简单的VPN-VRF配置(ENSP)
拓扑如上
首先我们配置中间的三层交换机
sys //进入配置模式 un in en //关闭消息提醒 ip vpn-instance VRF-A //创建VRF实例 route-distinguisher 100:1 //用于标记VRF,区别不同VRF相同IP vpn-target 100:1 export-extcommunity //VPN路由导入,使交换机能识别VRF内的路由 vpn-target 100:1 import-extcommunity ip vpn-instance VRF-B route-distinguisher 100:2 vpn-target 100:2 export-extcommunity vpn-target 100:2 import-extcommunity q //ensp里退出是这个也就是quit vlan batch 10 20 //创建两个vlan interface Vlanif 10 ip binding vpn-instance VRF-A //把vlan10绑定到分配的VRF ip address 192.168.1.1 255.255.255.0 undo shutdown interface Vlanif 20 ip binding vpn-instance VRF-B ip address 192.168.2.1 255.255.255.0 undo shutdown int e0/0/2 port link-type access port default vlan 10 //连接左边路由器 int e0/0/3 port link-type access port default vlan 20 int e0/0/1 port link-type trunk //更改端口为trunk模式 port trunk allow-pass vlan all //放行所有vlan //下面这步最后再来配,现在先去配其他设备 ip route-static vpn-instance VRF-A 10.0.0.0 255.255.255.0 192.168.1.2 //添加静态路由,保证数据可以转发出去 ip route-static vpn-instance VRF-B 10.0.0.0 255.255.255.0 192.168.2.2
配置左边路由器
interface GE 0/0/0 ip address 192.168.1.2 255.255.255.0 undo shutdown interface GE 0/0/1 ip address 10.0.0.1 255.255.255.0 undo shutdown // ip route-static 192.168.1.0 255.255.255.0 10.0.0.2
右边
interface GE 0/0/0 ip address 192.168.2.2 255.255.255.0 undo shutdown interface GE 0/0/1 ip address 10.0.0.1 255.255.255.0 undo shutdown // ip route-static 192.168.2.0 255.255.255.0 10.0.0.2
二层交换机
vlan batch 10 20 int g0/0/2 port link-type access port default vlan 10 int g0/0/3 port link-type access port default vlan 20 int g0/0/1 port link-type trunk port trunk allow-pass vlan all
配到这里回去看看静态路由配置
现在就可以发现路由已经被隔离了,只有单边可以互通
记得配置完成后保存配置
退出到<>这个状态使用save保存即可
