GRE konfigürasyonu Huawei

cemerbas 24 Haziran 2019 Huawei Leave a comment 200 Views

  1. GRE trafiginin yapılandırması
    GRE üzerinde ACL Ipsec yeniden yapılandıralım.
    [Router1]acl 3001
    [Router1-acl-adv-3001]rule 5 permit gre source 10.0.12.1 0 destination 10.0.23.3 0
    [Router3]acl 3001
    [Router3-acl-adv-3001]rule 5 permit gre source 10.0.23.3 0 destination 10.0.12.1 0

2.Interfaceler arası tunnel oluşturalım.
Bir tünel arabirimi oluşturulım ve encapsulation türü GRE olarak belirtelim.
Tunnel source adresi veya source interface ayarlayalım , ve tunnel destination adresini ayarlayalım.
[Router1]interface Tunnel 0/0/1
[Router1-Tunnel0/0/1]ip address 100.1.1.1 24
[Router1-Tunnel0/0/1]tunnel-protocol gre
Info: Relevant configurations on this interface are deleted.
[Router1-Tunnel0/0/1]source 10.0.12.1
[Router1-Tunnel0/0/1]destination 10.0.23.3
[Router3]interface Tunnel 0/0/1
[Router3-Tunnel0/0/1]ip address 100.1.1.2 24
[Router3-Tunnel0/0/1]tunnel-protocol gre
Info: Relevant configurations on this interface are deleted.
[Router3-Tunnel0/0/1]source 10.0.23.3
[Router3-Tunnel0/0/1]destination 10.0.12.1

  1. OSPF yapılandırması .
    [Router1]ospf 1
    [Router1-ospf-1]area 0
    [Router1-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
    [Router1]ospf 2 router-id 10.0.1.1
    [Router1-ospf-2]area 0
    [Router1-ospf-2-area-0.0.0.0]network 10.0.12.0 0.0.0.255
    [Router3]ospf 1
    [Router3-ospf-1]area 0
    [Router3-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
    [Router3]ospf 2 router-id 10.0.3.3
    [Router3-ospf-2]area 0
    [Router3-ospf-2-area-0.0.0.0]network 10.0.23.0 0.0.0.255

Tunnel konfigürasyonunn yapılandırmasına display interface tunnel 0/0/1 komutu ile bakabiliriz.
[Router1]display interface Tunnel 0/0/1
Tunnel0/0/1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2015-01-29 12:16:41 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 100.1.1.1/24
Encapsulation is TUNNEL, loopback not set
Tunnel source 10.0.12.1 (Serial0/0/1), destination 10.0.23.3
Tunnel protocol/transport GRE/IP, key disabled
keepalive disabled
Checksumming of packets disabled
Current system time: 2015-01-29 12:19:41-08:00
300 seconds input rate 32 bits/sec, 0 packets/sec
300 seconds output rate 32 bits/sec, 0 packets/sec
0 seconds input rate 0 bits/sec, 0 packets/sec
0 seconds output rate 0 bits/sec, 0 packets/sec
28 packets input, 2676 bytes
0 input error
28 packets output, 2612 bytes
0 output error
Input:
Unicast: 0 packets, Multicast: 0 packets
Output:
Unicast: 0 packets, Multicast: 28 packets
Input bandwidth utilization : —
Output bandwidth utilization : —

[Router3]display interface Tunnel 0/0/1
Tunnel0/0/1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2015-01-29 12:16:45 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 100.1.1.2/24
Encapsulation is TUNNEL, loopback not set
Tunnel source 10.0.23.3 (Serial0/0/2), destination 10.0.12.1
Tunnel protocol/transport GRE/IP, key disabled
keepalive disabled
Checksumming of packets disabled
Current system time: 2015-01-29 12:20:41-08:00
300 seconds input rate 64 bits/sec, 0 packets/sec
300 seconds output rate 72 bits/sec, 0 packets/sec
0 seconds input rate 0 bits/sec, 0 packets/sec
0 seconds output rate 0 bits/sec, 0 packets/sec
34 packets input, 3168 bytes
0 input error
34 packets output, 3228 bytes
0 output error
Input:
Unicast: 0 packets, Multicast: 0 packets
Output:
Unicast: 0 packets, Multicast: 34 packets
Input bandwidth utilization : —
Output bandwidth utilization : —

GRE tunnel konfigürasyonunu kontrol edelim.
Routing tablosuna display ip routing-table komutu ile bakabiliriz.
[Router1]display ip routing-table
Route Flags: R – relay, D – download to fib
——————————————————————————
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.0/24 Direct 0 0 D 10.0.1.1 LoopBack0
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 OSPF 10 1562 D 10.0.12.2 Serial0/0/1
10.0.3.3/32 OSPF 10 1562 D 100.1.1.2 Tunnel0/0/1
10.0.11.0/24 Direct 0 0 D 10.0.11.11 LoopBack1
10.0.11.11/32 Direct 0 0 D 127.0.0.1 LoopBack1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Serial0/0/1
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Serial0/0/1
10.0.12.2/32 Direct 0 0 D 10.0.12.2 Serial0/0/1
10.0.23.0/24 OSPF 10 3124 D 10.0.12.2 Serial0/0/1
10.0.33.33/32 OSPF 10 1562 D 100.1.1.2 Tunnel0/0/1
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Tunnel0/0/1
100.1.1.1/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
display ip routing-table
Route Flags: R – relay, D – download to fib
——————————————————————————
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 1562 D 100.1.1.1 Tunnel0/0/1
10.0.2.2/32 OSPF 10 1562 D 10.0.23.2 Serial0/0/2
10.0.3.0/24 Direct 0 0 D 10.0.3.3 LoopBack0
10.0.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.11.11/32 OSPF 10 1562 D 100.1.1.1 Tunnel0/0/1
10.0.12.0/24 OSPF 10 3124 D 10.0.23.2 Serial0/0/2
10.0.23.0/24 Direct 0 0 D 10.0.23.3 Serial0/0/2
10.0.23.2/32 Direct 0 0 D 10.0.23.2 Serial0/0/2
10.0.23.3/32 Direct 0 0 D 127.0.0.1 Serial0/0/2
10.0.33.0/24 Direct 0 0 D 10.0.33.33 LoopBack1
10.0.33.33/32 Direct 0 0 D 127.0.0.1 LoopBack1
100.1.1.0/24 Direct 0 0 D 100.1.1.2 Tunnel0/0/1
100.1.1.2/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

GRE tünel kurulduktan sonra , GRE tunnel üzerinden konfigürasyonun çalıtıgını kontrol edelim.Ipsec statisticleri temizledikten sonra bağlantıyı test edelim.
reset ipsec statistics esp
ping -a 10.0.1.1 10.0.3.3
PING 10.0.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=70 ms
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=70 ms
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=70 ms
Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=80 ms
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=30 ms
— 10.0.3.3 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/64/80 ms
display ipsec statistics esp
Inpacket count : 8
Inpacket auth count : 0
Inpacket decap count : 0
Outpacket count : 8
Outpacket auth count : 0
Outpacket encap count : 0
Inpacket drop count : 0
Outpacket drop count : 0
BadAuthLen count : 0
AuthFail count : 0
PktDuplicateDrop count : 0
PktSeqNoTooSmallDrop count: 0
PktInSAMissDrop count : 0

GRE IPsec üzerinden hello paketleri dahil tüm OSPF trafiğini encapsüle eder ,
[Router1]interface Tunnel 0/0/1
[Router1-Tunnel0/0/1]keepalive period 3
display interface Tunnel 0/0/1
Tunnel0/0/1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2015-01-29 12:16:41 UTC-08:00
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 100.1.1.1/24
Encapsulation is TUNNEL, loopback not set
Tunnel source 10.0.12.1 (Serial0/0/1), destination 10.0.23.3
Tunnel protocol/transport GRE/IP, key disabled
keepalive enable period 3 retry-times 3
Checksumming of packets disabled
Current system time: 2015-01-29 12:24:55-08:00
300 seconds input rate 80 bits/sec, 0 packets/sec
300 seconds output rate 80 bits/sec, 0 packets/sec
0 seconds input rate 0 bits/sec, 0 packets/sec
0 seconds output rate 0 bits/sec, 0 packets/sec
66 packets input, 6252 bytes
0 input error
76 packets output, 6712 bytes
0 output error
Input:
Unicast: 0 packets, Multicast: 0 packets
Output:
Unicast: 5 packets, Multicast: 62 packets
Input bandwidth utilization : —
Output bandwidth utilization : —
display current-configuration
#
sysname Router1
#
acl number 3001
rule 5 permit gre source 10.0.12.1 0 destination 10.0.23.3 0
#
interface Serial0/0/1
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.0
#
interface LoopBack1
ip address 10.0.11.11 255.255.255.0
#
interface Tunnel0/0/1
ip address 100.1.1.1 255.255.255.0
tunnel-protocol gre
keepalive period 3
source 10.0.12.1
destination 10.0.23.3
#
ospf 1 router-id 10.0.1.1
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 10.0.1.0 0.0.0.255
network 10.0.11.0 0.0.0.255
#
ospf 2 router-id 10.0.1.1
area 0.0.0.0
network 10.0.12.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
Return
display current-configuration
#
sysname R2
#
interface Serial0/0/1
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
#
interface Serial0/0/2
link-protocol ppp
ip address 10.0.23.2 255.255.255.0
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
network 10.0.2.0 0.0.0.255
network 10.0.12.0 0.0.0.255
network 10.0.23.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
Return
display current-configuration
#
sysname Router3
#
acl number 3001
rule 5 permit gre source 10.0.23.3 0 destination 10.0.12.1 0
#
interface Serial0/0/2
link-protocol ppp
ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
#
interface LoopBack1
ip address 10.0.33.33 255.255.255.0
#
interface Tunnel0/0/1
ip address 100.1.1.2 255.255.255.0
tunnel-protocol gre
source 10.0.23.3
destination 10.0.12.1
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 10.0.3.0 0.0.0.255
network 10.0.33.0 0.0.0.255
#
ospf 2 router-id 10.0.3.3
area 0.0.0.0
network 10.0.23.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
Return

About cemerbas

Check Also

Next Generation Firewall (NGFW) Huawei

Next Generation Firewall (NGFW) üzerinden geçen trafiği, Application identification, User identification ve Content identification temellerine …

Bir yanıt yazın

* Powered by WordPress | Designed by Cem Kemal Erbaş
© Copyright 2015 - 2024, All RigReservedhts