1. cCE
#配置各接口所属VLAN,并配置VLANIF接口和Loopback接口IP地址
sysname cCE
vlan 60
vlan 70
int port gigabitethernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
vlan 171
vlan 161
interface vlan 171
ip add 171.7.7.254 24
interface vlan 161
ip add 161.6.6.254 24
#骨干网isis
interface vlan 70
ip address 70.70.70.2 30
interface vlan 60
ip address 60.60.60.2 30
#ospf
配置PE与CE互联发布gbp路由
ospf 1
area 0.0.0.0
network 70.70.70.0 0.0.0.3
network 171.7.7.0 0.0.0.255
network 192.168.0.9 0.0.0.0
ospf 2
area 0.0.0.0
network 60.60.60.0 0.0.0.3
network 161.6.6.0 0.0.0.255
#远程访问地址
interface LoopBack1
ip address 192.168.0.9 255.255.255.255
1. dCE
sysname dCE
vlan 80
vlan 90
interface GigabitEthernet1/1/4
port link-type trunk
port trunk permit vlan all
vlan 181
vlan 191
interface Vlan-interface181
ip address 181.8.8.254 255.255.255.0
interface Vlan-interface191
ip address 191.9.9.254 255.255.255.0
interface vlan 80
ip address 80.80.80.2 30
interface vlan 90
ip address 90.90.90.2 30
ospf 3
area 0.0.0.0
network 80.80.80.0 0.0.0.3
network 181.8.8.0 0.0.0.255
network 192.168.0.12 0.0.0.0
ospf 4
area 0.0.0.0
network 90.90.90.0 0.0.0.3
network 191.9.9.0 0.0.0.255
interface LoopBack1
ip address 192.168.0.12 255.255.255.255
1. aPE
isis 1
network-entity 10.0000.0000.0001.00
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
interface GigabitEthernet3/0/0
port link-mode route
combo enable fiber
ip address 10.10.10.1 255.255.255.252
isis enable 1
isis circuit-type p2p
mpls lsr-id 1.1.1.1
mpls
mpls ldp
interface GigabitEthernet3/0/0
port link-mode route
combo enable fiber
ip address 10.10.10.1 255.255.255.252
isis enable 1
isis circuit-type p2p
mpls
mpls ldp
mpls lsr-id 1.1.1.1
mpls
mpls ldp
interface GigabitEthernet3/0/0
port link-mode route
combo enable fiber
ip address 10.10.10.1 255.255.255.252
isis enable 1
isis circuit-type p2p
mpls
mpls ldp
ipv4-family vpnv4
peer 2.2.2.2 enable
peer 2.2.2.2 advertise-community
ip vpn-instance VPN-A
route-distinguisher 10:100
vpn-target 10:100 export-extcommunity
vpn-target 10:100 import-extcommunity
ip vpn-instance VPN-B
route-distinguisher 20:200
vpn-target 20:200 export-extcommunity
vpn-target 20:200 import-extcommunity
interface GigabitEthernet3/0/1.70
vlan-type dot1q vid 70
ip binding vpn-instance VPN-A
ip address 70.70.70.1 255.255.255.252
interface GigabitEthernet3/0/1.60
vlan-type dot1q vid 60
ip binding vpn-instance VPN-B
ip address 60.60.60.1 255.255.255.252
ospf 1 vpn-instance VPN-A
import-route bgp
area 0.0.0.0
network 70.70.70.0 0.0.0.3
network 192.168.0.0 0.0.0.255
ospf 2 vpn-instance VPN-B
import-route bgp
area 0.0.0.0
network 60.60.60.0 0.0.0.3
bgp 100
router-id 1.1.1.1
undo synchronization
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
ipv4-family vpn-instance VPN-A
import-route direct
import-route ospf 1
ipv4-family vpn-instance VPN-B
import-route ospf 2
ipv4-family vpnv4
peer 2.2.2.2 enable
peer 2.2.2.2 advertise-community
interface LoopBack1
ip binding vpn-instance VPN-A
ip address 192.168.0.10 255.255.255.255
interface GigabitEthernet3/0/3
port link-mode route
ip binding vpn-instance VPN-A
ip address 192.168.0.2 255.255.255.252
#防火墙地址:192.168.0.1 255.255.255.252
1. bPE
sysname bPE
isis 1
network-entity 10.0000.0000.0002.00
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
interface GigabitEthernet3/2/0
port link-mode route
ip address 10.10.10.2 255.255.255.252
isis enable 1
isis circuit-type p2p
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface GigabitEthernet3/2/0
port link-mode route
ip address 10.10.10.2 255.255.255.252
isis enable 1
isis circuit-type p2p
mpls
mpls ldp
bgp 100
router-id 2.2.2.2
undo synchronization
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpnv4
peer 1.1.1.1 enable
peer 1.1.1.1 advertise-community
ip vpn-instance VPN-A
route-distinguisher 10:100
vpn-target 10:100 export-extcommunity
vpn-target 10:100 import-extcommunity
ip vpn-instance VPN-B
route-distinguisher 20:200
vpn-target 20:200 export-extcommunity
vpn-target 20:200 import-extcommunity
interface GigabitEthernet3/2/1.80
vlan-type dot1q vid 80
ip binding vpn-instance VPN-A
ip address 80.80.80.1 255.255.255.252
interface GigabitEthernet3/2/1.90
vlan-type dot1q vid 90
ip binding vpn-instance VPN-B
ip address 90.90.90.1 255.255.255.252
ospf 3 vpn-instance VPN-A
import-route bgp
area 0.0.0.0
network 80.80.80.0 0.0.0.3
network 192.168.0.0 0.0.0.255
ospf 4 vpn-instance VPN-B
import-route bgp
area 0.0.0.0
network 90.90.90.0 0.0.0.3
bgp 100
router-id 2.2.2.2
undo synchronization
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpn-instance VPN-A
import-route direct
import-route ospf 3
ipv4-family vpn-instance VPN-B
import-route ospf 4
ipv4-family vpnv4
peer 1.1.1.1 enable
peer 1.1.1.1 advertise-community
interface LoopBack1
ip binding vpn-instance VPN-A
ip address 192.168.0.11 255.255.255.255
1. h3c
acl number 2000
rule 1 permit ip source 171.7.7.2 0
rule 2 permit ip source 181.8.8.2 0
rule 3 deny ip source any
public-key local create rsa
ssh server enable
local-user nsgdwxb
password cipher xxxxx
service-type ssh terminal
ssh user nsgdwxb service-type stelnet authentication-type password
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh
user-role level-3
acl 2000 inbound
idle-timeout 5 0
huawei
acl number 2000
rule 1 permit ip source 171.7.7.2 0
rule 2 permit ip source 181.8.8.2 0
rule 3 deny ip source any
rsa local-key-pair create
stelnet server enable
ssh user nsgdwxb
ssh user nsgdwxb authentication-type password
ssh user nsgdwxb service-type stelnet
aaa
local-user nsgdwxb password cipher xxxxx
local-user nsgdwxb privilege level 15
local-user nsgdwxb service-type ssh
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 15
acl 2000 inbound
idle-timeout 5 0