gre隧道建立不通,vir over gre改如何配置?
航车ar用一个口接入不同网段的设备,上行8,9口连接两台cpe,将cpe的公网地址通过dmz映射为私网地址,通过公网设备到达中心ar,中心ar的0口与运营商的dcgw对接,用5口和操控段ar对接。
航车ar与操控端ar之间建立gre隧道,因为航车下接不同网段的设备,所以采用vir over gre的形势。
现在隧道无法建立,中心ar无法ping同操控端ar的20.20.20.10口。
已附配置,请问有什么地方配置错了。
航车ar
vlan batch 100
lldp enable
bfd
ip vpn-instance vpn1
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
ip vpn-instance vpn2
ipv4-family
route-distinguisher 2:2
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
interface GigabitEthernet0/0/7
undo portswitch
description TO_MG-YILIAN-caozuotai
set flow-stat interval 10
map interface Virtual-Ethernet0/0/2
interface GigabitEthernet0/0/8
description TO_MG-YILIAN-CPE01
ip binding vpn-instance vpn1
ip address 10.20.11.2 255.255.255.0
interface GigabitEthernet0/0/9
description TO_MG-YILIAN-CPE02
ip binding vpn-instance vpn2
ip address 10.20.12.2 255.255.255.0
interface Virtual-Ethernet0/0/1
portswitch
description TO_Bind-MG-YILIAN-CPEAR01-Tunnel0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
interface Virtual-Ethernet0/0/2
portswitch
description TO_Bind-MG-YILIAN-CPEAR01-GE0/0/7
port link-type access
port default vlan 100
vlan dot1q-tunnel enable
interface LoopBack1
ip address 12.2.2.2 255.255.255.255
interface Tunnel0/0/1
mtu 1600
description TO_MG-YILIAN-ZXAR-Tunnel0/0/1
ip address 100.110.11.2 255.255.255.0
tunnel-protocol gre
gre key plain 11
source GigabitEthernet0/0/8
destination vpn-instance vpn1 20.20.20.6
gre checksum
interface Tunnel0/0/2
mtu 1600
description TO_MG-YILIAN-ZXAR-Tunnel0/0/1
ip address 100.110.12.2 255.255.255.0
tunnel-protocol gre
gre key plain 12
source GigabitEthernet0/0/9
destination vpn-instance vpn2 20.20.20.6
gre checksum
interface Tunnel0/0/3
description TO_MG-YILIAN-ZXAR-Tunnel0/0/3
ip address 100.110.13.2 255.255.255.0
tunnel-protocol gre
gre key plain 13
source LoopBack1
destination 12.1.1.1
map interface Virtual-Ethernet0/0/1
bfd 1 bind peer-ip 100.110.11.1 source-ip 100.110.11.2
discriminator local 12
discriminator remote 11
commit
bfd 2 bind peer-ip 100.110.12.1 source-ip 100.110.12.2
discriminator local 22
discriminator remote 21
commit
ip route-static 11.1.1.1 255.255.255.255 Tunnel0/0/1 track bfd-session 1
ip route-static 11.1.1.1 255.255.255.255 Tunnel0/0/2 preference 70 track bfd-session 2
ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 10.20.11.1
ip route-static vpn-instance vpn2 0.0.0.0 0.0.0.0 10.20.12.1
操作端ar
vlan batch 100
lldp enable
bfd
interface GigabitEthernet0/0/1
undo portswitch
description TO_MG-YILIAN-caozuotai
map interface Virtual-Ethernet0/0/2
interface GigabitEthernet0/0/4
undo portswitch
description TO_NJMG_RN01_DCGW01-GE0/1/18
set flow-stat interval 10
ip address 20.20.20.10 255.255.255.252
interface Virtual-Ethernet0/0/1
portswitch
description TO_Bind-MG-YILIAN-ZXAR-Tunnel0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
interface Virtual-Ethernet0/0/2
portswitch
description TO_Bind-MG-YILIAN-ZXAR-GE0/0/1
port link-type access
port default vlan 100
vlan dot1q-tunnel enable
interface LoopBack1
ip address 12.1.1.1 255.255.255.255
interface Tunnel0/0/1
mtu 1600
description TO_MG-YILIAN-CPEAR01-Tunnel0/0/1
ip address 100.110.11.1 255.255.255.0
tunnel-protocol gre
gre key plain 11
source GigabitEthernet0/0/4
destination 172.16.100.131
gre checksum
interface Tunnel0/0/2
mtu 1600
description TO_MG-YILIAN-CPEAR01-Tunnel0/0/2
ip address 100.110.12.1 255.255.255.0
tunnel-protocol gre
gre key plain 12
source GigabitEthernet0/0/4
destination 172.16.100.135
gre checksum
interface Tunnel0/0/3
description TO_MG-YILIAN-CPEAR01-Tunnel0/0/3
ip address 100.110.13.1 255.255.255.0
tunnel-protocol gre
gre key plain 13
source LoopBack1
destination 12.2.2.2
map interface Virtual-Ethernet0/0/1
bfd 1 bind peer-ip 100.110.11.2 source-ip 100.110.11.1
discriminator local 11
discriminator remote 12
commit
bfd 2 bind peer-ip 100.110.12.2 source-ip 100.110.12.1
discriminator local 21
discriminator remote 22
commit
ip route-static 0.0.0.0 0.0.0.0 20.20.20.5
ip route-static 12.2.2.2 255.255.255.255 Tunnel0/0/1 track bfd-session 1
ip route-static 12.2.2.2 255.255.255.255 Tunnel0/0/2 preference 70 track bfd-session 2
中心ar
[V300R019C13SPC200]
#
sysname AR6140
#
clock timezone 1 minus 00:00:00
#
vlan batch 2 9 to 10 20 30 100
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
replication if-down-delay 65535
#
lldp enable
#
dhcp enable
#
radius-server template default
#
bfd
#
pki realm default
certificate-check none
#
ssl policy default_policy type server
pki-realm default
version tls1.2
ciphersuite rsa_aes_128_cbc_sha rsa_aes_128_sha256 rsa_aes_256_sha256 ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
domain default
authentication-scheme default
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1a$o)|/(x924&$pDUV5gu$#NN0/sH>Yyy)+wyLKf3t!9P=cvQ3#_3C$
local-user admin privilege level 15
local-user admin service-type telnet terminal http
local-user huawei password cipher %^%#wYb
local-user huawei privilege level 0
#
web
set fast-configuration state disable
#
firewall zone Local
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 192.168.1.1
#
interface GigabitEthernet0/0/0
undo portswitch
description to_defaultGW
set flow-stat interval 10
ip address 20.20.20.2 255.255.255.252
#
interface GigabitEthernet0/0/1
undo portswitch
#
interface GigabitEthernet0/0/2
ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 100.100.100.1 255.255.255.0
#
interface GigabitEthernet0/0/4
undo portswitch
map interface Virtual-Ethernet0/0/2
#
interface GigabitEthernet0/0/5
undo portswitch
map interface Virtual-Ethernet0/0/8
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
description VirtualPort
#
interface Virtual-Ethernet0/0/1
portswitch
port link-type trunk
port trunk pvid vlan 2
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 9 to 10 20 30 100
#
interface Virtual-Ethernet0/0/2
portswitch
port link-type access
port default vlan 100
vlan dot1q-tunnel enable
#
interface Virtual-Ethernet0/0/3
portswitch
port link-type trunk
port trunk pvid vlan 2
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 9 to 10 20 30 100
#
interface Virtual-Ethernet0/0/4
portswitch
port link-type trunk
port trunk pvid vlan 2
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 9 to 10 20 30 100
#
interface Virtual-Ethernet0/0/5
portswitch
port link-type trunk
port trunk pvid vlan 2
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 9 to 10 20 30 100
#
interface Virtual-Ethernet0/0/6
portswitch
port link-type trunk
port trunk pvid vlan 2
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 9 to 10 20 30 100
#
interface Virtual-Ethernet0/0/7
portswitch
port link-type trunk
port trunk pvid vlan 2
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 9 to 10 20 30 100
#
interface Virtual-Ethernet0/0/8
portswitch
port link-type access
port default vlan 100
vlan dot1q-tunnel enable
#
interface NULL0
#
interface LoopBack1
ip address 7.7.7.7 255.255.255.255
#
interface Tunnel0/0/1
mtu 1600
description 821-1
ip address 100.100.11.1 255.255.255.0
tunnel-protocol gre
gre key plain 11
source GigabitEthernet0/0/0
destination 172.16.100.10
gre checksum
replication path-group 1
#
interface Tunnel0/0/2
mtu 1600
description 821-2
ip address 100.100.12.1 255.255.255.0
tunnel-protocol gre
gre key plain 12
source GigabitEthernet0/0/0
destination 172.16.100.3
gre checksum
replication path-group 1
#
interface Tunnel0/0/3
description 821-inside
ip address 100.100.13.1 255.255.255.0
tunnel-protocol gre
gre key plain 13
source LoopBack1
destination 1.1.1.1
map interface Virtual-Ethernet0/0/1
#
interface Tunnel0/0/4
mtu 1600
description 822-1
ip address 100.100.21.1 255.255.255.0
tunnel-protocol gre
gre key plain 21
source GigabitEthernet0/0/0
destination 172.16.100.9
gre checksum
replication path-group 2
#
interface Tunnel0/0/5
mtu 1600
description 822-2
ip address 100.100.22.1 255.255.255.0
tunnel-protocol gre
gre key plain 22
source GigabitEthernet0/0/0
destination 172.16.100.4
gre checksum
replication path-group 2
#
interface Tunnel0/0/6
description 822-inside
ip address 100.100.23.1 255.255.255.0
tunnel-protocol gre
gre key plain 23
source LoopBack1
destination 2.2.2.2
map interface Virtual-Ethernet0/0/3
#
interface Tunnel0/0/7
mtu 1600
description 823-1
ip address 100.100.31.1 255.255.255.0
tunnel-protocol gre
gre key plain 31
source GigabitEthernet0/0/0
destination 172.16.100.7
gre checksum
replication path-group 3
#
interface Tunnel0/0/8
mtu 1600
description 823-2
ip address 100.100.32.1 255.255.255.0
tunnel-protocol gre
gre key plain 32
source GigabitEthernet0/0/0
destination 172.16.100.12
gre checksum
replication path-group 3
#
interface Tunnel0/0/9
description 823-inside
ip address 100.100.33.1 255.255.255.0
tunnel-protocol gre
gre key plain 33
source LoopBack1
destination 3.3.3.3
map interface Virtual-Ethernet0/0/4
#
interface Tunnel0/0/10
mtu 1600
description 805-1
ip address 100.100.41.1 255.255.255.0
tunnel-protocol gre
gre key plain 41
source GigabitEthernet0/0/0
destination 172.16.100.6
gre checksum
replication path-group 4
#
interface Tunnel0/0/11
mtu 1600
description 805-2
ip address 100.100.42.1 255.255.255.0
tunnel-protocol gre
gre key plain 42
source GigabitEthernet0/0/0
destination 172.16.100.2
gre checksum
replication path-group 4
#
interface Tunnel0/0/12
description 805-inside
ip address 100.100.43.1 255.255.255.0
tunnel-protocol gre
gre key plain 43
source LoopBack1
destination 4.4.4.4
map interface Virtual-Ethernet0/0/5
#
interface Tunnel0/0/13
mtu 1600
description 806-1
ip address 100.100.51.1 255.255.255.0
tunnel-protocol gre
gre key plain 51
source GigabitEthernet0/0/0
destination 172.16.100.11
gre checksum
replication path-group 5
#
interface Tunnel0/0/14
mtu 1600
description 806-2
ip address 100.100.52.1 255.255.255.0
tunnel-protocol gre
gre key plain 52
source GigabitEthernet0/0/0
destination 172.16.100.14
gre checksum
replication path-group 5
#
interface Tunnel0/0/15
description 806-inside
ip address 100.100.53.1 255.255.255.0
tunnel-protocol gre
gre key plain 53
source LoopBack1
destination 5.5.5.5
map interface Virtual-Ethernet0/0/6
#
interface Tunnel0/0/16
mtu 1600
description 807-1
ip address 100.100.61.1 255.255.255.0
tunnel-protocol gre
gre key plain 61
source GigabitEthernet0/0/0
destination 172.16.100.13
gre checksum
replication path-group 6
#
interface Tunnel0/0/17
mtu 1600
description 807-2
ip address 100.100.62.1 255.255.255.0
tunnel-protocol gre
gre key plain 62
source GigabitEthernet0/0/0
destination 172.16.100.1
gre checksum
replication path-group 6
#
interface Tunnel0/0/18
description 807-inside
ip address 100.100.63.1 255.255.255.0
tunnel-protocol gre
gre key plain 63
source LoopBack1
destination 6.6.6.6
map interface Virtual-Ethernet0/0/7
#
interface Tunnel0/0/20
mtu 1600
description test-bdg-821
ip address 100.100.14.1 255.255.255.0
tunnel-protocol gre
gre key plain 14
source GigabitEthernet0/0/5
destination 200.200.200.2
#
cellular profile default
modem auto-recovery dial action modem-reboot fail-times 128
modem auto-recovery icmp-unreachable action modem-reboot
modem auto-recovery services-unavailable action modem-reboot test-times 0 interval 3600
#
bfd 1 bind peer-ip 100.100.11.2 source-ip 100.100.11.1
discriminator local 1
discriminator remote 2
commit
#
bfd 2 bind peer-ip 100.100.21.2 source-ip 100.100.21.1
discriminator local 3
discriminator remote 4
commit
#
bfd 3 bind peer-ip 100.100.31.2 source-ip 100.100.31.1
discriminator local 5
discriminator remote 6
commit
#
bfd 4 bind peer-ip 100.100.41.2 source-ip 100.100.41.1
discriminator local 7
discriminator remote 8
commit
#
bfd 5 bind peer-ip 100.100.51.2 source-ip 100.100.51.1
discriminator local 9
discriminator remote 10
commit
#
bfd 6 bind peer-ip 100.100.61.2 source-ip 100.100.61.1
discriminator local 11
discriminator remote 12
commit
#
bfd 7 bind peer-ip 100.100.12.2 source-ip 100.100.12.1
discriminator local 20
discriminator remote 21
commit
#
bfd 8 bind peer-ip 100.100.22.2 source-ip 100.100.22.1
discriminator local 22
discriminator remote 23
commit
#
bfd 9 bind peer-ip 100.100.32.2 source-ip 100.100.32.1
discriminator local 24
discriminator remote 25
commit
#
bfd 10 bind peer-ip 100.100.42.2 source-ip 100.100.42.1
discriminator local 26
discriminator remote 27
commit
#
bfd 11 bind peer-ip 100.100.52.2 source-ip 100.100.52.1
discriminator local 28
discriminator remote 29
commit
#
bfd 12 bind peer-ip 100.100.62.2 source-ip 100.100.62.1
discriminator local 30
discriminator remote 31
commit
#
ftp server permit interface all
#
snmp-agent local-engineid 800007DB032811EC8B8630
#
telnet server enable
telnet server permit interface all
#
http secure-server ssl-policy default_policy
http secure-server enable
http server permit interface GigabitEthernet0/0/8
#
ip route-static 0.0.0.0 0.0.0.0 20.20.20.1
ip route-static 1.1.1.1 255.255.255.255 Tunnel0/0/1 track bfd-session 1
ip route-static 1.1.1.1 255.255.255.255 Tunnel0/0/2 preference 70 track bfd-session 7
ip route-static 1.1.1.1 255.255.255.255 Tunnel0/0/20 preference 80
ip route-static 2.2.2.2 255.255.255.255 Tunnel0/0/4 track bfd-session 2
ip route-static 2.2.2.2 255.255.255.255 Tunnel0/0/5 preference 70
ip route-static 3.3.3.3 255.255.255.255 Tunnel0/0/7 track bfd-session 3
ip route-static 3.3.3.3 255.255.255.255 Tunnel0/0/8 preference 70
ip route-static 4.4.4.4 255.255.255.255 Tunnel0/0/10 track bfd-session 4
ip route-static 4.4.4.4 255.255.255.255 Tunnel0/0/11 preference 70
ip route-static 5.5.5.5 255.255.255.255 Tunnel0/0/13 track bfd-session 5
ip route-static 5.5.5.5 255.255.255.255 Tunnel0/0/14 preference 70
ip route-static 6.6.6.6 255.255.255.255 Tunnel0/0/16 track bfd-session 6
ip route-static 6.6.6.6 255.255.255.255 Tunnel0/0/17 preference 70
#
fib regularly-refresh disable
#
user-interface con 0
authentication-mode aaa
idle-timeout 0 0
user-interface vty 0
authentication-mode aaa
user privilege level 15
user-interface vty 1 4
authentication-mode aaa
#
replication path-group 1
path Tunnel0/0/1 priority 1 track bfd 1
path Tunnel0/0/2 priority 2 track bfd 7
replication path-group 2
path Tunnel0/0/4 priority 1 track bfd 2
path Tunnel0/0/5 priority 2 track bfd 8
replication path-group 3
path Tunnel0/0/7 priority 1 track bfd 3
path Tunnel0/0/8 priority 2 track bfd 9
replication path-group 4
path Tunnel0/0/10 priority 1 track bfd 4
path Tunnel0/0/11 priority 2 track bfd 10
replication path-group 5
path Tunnel0/0/13 priority 1 track bfd 5
path Tunnel0/0/14 priority 2 track bfd 11
replication path-group 6
path Tunnel0/0/16 priority 1 track bfd 6
path Tunnel0/0/17 priority 2 track bfd 12
#
wlan ac
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#O)}@;LFOO!rl;zQ5>j-OvLJ9J|"[-~|7a!<-5GOS%^%# aes
ssid-profile name default
vap-profile name default
wds-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
voice
#
enterprise default
#
diagnose
#
ops
#
autostart
#
secelog
#
ms-channel
#
return
航车ar:
有以下几点问题:
Tunnel0/0/1和Tunnel0/0/2的description是一样的,可能会导致后期管理混淆。
Tunnel0/0/1和Tunnel0/0/2的IP地址的网络位段相同,应该是不同的网络。
source GigabitEthernet0/0/8和source GigabitEthernet0/0/9应该分别对应不同的物理接口。
destination vpn-instance vpn1和destination vpn-instance vpn2应该分别对应不同的VPN实例,否则可能会导致GRE隧道无法建立。
两个GRE隧道的目的地IP地址都是20.20.20.6,这可能是一项配置错误,因为不同的GRE隧道应该有不同的目的地IP地址。