.4.0 24
ip ip-prefix external-as65000-bangong index 10 permit 10.158.1.0 24
ip ip-prefix external-as65000-bangong index 20 permit 10.158.2.0 24
ip ip-prefix external-as65000-bangong index 30 permit 10.158.3.0 24
ip ip-prefix external-as65000-bangong index 40 permit 10.158.4.0 24
ip ip-prefix external-as65000-oa index 10 permit 10.79.1.0 24
ip ip-prefix external-as65000-oa index 20 permit 10.79.2.0 24
ip ip-prefix external-as65000-oa index 30 permit 10.79.3.0 24
ip ip-prefix external-as65000-oa index 40 permit 10.79.4.0 24
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

XRV4的配置:

===========================================================================

#
sysname XRV4
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 3010
rule 5 permit ip source 10.54.0.0 0.0.255.255 destination 10.158.0.0 0.0.255.255
rule 10 permit ip source 10.38.0.0 0.0.255.255 destination 10.79.0.0 0.0.255.255
#
ipsec proposal tran1
#
ike peer spub v1
pre-shared-key simple huawei
remote-address 10.201.1.5
#
ipsec policy map1 10 isakmp
security acl 3010
ike-peer spub
proposal tran1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.4000.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.2.2 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/1
ip address 10.201.1.6 255.255.255.252
ipsec policy map1
#
interface GigabitEthernet0/0/2
ip address 10.10.2.9 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.4 255.255.255.255
isis enable 100
#
bfd 10 bind peer-ip 10.201.1.5 source-ip 10.201.1.6
#
bgp 65001
router-id 10.255.255.4
graceful-restart
group external external
peer external bfd min-tx-interval 250 min-rx-interval 250
peer external bfd enable
peer external password simple cisco
peer 10.201.1.5 as-number 65000
peer 10.201.1.5 group external
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.3 as-number 65001
peer 10.255.255.3 group internal
peer 10.255.255.8 as-number 65001
peer 10.255.255.8 group internal
#
ipv4-family unicast
undo synchronization
peer external enable
peer external route-policy external-import import
peer external route-policy internal-export export
peer external advertise-community
peer 10.201.1.5 enable
peer 10.201.1.5 group external
peer internal enable
peer internal next-hop-local
peer internal advertise-community
peer 10.255.255.3 enable
peer 10.255.255.3 group internal
peer 10.255.255.8 enable
peer 10.255.255.8 group internal
#
route-policy internal-export permit node 10
if-match ip-prefix internal-shengchan-export
apply as-path 65001 65001 65001 65001 additive
#
route-policy internal-export permit node 20
if-match ip-prefix internal-oa-export
#
route-policy external-import permit node 10
if-match ip-prefix external-as65000-shengchan
apply cost + 12000
#
route-policy external-import permit node 20
if-match ip-prefix external-as65000-oa
apply local-preference 2000
#
ip ip-prefix internal-shengchan-export index 10 permit 10.54.1.0 24
ip ip-prefix internal-shengchan-export index 20 permit 10.54.2.0 24
ip ip-prefix internal-shengchan-export index 30 permit 10.54.3.0 24
ip ip-prefix internal-shengchan-export index 40 permit 10.54.4.0 24
ip ip-prefix internal-oa-export index 10 permit 10.38.1.0 24
ip ip-prefix internal-oa-export index 20 permit 10.38.2.0 24
ip ip-prefix internal-oa-export index 30 permit 10.38.3.0 24
ip ip-prefix internal-oa-export index 40 permit 10.38.4.0 24
ip ip-prefix external-as65000-shengchan index 10 permit 10.133.1.0 24
ip ip-prefix external-as65000-shengchan index 20 permit 10.133.2.0 24
ip ip-prefix external-as65000-shengchan index 30 permit 10.133.3.0 24
ip ip-prefix external-as65000-shengchan index 40 permit 10.133.4.0 24
ip ip-prefix external-as65000-oa index 10 permit 10.79.1.0 24
ip ip-prefix external-as65000-oa index 20 permit 10.79.2.0 24
ip ip-prefix external-as65000-oa index 30 permit 10.79.3.0 24
ip ip-prefix external-as65000-oa index 40 permit 10.79.4.0 24
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

XRV5的配置:

===========================================================================

#
sysname XRV5
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 3010
rule 5 permit ip source 10.200.0.0 0.0.255.255 destination 10.133.0.0 0.0.255.255
rule 10 permit ip source 10.45.0.0 0.0.255.255 destination 10.79.0.0 0.0.255.255
#
ipsec proposal tran1
#
ike peer spub v1
pre-shared-key simple huawei
remote-address 10.201.1.9
#
ipsec policy map1 10 isakmp
security acl 3010
ike-peer spub
proposal tran1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.5000.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.3.1 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/1
ip address 10.10.3.5 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/2
ip address 10.201.1.10 255.255.255.252
ipsec policy map1
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.5 255.255.255.255
isis enable 100
#
bfd 10 bind peer-ip 10.201.1.9 source-ip 10.201.1.10
#
bgp 65002
router-id 10.255.255.5
graceful-restart
group external external
peer external bfd min-tx-interval 250 min-rx-interval 250
peer external bfd enable
peer external password simple cisco
peer 10.201.1.9 as-number 65000
peer 10.201.1.9 group external
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.6 as-number 65002
peer 10.255.255.6 group internal
peer 10.255.255.9 as-number 65002
peer 10.255.255.9 group internal
#
ipv4-family unicast
undo synchronization
peer external enable
peer external route-policy external-import import
peer external route-policy internal-export export
peer external advertise-community
peer 10.201.1.9 enable
peer 10.201.1.9 group external
peer internal enable
peer internal next-hop-local
peer internal advertise-community
peer 10.255.255.6 enable
peer 10.255.255.6 group internal
peer 10.255.255.9 enable
peer 10.255.255.9 group internal
#
route-policy internal-export permit node 10
if-match ip-prefix internal-bangong-export
apply as-path 65002 65002 65002 65002 additive
#
route-policy internal-export permit node 20
if-match ip-prefix internal-oa-export
#
route-policy external-import permit node 10
if-match ip-prefix external-as65000-bangong
apply cost + 12000
#
route-policy external-import permit node 20
if-match ip-prefix external-as65000-oa
apply local-preference 2000
#
ip ip-prefix internal-bangong-export index 10 permit 10.200.1.0 24
ip ip-prefix internal-bangong-export index 20 permit 10.200.2.0 24
ip ip-prefix internal-bangong-export index 30 permit 10.200.3.0 24
ip ip-prefix internal-bangong-export index 40 permit 10.200.4.0 24
ip ip-prefix internal-oa-export index 10 permit 10.45.1.0 24
ip ip-prefix internal-oa-export index 20 permit 10.45.2.0 24
ip ip-prefix internal-oa-export index 30 permit 10.45.3.0 24
ip ip-prefix internal-oa-export index 40 permit 10.45.4.0 24
ip ip-prefix external-as65000-bangong index 10 permit 10.158.1.0 24
ip ip-prefix external-as65000-bangong index 20 permit 10.158.2.0 24
ip ip-prefix external-as65000-bangong index 30 permit 10.158.3.0 24
ip ip-prefix external-as65000-bangong index 40 permit 10.158.4.0 24
ip ip-prefix external-as65000-oa index 10 permit 10.79.1.0 24
ip ip-prefix external-as65000-oa index 20 permit 10.79.2.0 24
ip ip-prefix external-as65000-oa index 30 permit 10.79.3.0 24
ip ip-prefix external-as65000-oa index 40 permit 10.79.4.0 24
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

XRV6的配置:

===========================================================================

#
sysname XRV6
#
board add 0/1 1GEC
board add 0/2 1GEC
board add 0/3 1GEC
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
bfd
#
acl number 3010
rule 5 permit ip source 10.114.0.0 0.0.255.255 destination 10.158.0.0 0.0.255.255
rule 10 permit ip source 10.45.0.0 0.0.255.255 destination 10.79.0.0 0.0.255.255
#
ipsec proposal tran1
#
ike peer spub v1
pre-shared-key simple huawei
remote-address 10.201.1.13
#
ipsec policy map1 10 isakmp
security acl 3010
ike-peer spub
proposal tran1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.6000.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.3.2 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/1
ip address 10.10.3.9 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface GigabitEthernet0/0/2
ip address 10.201.1.14 255.255.255.252
ipsec policy map1
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet2/0/0
#
interface GigabitEthernet3/0/0
#
interface GigabitEthernet4/0/0
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.6 255.255.255.255
isis enable 100
#
bfd 10 bind peer-ip 10.201.1.13 source-ip 10.201.1.14
#
bgp 65002
router-id 10.255.255.6
graceful-restart
group external external
peer external bfd min-tx-interval 250 min-rx-interval 250
peer external bfd enable
peer external password simple cisco
peer 10.201.1.13 as-number 65000
peer 10.201.1.13 group external
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.5 as-number 65002
peer 10.255.255.5 group internal
peer 10.255.255.9 as-number 65002
peer 10.255.255.9 group internal
#
ipv4-family unicast
undo synchronization
peer external enable
peer external route-policy external-import import
peer external route-policy internal-export export
peer external advertise-community
peer 10.201.1.13 enable
peer 10.201.1.13 group external
peer internal enable
peer internal next-hop-local
peer internal advertise-community
peer 10.255.255.5 enable
peer 10.255.255.5 group internal
peer 10.255.255.9 enable
peer 10.255.255.9 group internal
#
route-policy internal-exprot permit node 10
if-match ip-prefix internal-shengchan-exprot
apply as-path 65002 65002 65002 65002 additive
#
route-policy internal-exprot permit node 20
if-match ip-prefix internal-oa-export
#
route-policy external-import permit node 10
if-match ip-prefix external-as65000-shengchan
apply cost + 12000
#
route-policy external-import permit node 20
if-match ip-prefix external-as65000-oa
apply local-preference 2000
#
ip ip-prefix internal-shengchan-export index 10 permit 10.114.1.0 24
ip ip-prefix internal-shengchan-export index 20 permit 10.114.2.0 24
ip ip-prefix internal-shengchan-export index 30 permit 10.114.3.0 24
ip ip-prefix internal-shengchan-export index 40 permit 10.114.4.0 24
ip ip-prefix internal-oa-export index 10 permit 10.45.1.0 24
ip ip-prefix internal-oa-export index 20 permit 10.45.2.0 24
ip ip-prefix internal-oa-export index 30 permit 10.45.3.0 24
ip ip-prefix internal-oa-export index 40 permit 10.45.4.0 24
ip ip-prefix external-as65000-shengchan index 10 permit 10.133.1.0 24
ip ip-prefix external-as65000-shengchan index 20 permit 10.133.2.0 24
ip ip-prefix external-as65000-shengchan index 30 permit 10.133.3.0 24
ip ip-prefix external-as65000-shengchan index 40 permit 10.133.4.0 24
ip ip-prefix external-as65000-oa index 10 permit 10.79.1.0 24
ip ip-prefix external-as65000-oa index 20 permit 10.79.2.0 24
ip ip-prefix external-as65000-oa index 30 permit 10.79.3.0 24
ip ip-prefix external-as65000-oa index 40 permit 10.79.4.0 24
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

SW1的配置:

===========================================================================

#
sysname SW1
#
vlan batch 2 to 12 100 200
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.7000.00
#
interface Vlanif1
ip address 10.158.1.254 255.255.255.0
#
interface Vlanif2
ip address 10.158.2.254 255.255.255.0
#
interface Vlanif3
ip address 10.158.3.254 255.255.255.0
#
interface Vlanif4
ip address 10.158.4.254 255.255.255.0
#
interface Vlanif5
ip address 10.133.1.254 255.255.255.0
#
interface Vlanif6
ip address 10.133.2.254 255.255.255.0
#
interface Vlanif7
ip address 10.133.3.254 255.255.255.0
#
interface Vlanif8
ip address 10.133.4.254 255.255.255.0
#
interface Vlanif9
ip address 10.79.1.254 255.255.255.0
#
interface Vlanif10
ip address 10.79.2.254 255.255.255.0
#
interface Vlanif11
ip address 10.79.3.254 255.255.255.0
#
interface Vlanif12
ip address 10.79.4.254 255.255.255.0
#
interface Vlanif100
ip address 10.10.1.6 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface Vlanif200
ip address 10.10.1.10 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface MEth0/0/1
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 10
#
interface GigabitEthernet0/0/4
eth-trunk 10
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.7 255.255.255.255
isis enable 100
#
bgp 65000
router-id 10.255.255.7
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.1 as-number 65000
peer 10.255.255.1 group internal
peer 10.255.255.2 as-number 65000
peer 10.255.255.2 group internal
#
ipv4-family unicast
undo synchronization
network 10.79.1.0 255.255.255.0
network 10.79.2.0 255.255.255.0
network 10.79.3.0 255.255.255.0
network 10.79.4.0 255.255.255.0
network 10.133.1.0 255.255.255.0
network 10.133.2.0 255.255.255.0
network 10.133.3.0 255.255.255.0
network 10.133.4.0 255.255.255.0
network 10.158.1.0 255.255.255.0
network 10.158.2.0 255.255.255.0
network 10.158.3.0 255.255.255.0
network 10.158.4.0 255.255.255.0
maximum load-balancing ibgp 2
peer internal enable
peer internal route-policy external-import-oa import
peer internal route-policy interna-community export
peer internal advertise-community
peer 10.255.255.1 enable
peer 10.255.255.1 group internal
peer 10.255.255.2 enable
peer 10.255.255.2 group internal
#
route-policy interna-community permit node 10
if-match ip-prefix internal-bangong
apply community 65000:100
#
route-policy interna-community permit node 20
if-match ip-prefix internal-shengchan
apply community 65000:200
#
route-policy interna-community permit node 30
if-match ip-prefix internal-oa
apply community 65000:300
#
route-policy external-import-oa permit node 10
if-match community-filter import-oa
#
ip ip-prefix internal-bangong index 10 permit 10.158.1.0 24
ip ip-prefix internal-bangong index 20 permit 10.158.2.0 24
ip ip-prefix internal-bangong index 30 permit 10.158.3.0 24
ip ip-prefix internal-bangong index 40 permit 10.158.4.0 24
ip ip-prefix internal-shengchan index 10 permit 10.133.1.0 24
ip ip-prefix internal-shengchan index 20 permit 10.133.2.0 24
ip ip-prefix internal-shengchan index 30 permit 10.133.3.0 24
ip ip-prefix internal-shengchan index 40 permit 10.133.4.0 24
ip ip-prefix internal-oa index 10 permit 10.79.1.0 24
ip ip-prefix internal-oa index 20 permit 10.79.2.0 24
ip ip-prefix internal-oa index 30 permit 10.79.3.0 24
ip ip-prefix internal-oa index 40 permit 10.79.4.0 24
#
ip community-filter basic import-oa permit 65001:300
ip community-filter basic import-oa permit 65002:300
#
user-interface con 0
user-interface vty 0 4
#
return

SW2的配置:

===========================================================================

#
sysname SW2
#
vlan batch 2 to 12 100 200
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.8000.00
#
interface Vlanif1
ip address 10.125.1.254 255.255.255.0
#
interface Vlanif2
ip address 10.125.2.254 255.255.255.0
#
interface Vlanif3
ip address 10.125.3.254 255.255.255.0
#
interface Vlanif4
ip address 10.125.4.254 255.255.255.0
#
interface Vlanif5
ip address 10.54.1.254 255.255.255.0
#
interface Vlanif6
ip address 10.54.2.254 255.255.255.0
#
interface Vlanif7
ip address 10.54.3.254 255.255.255.0
#
interface Vlanif8
ip address 10.54.4.254 255.255.255.0
#
interface Vlanif9
ip address 10.38.1.254 255.255.255.0
#
interface Vlanif10
ip address 10.38.2.254 255.255.255.0
#
interface Vlanif11
ip address 10.38.3.254 255.255.255.0
#
interface Vlanif12
ip address 10.38.4.254 255.255.255.0
#
interface Vlanif100
ip address 10.10.2.6 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface Vlanif200
ip address 10.10.2.10 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.8 255.255.255.255
isis enable 100
#
bgp 65001
router-id 10.255.255.8
graceful-restart
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.3 as-number 65001
peer 10.255.255.3 group internal
peer 10.255.255.4 as-number 65001
peer 10.255.255.4 group internal
#
ipv4-family unicast
undo synchronization
network 10.38.1.0 255.255.255.0
network 10.38.2.0 255.255.255.0
network 10.38.3.0 255.255.255.0
network 10.38.4.0 255.255.255.0
network 10.54.1.0 255.255.255.0
network 10.54.2.0 255.255.255.0
network 10.54.3.0 255.255.255.0
network 10.54.4.0 255.255.255.0
network 10.125.1.0 255.255.255.0
network 10.125.2.0 255.255.255.0
network 10.125.3.0 255.255.255.0
network 10.125.4.0 255.255.255.0
maximum load-balancing ibgp 2
peer internal enable
peer internal route-policy external-import-oa import
peer internal route-policy interna-community export
peer internal advertise-community
peer 10.255.255.3 enable
peer 10.255.255.3 group internal
peer 10.255.255.4 enable
peer 10.255.255.4 group internal
#
route-policy interna-community permit node 10
if-match ip-prefix internal-bangong
apply community 65001:100
#
route-policy interna-community permit node 20
if-match ip-prefix internal-shengchan
apply community 65001:200
#
route-policy interna-community permit node 30
if-match ip-prefix internal-oa
apply community 65001:300
#
route-policy external-import-oa permit node 10
if-match community-filter import-oa
#
ip ip-prefix internal-bangong index 10 permit 10.125.1.0 24
ip ip-prefix internal-bangong index 20 permit 10.125.2.0 24
ip ip-prefix internal-bangong index 30 permit 10.125.3.0 24
ip ip-prefix internal-bangong index 40 permit 10.125.4.0 24
ip ip-prefix internal-shengchan index 10 permit 10.54.1.0 24
ip ip-prefix internal-shengchan index 20 permit 10.54.2.0 24
ip ip-prefix internal-shengchan index 30 permit 10.54.3.0 24
ip ip-prefix internal-shengchan index 40 permit 10.54.4.0 24
ip ip-prefix internal-oa index 10 permit 10.38.1.0 24
ip ip-prefix internal-oa index 20 permit 10.38.2.0 24
ip ip-prefix internal-oa index 30 permit 10.38.3.0 24
ip ip-prefix internal-oa index 40 permit 10.38.4.0 24
#
ip community-filter basic import-oa permit 65000:300
ip community-filter basic import-oa permit 65002:300
#
user-interface con 0
user-interface vty 0 4
#
return

SW3的配置:

===========================================================================

#
sysname SW3
#
vlan batch 2 to 12 100 200
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
isis 100
is-level level-2
network-entity 49.0000.1025.5255.3000.00
#
interface Vlanif1
ip address 10.200.1.254 255.255.255.0
#
interface Vlanif2
ip address 10.200.2.254 255.255.255.0
#
interface Vlanif3
ip address 10.200.3.254 255.255.255.0
#
interface Vlanif4
ip address 10.200.4.254 255.255.255.0
#
interface Vlanif5
ip address 10.114.1.254 255.255.255.0
#
interface Vlanif6
ip address 10.114.2.254 255.255.255.0
#
interface Vlanif7
ip address 10.114.3.254 255.255.255.0
#
interface Vlanif8
ip address 10.114.4.254 255.255.255.0
#
interface Vlanif9
ip address 10.45.1.254 255.255.255.0
#
interface Vlanif10
ip address 10.45.2.254 255.255.255.0
#
interface Vlanif11
ip address 10.45.3.254 255.255.255.0
#
interface Vlanif12
ip address 10.45.4.254 255.255.255.0
#
interface Vlanif100
ip address 10.10.3.6 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface Vlanif200
ip address 10.10.3.10 255.255.255.252
isis enable 100
isis circuit-level level-2
#
interface MEth0/0/1
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
eth-trunk 10
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
interface LoopBack0
ip address 10.255.255.9 255.255.255.255
isis enable 100
isis circuit-level level-2
#
bgp 65002
router-id 10.255.255.9
graceful-restart
group internal internal
peer internal connect-interface LoopBack0
peer internal password simple cisco
peer 10.255.255.5 as-number 65002
peer 10.255.255.5 group internal
peer 10.255.255.6 as-number 65002
peer 10.255.255.6 group internal
#
ipv4-family unicast
undo synchronization
network 10.45.1.0 255.255.255.0
network 10.45.2.0 255.255.255.0
network 10.45.3.0 255.255.255.0
network 10.45.4.0 255.255.255.0
network 10.114.1.0 255.255.255.0
network 10.114.2.0 255.255.255.0
network 10.114.3.0 255.255.255.0
network 10.114.4.0 255.255.255.0
network 10.200.1.0 255.255.255.0
network 10.200.2.0 255.255.255.0
network 10.200.3.0 255.255.255.0
network 10.200.4.0 255.255.255.0
maximum load-balancing ibgp 2
peer internal enable
peer internal route-policy external-import-oa import
peer internal route-policy interna-community export
peer internal advertise-community
peer 10.255.255.5 enable
peer 10.255.255.5 group internal
peer 10.255.255.6 enable
peer 10.255.255.6 group internal
#
route-policy interna-community permit node 10
if-match ip-prefix internal-bangong
apply community 65002:100
#
route-policy interna-community permit node 20
if-match ip-prefix internal-shengchan
apply community 65002:200
#
route-policy interna-community permit node 30
if-match ip-prefix internal-oa
apply community 65002:300
#
route-policy external-import-oa permit node 10
if-match community-filter import-oa
#
ip ip-prefix internal-bangong index 10 permit 10.200.1.0 24
ip ip-prefix internal-bangong index 20 permit 10.200.2.0 24
ip ip-prefix internal-bangong index 30 permit 10.200.3.0 24
ip ip-prefix internal-bangong index 40 permit 10.200.4.0 24
ip ip-prefix internal-shengchan index 10 permit 10.114.1.0 24
ip ip-prefix internal-shengchan index 20 permit 10.114.2.0 24
ip ip-prefix internal-shengchan index 30 permit 10.114.3.0 24
ip ip-prefix internal-shengchan index 40 permit 10.114.4.0 24
ip ip-prefix internal-oa index 10 permit 10.45.1.0 24
ip ip-prefix internal-oa index 20 permit 10.45.2.0 24
ip ip-prefix internal-oa index 30 permit 10.45.3.0 24
ip ip-prefix internal-oa index 40 permit 10.45.4.0 24
#
ip community-filter basic import-oa permit 65001:300
ip community-filter basic import-oa permit 65000:300
#
user-interface con 0
user-interface vty 0 4
#
return

在XRV3上使用show ike sa查看ike的第一阶段

===========================================================================

<XRV3>display ike sa
Conn-ID Peer VPN Flag(s) Phase
---------------------------------------------------------------
22 10.201.1.1 0 RD 2
21 10.201.1.1 0 RD|ST 2
15 10.201.1.1 0 RD|ST 1

Flag Description:
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT
HRT--HEARTBEAT LKG--LAST KNOWN GOOD SEQ NO. BCK--BACKED UP

在XRV3上使用show ipsec sa查看ike的第二阶段

===========================================================================

<XRV3>display ipsec sa

===============================
Interface: GigabitEthernet0/0/1
Path MTU: 1500
===============================

-----------------------------
IPSec policy name: "map1"
Sequence number : 10
Acl Group : 3010
Acl rule : 5
Mode : ISAKMP
-----------------------------
Connection ID : 21
Encapsulation mode: Tunnel
Tunnel local : 10.201.1.2
Tunnel remote : 10.201.1.1
Flow source : 10.125.0.0/255.255.0.0 0/0
Flow destination : 10.133.0.0/255.255.0.0 0/0
Qos pre-classify : Disable

[Outbound ESP SAs]
SPI: 121135015 (0x7385fa7)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-MD5
SA remaining key duration (bytes/sec): 1887436800/2938
Max sent sequence-number: 0
UDP encapsulation used for NAT traversal: N

[Inbound ESP SAs]
SPI: 3851064655 (0xe58a954f)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-MD5
SA remaining key duration (bytes/sec): 1887436800/2938
Max received sequence-number: 0
Anti-replay window size: 32
UDP encapsulation used for NAT traversal: N

-----------------------------
IPSec policy name: "map1"
Sequence number : 10
Acl Group : 3010
Acl rule : 10
Mode : ISAKMP
-----------------------------
Connection ID : 22
Encapsulation mode: Tunnel
Tunnel local : 10.201.1.2
Tunnel remote : 10.201.1.1
Flow source : 10.38.0.0/255.255.0.0 0/0
Flow destination : 10.79.0.0/255.255.0.0 0/0
Qos pre-classify : Disable

[Outbound ESP SAs]
SPI: 2545515130 (0x97b97a7a)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-MD5
SA remaining key duration (bytes/sec): 1887436800/2943
Max sent sequence-number: 0
UDP encapsulation used for NAT traversal: N

[Inbound ESP SAs]
SPI: 3831477031 (0xe45fb327)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-MD5
SA remaining key duration (bytes/sec): 1887436800/2943
Max received sequence-number: 0
Anti-replay window size: 32
UDP encapsulation used for NAT traversal: N

在SW3上使用display ip routing-table protocol bgp 查看路由

===========================================================================

<SW3>display ip routing-table protocol bgp
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : BGP
Destinations : 4 Routes : 4

BGP routing table status : <Active>
Destinations : 4 Routes : 4

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.79.1.0/24 IBGP 255 0 RD 10.255.255.5 Vlanif100
10.79.2.0/24 IBGP 255 0 RD 10.255.255.5 Vlanif100
10.79.3.0/24 IBGP 255 0 RD 10.255.255.5 Vlanif100
10.79.4.0/24 IBGP 255 0 RD 10.255.255.5 Vlanif100

BGP routing table status : <Inactive>
Destinations : 0 Routes : 0

在SW3上使用ping探测AS 65000的OA流  10.79.1.254/32

===========================================================================

<SW3>ping -a 10.45.1.254 10.79.1.254
PING 10.79.1.254: 56 data bytes, press CTRL_C to break
Reply from 10.79.1.254: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 10.79.1.254: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 10.79.1.254: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.79.1.254: bytes=56 Sequence=4 ttl=254 time=60 ms
Reply from 10.79.1.254: bytes=56 Sequence=5 ttl=254 time=60 ms

--- 10.79.1.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/46/60 ms

在SW3上使用tracert跟踪AS 65000的OA流  10.79.1.254/32

===========================================================================

<SW3>tracert -a 10.45.1.254 10.79.1.254
traceroute to 10.79.1.254(10.79.1.254), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.201.1.9 10 ms 50 ms 50 ms
2 10.10.1.6 60 ms 50 ms 30 ms

在XRV5上shutdown掉g0/0/2接口,等路由收敛后在SW3上查看路由

===========================================================================

<SW3>display bgp routing-table

BGP Local router ID is 10.255.255.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number of Routes: 16
Network NextHop MED LocPrf PrefVal Path/Ogn

*> 10.45.1.0/24 0.0.0.0 0 0 i
*> 10.45.2.0/24 0.0.0.0 0 0 i
*> 10.45.3.0/24 0.0.0.0 0 0 i
*> 10.45.4.0/24 0.0.0.0 0 0 i
*>i 10.79.1.0/24 10.255.255.6 2000 0 65000i
*>i 10.79.2.0/24 10.255.255.6 2000 0 65000i
*>i 10.79.3.0/24 10.255.255.6 2000 0 65000i
*>i 10.79.4.0/24 10.255.255.6 2000 0 65000i
*> 10.114.1.0/24 0.0.0.0 0 0 i
*> 10.114.2.0/24 0.0.0.0 0 0 i
*> 10.114.3.0/24 0.0.0.0 0 0 i
*> 10.114.4.0/24 0.0.0.0 0 0 i
*> 10.200.1.0/24 0.0.0.0 0 0 i
*> 10.200.2.0/24 0.0.0.0 0 0 i
*> 10.200.3.0/24 0.0.0.0 0 0 i
*> 10.200.4.0/24 0.0.0.0 0 0 i
<SW3>

在SW3上使用ping探测AS 65000的OA流  10.79.1.254/32

===========================================================================

<SW3>ping -a 10.45.1.254 10.79.1.254
PING 10.79.1.254: 56 data bytes, press CTRL_C to break
Reply from 10.79.1.254: bytes=56 Sequence=1 ttl=254 time=60 ms
Reply from 10.79.1.254: bytes=56 Sequence=2 ttl=254 time=60 ms
Reply from 10.79.1.254: bytes=56 Sequence=3 ttl=254 time=50 ms
Reply from 10.79.1.254: bytes=56 Sequence=4 ttl=254 time=60 ms
Reply from 10.79.1.254: bytes=56 Sequence=5 ttl=254 time=60 ms

--- 10.79.1.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/58/60 ms

<SW3>

在SW3上使用tracert跟踪AS 65000的OA流  10.79.1.254/32

===========================================================================

<SW3>tracert -a 10.45.1.254 10.79.1.254
traceroute to 10.79.1.254(10.79.1.254), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.201.1.13 50 ms 50 ms 40 ms
2 10.10.1.10 50 ms 30 ms 50 ms
<SW3>

huawei 通过BGP的团体属性进行路由控制的更多相关文章

  1. BGP团体属性的应用案例

    XRV1 ===================================================================== version 15.5service times ...

  2. HCNP Routing&Switching之BGP团体属性和团体属性过滤器

    前文我们了解了BGP的路由过滤已经as-path过滤器的使用相关话题,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/15542559.html:今天我们来聊一聊 ...

  3. BGP路由控制属性

    控制BGP路由概述: BGP与IGP不同,其着跟点主要在于不同的AS之间控制路由的传播和选择最佳路由 通过修改BGP基本属性可以实现基本的BGP路由控制和最佳路由的选择 引入其他路由协议发现的路由时. ...

  4. Local-Pref(本地优先属性)路由本地优先术

    Local-Pref(本地优先属性)路由本地优先术: ①:抓取感兴趣流量——前缀与访问——prefix and access ②:创建路由地图——router-map ③:第一法则——permit 1 ...

  5. AS-PATH(路径属性)路由路径欺骗术

    AS-PATH(路径属性)路由路径欺骗术: ①:抓取感兴趣流量——前缀与访问 ②:创建路由地图 ③:路由地图第一法则——permit 10 ④:在第一法则中,匹配(感兴趣流量) ⑤:设置 路径欺骗术— ...

  6. HCNP Routing&Switching之BGP防环机制和路由聚合

    前文我们了解了BGP路由宣告相关话题,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/15440860.html:今天我们来聊一聊BGP防环机制和路由聚合相关话题 ...

  7. HCNP Routing&Switching之BGP路由控制

    前文我们了解了BGP的路由属性和优选规则相关话题,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/15489497.html:今天我们来聊一聊BGP路由控制相关话 ...

  8. BGP:我们不生产路由,而是路由的搬运工

    1.BGP协议自身不能生产路由,它主要通过配置来将本地路由进行发布或者引入其他路由协议产生的路由. 有两种方法, 方法一.在BGP视图下,通过network命令将本地路由发布到BGP路由表中, 通过本 ...

  9. AngularJS路由系列(5)-- UI-Router的路由约束、Resolve属性、路由附加数据、路由进入退出事件

    本系列探寻AngularJS的路由机制,在WebStorm下开发.主要包括: ● UI-Router约束路由参数● UI-Router的Resolve属性● UI-Router给路由附加数据● UI- ...

随机推荐

  1. 算法 Tricks(五)—— 二进制逻辑运算

    int flag = 1; while ( (data & flag) == 0 ) flag <<= 1; 判断某数的二进制形式的某位(第 k 位)是否为 1,将其与 2k 相与 ...

  2. [SVG] Add an SVG as a Background Image

    Learn how to set an SVG as the background image of an element. Background images can be resized by c ...

  3. 【b504】等价表达式(NOIP2005第4题)

    Time Limit: 1 second Memory Limit: 50 MB [问题描述] 明明进了中学之后,学到了代数表达式.有一天,他碰到一个很麻烦的选择题.这个题目的题干中首先给出了一个代数 ...

  4. NOIP2015 运输计划 - 二分 + 树链剖分 / (倍增 + 差分)

    BZOJ CodeVS Uoj 题目大意: 给一个n个点的边带权树,给定m条链,你可以选择树中的任意一条边,将它置为0,使得最长的链长最短. 题目分析: 最小化最大值,二分. 二分最短长度mid,将图 ...

  5. React父子组件的一个混淆点

    反正我自己是混淆了,React父子组件和组件类的继承弄混在一起了.这两个东西完全是不相关的. 父子组件可以看成两个组件标签的包含关系,在另外一个组件标签的内部就是子组件,父子组件通过这种关系通信. 组 ...

  6. Codeforces 39J Spelling Check hash

    主题链接:点击打开链接 意甲冠军: 特定2弦 选择中删除一个字符串的第一个字母,得2个字符串全然同样 问哪些位置能够选 思路: hash求前缀后缀.然后枚举位置 #include <cstdio ...

  7. ios中 微信点击 某个元素 该元素会闪一下

    -webkit-user-select: none;-webkit-tap-highlight-color: rgba(200,200,200,0);

  8. IT 达人

    1. 手机与电脑多屏互动 [教程]华为多屏互动功能与PC win7的连接 要求手机和电脑必须在同一局域网内,且手机必须支持多屏互动功能. 操作步骤如下: PC 端: services.msc,启动下面 ...

  9. 1 DDD理论学习1 通用语言

    通用语言就是将事情描述清楚的语言 达到DDD的目标代码即设计,设计即代码.通俗的讲,也就是开发人员写的代码领域专家也能看懂. ddd模式跟传统模式的一个区别在于 传统先创建数据库表 再根据表创建类.而 ...

  10. crossplatform----文本编辑器工具Atom安装

    1.简介 Atom 是 Github 专门为程序员推出的一个跨平台文本编辑器.具有简洁和直观的图形用户界面,并有很多有趣的特点:支持CSS,HTML,JavaScript等网页编程语言.它支持宏,自动 ...