- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
06-H3C S12500 GRE隧道典型配置举例
本章节下载: 06-H3C S12500 GRE隧道典型配置举例 (192.5 KB)
H3C S12500 GRE隧道配置举例
|
Copyright © 2013 杭州华三通信技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
|
目 录
本文档介绍了GRE隧道配置举例。
GRE(Generic Routing Encapsulation,通用路由封装)协议用来对任意一种网络层协议(如IPv6)的数据报文进行封装,使这些被封装的数据报文能够在另一个网络(如IPv4)中传输。封装前后数据报文的网络层协议可以相同,也可以不同。封装后的数据报文在网络中传输的路径,称为GRE隧道。GRE隧道是一个虚拟的点到点的连接,其两端的设备分别对数据报文进行封装及解封装。
需要注意的是,设备只支持GRE over IPv4隧道,不支持GRE over IPv6隧道。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
如图1所示,Switch A、Switch B和Switch C之间运行IPv4协议。Switch A和Switch B分别连接IPv4私有网络中的主机PC1和PC2。
要求通过在Switch A和Switch B之间建立GRE隧道,实现两个私有网络中的主机PC1和PC2的安全通信。
图1 IPv4 over IPv4 GRE隧道配置组网图
· 为了使PC1发往PC2的报文经由GRE隧道进行转发,需要在边界交换机Switch A上建立Tunnel转发的路由表项:目的地址是未进行GRE封装的报文的目的地址(即PC2的IP地址),下一跳是GRE隧道对端Swtich B的Tunnel接口地址。该路由表项可以通过配置静态路由来建立;也可以在Tunnel接口上和与PC1相连的交换机VLAN接口上分别使能动态路由协议,由动态路由协议来建立。本例中选择配置静态路由(因为配置简单)。同理,Switch B上也需进行相应配置。
· 对于GRE隧道,必须确保隧道源端和目的端之间路由可达,因此需要在Switch A和Switch B上分别配置一条到对端的静态路由(下一跳是Switch C)。
本举例是在S12500-CMW520-R1825P01版本上进行配置和验证的。
隧道两端设备均应将隧道配置为GRE隧道模式,缺省为该模式。
# 创建VLAN101及其接口地址,并将端口GE3/0/3加入VLAN101。
[SwitchA] vlan 101
[SwitchA-vlan101] port GigabitEthernet 3/0/3
[SwitchA-vlan101] quit
[SwitchA] interface Vlan-interface 101
[SwitchA-Vlan-interface101] ip address 192.13.2.2 24
[SwitchA-Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] quit
[SwitchA] interface GigabitEthernet 3/0/3
[SwitchA-GigabitEthernet3/0/3] undo shutdown
[SwitchA-GigabitEthernet3/0/3] quit
# 创建隧道接口Tunnel0并配置其IP地址。
[SwitchA] interface Tunnel 0
[SwitchA-Tunnel0] ip address 101.1.2.1 24
# 配置隧道的源端地址和目的端地址,隧道模式缺省为GRE隧道。
[SwitchA-Tunnel0] source 192.13.2.2
[SwitchA-Tunnel0] destination 131.108.5.2
[SwitchA-Tunnel0] quit
# 配置VLAN100及其接口地址,并将端口GE3/0/1加入VLAN100。
[SwitchA] vlan 100
[SwitchA-vlan100] port GigabitEthernet 3/0/1
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 10.101.1.1 24
[SwitchA-Vlan-interface100] undo shutdown
[SwitchA-Vlan-interface100] quit
[SwitchA] interface GigabitEthernet 3/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
# 配置从SwitchA经过Tunnel0接口到PC2的静态路由。
[SwitchA] ip route-static 10.101.2.0 255.255.255.0 Tunnel0
# 配置从Switch A到隧道目的端的静态路由。
[SwitchA] ip route-static 131.108.5.2 255.255.255.255 192.13.2.1
# 创建VLAN200及其接口地址,并将端口GE3/0/3加入VLAN200。
[SwitchB] vlan 200
[SwitchB-vlan200] port GigabitEthernet 3/0/3
[SwitchB-vlan200] quit
[SwitchB] interface Vlan-interface 200
[SwitchB-Vlan-interface200] ip address 131.108.5.2 24
[SwitchB-Vlan-interface200] undo shutdown
[SwitchB-Vlan-interface200] quit
[SwitchB] interface GigabitEthernet 3/0/3
[SwitchB-GigabitEthernet3/0/3] undo shutdown
[SwitchB-GigabitEthernet3/0/3] quit# 创建隧道接口Tunnel0并配置其IP地址。
[SwitchB] interface Tunnel 0
[SwitchB-Tunnel0] ip address 101.1.2.2 24
# 配置隧道的源端地址和目的端地址,隧道模式缺省为GRE隧道。
[SwitchB-Tunnel0] source 131.108.5.2
[SwitchB-Tunnel0] destination 192.13.2.2
[SwitchB-Tunnel0] quit
# 配置VLAN201及其接口地址,并将端口GE3/0/1加入VLAN201。
[SwitchB] vlan 201
[SwitchB-vlan201] port GigabitEthernet 3/0/1
[SwitchB-vlan201] quit
[SwitchB] interface Vlan-interface 201
[SwitchB-Vlan-interface201] ip address 10.101.2.1 24
[SwitchB-Vlan-interface201] undo shutdown
[SwitchB-Vlan-interface201] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
# 配置从Switch B经过Tunnel0接口到PC1的静态路由。
[SwitchB] ip route-static 10.101.1.0 255.255.255.0 tunnel0
# 配置从Switch B到达隧道目的端的静态路由。
[SwitchB] ip route-static 192.13.2.2 255.255.255.255 131.108.5.1
# 创建VLAN101及其接口地址,并将端口GE2/0/1加入VLAN101。
[SwitchC] vlan 101
[SwitchC-vlan101] port GigabitEthernet 2/0/1
[SwitchC-vlan101] quit
[SwitchC] interface Vlan-interface 101
[SwitchC-Vlan-interface101] ip address 192.13.2.1 24
[SwitchC-Vlan-interface101] undo shutdown
[SwitchC-Vlan-interface101] quit
[SwitchC] interface GigabitEthernet 2/0/1
[SwitchC-GigabitEthernet2/0/1] undo shutdown
[SwitchC-GigabitEthernet2/0/1] quit
# 创建VLAN200及其接口地址,并将端口GE2/0/2加入VLAN200。
[SwitchC] vlan 200
[SwitchC-vlan200] port GigabitEthernet 2/0/2
[SwitchC-vlan200] quit
[SwitchC] interface Vlan-interface 200
[SwitchC-Vlan-interface200] ip address 131.108.5.1 24
[SwitchC-Vlan-interface200] undo shutdown
[SwitchC-Vlan-interface200] quit
[SwitchC] interface GigabitEthernet 2/0/2
[SwitchC-GigabitEthernet2/0/2] undo shutdown
[SwitchC-GigabitEthernet2/0/2] quit
# 配置经过Switch A到PC2的路由(以Windows XP操作系统为例)。
C:\>route ADD 10.101.2.0 MASK 255.255.255.0 10.101.1.1
# 配置经过Switch B到PC1的路由(以Windows XP操作系统为例)。
C:\> route ADD 10.101.1.0 MASK 255.255.255.0 10.101.2.1
PC1和PC2之间可以互相Ping通。
# 在PC1上Ping PC2。
C:\>ping 10.101.2.2
Pinging 10.101.2.2 with 32 bytes of data:
Reply from 10.101.2.2: bytes=32 time<1ms TTL=253
Reply from 10.101.2.2: bytes=32 time<1ms TTL=253
Reply from 10.101.2.2: bytes=32 time<1ms TTL=253
Reply from 10.101.2.2: bytes=32 time<1ms TTL=253
Ping statistics for 10.101.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 在PC2上Ping PC1。
C:\>ping 10.101.1.2
Pinging 10.101.1.2 with 32 bytes of data:
Reply from 10.101.1.2: bytes=32 time<1ms TTL=253
Reply from 10.101.1.2: bytes=32 time<1ms TTL=253
Reply from 10.101.1.2: bytes=32 time<1ms TTL=253
Reply from 10.101.1.2: bytes=32 time<1ms TTL=253
Ping statistics for 10.101.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
· Switch A
#
vlan 100 to 101
#
interface Vlan-interface100
ip address 10.101.1.1 255.255.255.0
#
interface Vlan-interface101
ip address 192.13.2.2 255.255.255.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 101
#
interface Tunnel0
ip address 101.1.2.1 255.255.255.0
source 192.13.2.2
destination 131.108.5.2
#
ip route-static 10.101.2.0 255.255.255.0 Tunnel0
ip route-static 131.108.5.2 255.255.255.255 192.13.2.1
#
· Switch B
#
vlan 200 to 201
#
interface Vlan-interface200
ip address 131.108.5.2 255.255.255.0
#
interface Vlan-interface201
ip address 10.101.2.1 255.255.255.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 201
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 200
#
interface Tunnel0
ip address 101.1.2.2 255.255.255.0
source 131.108.5.2
destination 192.13.2.2
#
ip route-static 10.101.1.0 255.255.255.0 tunnel0
ip route-static 192.13.2.2 255.255.255.255 131.108.5.1
#
· Switch C
#
vlan 101
#
vlan 200
#
interface Vlan-interface101
ip address 192.13.2.1 255.255.255.0
#
interface Vlan-interface200
ip address 131.108.5.1 255.255.255.0
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 200
#
如图2所示,Switch A、Switch B、Switch C之间运行IPv4协议。Switch A和Switch B分别连接IPv6主机PC1和PC2。
要求通过在边界的双栈设备(Switch A、Switch B)之间建立GRE隧道,实现两台IPv6主机PC1和PC2的安全通信。
图2 IPv6 over IPv4 GRE隧道配置组网图
· 为了使PC1发往PC2的报文经由GRE隧道进行转发,需要在边界交换机Switch A上建立Tunnel转发的路由表项:目的地址是未进行GRE封装的报文的目的地址(即PC2的IP地址),下一跳是GRE隧道对端Swtich B的Tunnel接口地址。该路由表项可以通过配置静态路由来建立;也可以在Tunnel接口上和与PC1相连的交换机VLAN 接口上分别使能动态路由协议,由动态路由协议来建立。本例中选择配置静态路由(因为配置简单)。同理,Switch B上也需进行相应配置。
· 对于GRE隧道,必须确保隧道源端和目的端之间路由可达,因此需要在Switch A和Switch B上分别配置一条到对端的静态路由(下一跳是Switch C)。
本举例是在S12500-CMW520-R1825P01版本上进行配置和验证的。
· 为实现IPv6报文在建立GRE隧道的交换机上能正常转发,必须先使能IPv6报文转发功能(缺省情况为关闭)。
· 隧道两端设备均应将隧道配置为GRE隧道模式,缺省为该模式。
# 配置VLAN101及其接口地址,并将端口GE3/0/3加入VLAN101。
[SwitchA] vlan 101
[SwitchA-vlan101] port GigabitEthernet 3/0/3
[SwitchA-vlan101] quit
[SwitchA] interface Vlan-interface 101
[SwitchA-Vlan-interface101] ip address 192.13.2.2 24
[SwitchA-Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] quit
[SwitchA] interface GigabitEthernet 3/0/3
[SwitchA-GigabitEthernet3/0/3] undo shutdown
[SwitchA-GigabitEthernet3/0/3] quit
# 使能IPv6报文转发功能。
[SwitchA] ipv6
# 配置隧道接口及其IPv6地址。
[SwitchA] interface Tunnel 0
[SwitchA-Tunnel0] ipv6 address 3000::1 64
# 配置隧道类型以及隧道的源端和目的端地址,隧道模式缺省为GRE隧道。
[SwitchA-Tunnel0] source vlan-interface 101
[SwitchA-Tunnel0] destination 131.108.5.2
[SwitchA-Tunnel0] quit# 创建VLAN100及其接口地址,并将端口GE3/0/1加入VLAN100。
[SwitchA] vlan 100
[SwitchA-vlan100] port GigabitEthernet 3/0/1
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ipv6 address 1000::1 64
[SwitchA-Vlan-interface100] undo shutdown
[SwitchA-Vlan-interface100] quit
[SwitchA] interface GigabitEthernet 3/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
# 配置从Switch A经过Tunnel0接口到PC2的静态路由。
[SwitchA] ipv6 route-static 2000:: 64 tunnel 0
# 配置从SwitchA到达隧道目的端的静态路由。
[SwitchA] ip route-static 131.108.5.2 255.255.255.255 192.13.2.1
# 创建VLAN200及其接口地址,并将端口GE3/0/3加入VLAN200。
[SwitchB] vlan 200
[SwitchB-vlan200] port GigabitEthernet 3/0/3
[SwitchB-vlan200] quit
[SwitchB] interface Vlan-interface 200
[SwitchB-Vlan-interface200] ip address 131.108.5.2 24
[SwitchB-Vlan-interface200] undo shutdown
[SwitchB-Vlan-interface200] quit
[SwitchB] interface GigabitEthernet 3/0/3
[SwitchB-GigabitEthernet3/0/3] undo shutdown
[SwitchB-GigabitEthernet3/0/3] quit
# 使能IPv6报文转发功能。
[SwitchB] ipv6
# 配置隧道接口及其IPv6地址。
[SwitchB] interface Tunnel 0
[SwitchB-Tunnel0] ipv6 address 3000::2 64
# 配置隧道类型以及隧道的源端和目的端地址,隧道模式缺省为GRE隧道。
[SwitchB-Tunnel0] source vlan-interface 200
[SwitchB-Tunnel0] destination 192.13.2.2
[SwitchB-Tunnel0] quit
# 配置VLAN201及其接口地址,并将端口GE3/0/1加入VLAN201。
[SwitchB] vlan 201
[SwitchB-vlan201] port GigabitEthernet 3/0/1
[SwitchB-vlan201] quit
[SwitchB] interface Vlan-interface 201
[SwitchB-Vlan-interface201] ipv6 address 2000::1 64
[SwitchB-Vlan-interface201] undo shutdown
[SwitchB-Vlan-interface201] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
# 配置从SwitchB经过Tunnel0接口到PC1的静态路由。
[SwitchB] ipv6 route-static 1000:: 64 tunnel0
# 配置SwitchB到达隧道目的端的静态路由。
[SwitchB] ip route-static 192.13.2.2 255.255.255.255 131.108.5.1
# 创建VLAN101及其接口地址,并将端口GE2/0/1加入VLAN101。
[SwitchC] vlan 101
[SwitchC-vlan101] port GigabitEthernet 2/0/1
[SwitchC-vlan101] quit
[SwitchC] interface Vlan-interface 101
[SwitchC-Vlan-interface101] ip address 192.13.2.1 24
[SwitchC-Vlan-interface101] undo shutdown
[SwitchC-Vlan-interface101] quit
[SwitchC] interface GigabitEthernet 2/0/1
[SwitchC-GigabitEthernet2/0/1] undo shutdown
[SwitchC-GigabitEthernet2/0/1] quit
# 创建VLAN200及其接口地址,并将端口GE2/0/2加入VLAN200。
[SwitchC] vlan 200
[SwitchC-vlan200] port GigabitEthernet 2/0/2
[SwitchC-vlan200] quit
[SwitchC] interface Vlan-interface 200
[SwitchC-Vlan-interface200] ip address 131.108.5.1 24
[SwitchC-Vlan-interface200] undo shutdown
[SwitchC-Vlan-interface200] quit
[SwitchC] interface GigabitEthernet 2/0/2
[SwitchC-GigabitEthernet2/0/2] undo shutdown
[SwitchC-GigabitEthernet2/0/2] quit
以Windows XP操作系统为例。
# 在PC1上安装IPv6协议
C:\>ipv6 install
# 查看PC1的IPv6接口配置,获得接口索引
C:\>ipv6 if
# 配置接口的IPv6地址(通常接口索引为5)
C:\>ipv6 adu 5/1000::2
# 配置IPv6默认路由
C:\>ipv6 rtu ::/0 5/1000::1
以Windows XP操作系统为例。
# 在PC2上安装IPv6协议
C:\>ipv6 install
# 查看PC2的IPv6接口配置,获得接口索引
C:\>ipv6 if
# 配置接口的IPv6地址(通常接口索引为5)
C:\>ipv6 adu 5/2000::2
# 配置IPv6默认路由
C:\>ipv6 rtu ::/0 5/2000::1
PC1可以和PC2之间可以互相Ping通。
# 在PC1上Ping PC2。
C:\>ping6 -s 1000::2 2000::2
Pinging 2000::2
from 1000::2 with 32 bytes of data:
Reply from 2000::2: bytes=32 time<1ms
Reply from 2000::2: bytes=32 time<1ms
Reply from 2000::2: bytes=32 time<1ms
Reply from 2000::2: bytes=32 time<1ms
Ping statistics for 2000::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 在PC2上Ping PC1。
C:\>ping6 -s 2000::2 1000::2
Pinging 1000::2
from 2000::2 with 32 bytes of data:
Reply from 1000::2: bytes=32 time<1ms
Reply from 1000::2: bytes=32 time<1ms
Reply from 1000::2: bytes=32 time<1ms
Reply from 1000::2: bytes=32 time<1ms
Ping statistics for 1000::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
· Switch A
#
router id 4.4.4.4
#
ipv6
#
vlan 100 to 101
#
interface Vlan-interface100
ipv6 address 1000::1/64
#
interface Vlan-interface101
ip address 192.13.2.2 255.255.255.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 101
#
interface Tunnel0
ipv6 address 3000::1/64
source Vlan-interface101
destination 131.108.5.2
#
ip route-static 131.108.5.2 255.255.255.255 192.13.2.1
#
ipv6 route-static 2000:: 64 Tunnel0
#
· Switch B
#
ipv6
#
vlan 200 to 201
#
interface Vlan-interface200
ip address 131.108.5.2 255.255.255.0
#
interface Vlan-interface201
ipv6 address 2000::1/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 201
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 200
#
interface Tunnel0
ipv6 address 3000::2/64
source Vlan-interface200
destination 192.13.2.2
#
ip route-static 192.13.2.2 255.255.255.255 131.108.5.1
#
ipv6 route-static 1000:: 64 Tunnel0
#
· Switch C
#
vlan 101
#
vlan 200
#
interface Vlan-interface101
ip address 192.13.2.1 255.255.255.0
#
interface Vlan-interface200
ip address 131.108.5.1 255.255.255.0
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 200
#
· 《H3C S12500系列路由交换机 三层技术-IP业务配置指导》中的“GRE”
· 《H3C S12500系列路由交换机 三层技术-IP业务命令参考》中的“GRE”
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
