拓扑如下
如上拓扑,PC1与PC3在同一个大二层广播域,PC2与PC4在同一个大二层广播域,我们要把PC1到PC3通过vxlan做通,PC2与PC4做通。
1.接入交换机SW1配置
vlan batch 10 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
2.接入交换机2与SW1配置一样
vlan batch 10 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
CE2配置
#
vlan batch 400 500
#
bridge-domain 100 //创建桥接域100 和200 ,桥接域本地生效
vxlan vni 4000 //创建vni (即vxlan 的id) 4000和8000,后面做隧道的时候要指定它
#
bridge-domain 200
vxlan vni 8000
interface Vlanif400 //创建vlan 400
ip address 10.10.10.1 255.255.255.0
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
port link-type trunk
port trunk allow-pass vlan 400
#
interface GE1/0/1
undo shutdown
#
interface GE1/0/1.100 mode l2 在下联口上起了子接口,用于区分流量从哪个子接口上来,并
encapsulation dot1q vid 10 绑定到桥接域,其中的vid就是vlan id,本例中vlan10
bridge-domain 100
#
interface GE1/0/1.200 mode l2
encapsulation dot1q vid 20
bridge-domain 200
#
interface LoopBack0 起一个环回口,并为其配上IP
ip address 2.2.2.2 255.255.255.255
#
interface Nve1 创建vxlan隧道
source 2.2.2.2 指定源为本设备的环回地址
vni 4000 head-end peer-list 3.3.3.3 /为vni 4000做一条隧道,对端是3.3.3.3
vni 8000 head-end peer-list 3.3.3.3
#
interface NULL0
#
ospf 1 router-id 2.2.2.2 配置动态路由,便于隧道去学对端的路由
area 0.0.0.0
network 2.2.2.2 0.0.0.0 /宣告环回地址的路由
network 10.10.10.0 0.0.0.255 宣告vlan 400的路由
#
CE3的配置与CE2基本一样
#
bridge-domain 300
vxlan vni 4000
#
bridge-domain 400
vxlan vni 8000
#
aaa
interface Vlanif500
ip address 20.20.20.1 255.255.255.0
#
i
interface GE1/0/0
undo shutdown
port link-type trunk
port trunk allow-pass vlan 500
#
interface GE1/0/1
undo shutdown
#
interface GE1/0/1.1000 mode l2
encapsulation dot1q vid 10
bridge-domain 300
#
interface GE1/0/1.2000 mode l2
encapsulation dot1q vid 20
bridge-domain 400
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Nve1
source 3.3.3.3
vni 4000 head-end peer-list 2.2.2.2
vni 8000 head-end peer-list 2.2.2.2
#
interface NULL0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 20.20.20.0 0.0.0.255
#
ssh authorization-type default aaa
#
ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_
cbc aes128_cbc 3des_cbc
#
ssh server dh-exchange min-len 1024
#
ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_
cbc aes128_cbc 3des_cbc
#
user-interface con 0
#
vm-manager
#
return
CE1基本没什么配置,起两个vlan,并为到CE2和CE3的接口做trunk,开启ospf
#
vlan batch 400 500
#
interface Vlanif400
ip address 10.10.10.2 255.255.255.0
#
interface Vlanif500
ip address 20.20.20.2 255.255.255.0
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
port link-type trunk
port trunk allow-pass vlan 400 500
#
interface GE1/0/1
undo shutdown
port link-type trunk
port trunk allow-pass vlan 400 500
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface NULL0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.10.10.0 0.0.0.255
network 20.20.20.0 0.0.0.255
#
好了,配置完成
查看邻居
查看路由表
ping 测试,PC1 到 PC3
PC4到PC2
最后看一下抓包,我们先在CE2的上行口上抓从PC4到PC2过的报文,这是收到解封装前的报文
再看回去的报文,也差不多
我们最后再看一下在下行口上抓到的解封装后的报文是什么样的
如果有解释不正确的地方,请大神多多指正,感谢