想问个MPLS VPN的问题

lglglgx

RT，刚接触，有个问题，GNS3模拟，普通VPN配置好，虚拟机里新建VPN连接，输入账号密码就能通信了，那么MPLS VPN呢？虚拟机要怎么才能通信?MPLS VPN配置：http://wenku.baidu.com/view/d12d5701e87101f69e31956a.html 不胜感激



该贴已经同步到 lglglgx的微博

lglglgx

还在审核么..

lglglgx

求告知两台电脑怎么通信

lglglgx

补充：两端虚拟机，一端ping,另一端抓包，发现对端ICMP报文，但是无返回，怎么破

Dreamix.Q

mplsvpn 基于标签的

duanzhili1982

首先MPLS VPN与你说的那些IPsec的VPN建立的机制是不同的，MPLS VPN不需要进行用户民和口令的身份验证，如果你要测试效果，只需要在你两端的CE设备上各连接一台终端，然后配置想IP地址和网关，只要MPLS VPN做的没有问题，这两台设备可以直接通信的

lglglgx

duanzhili1982 发表于 2013-4-15 08:52
首先MPLS VPN与你说的那些IPsec的VPN建立的机制是不同的，MPLS VPN不需要进行用户民和口令的身份验证，如果 ...

拓扑图
配置：
Beijing-PE:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Beijing
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
ip domain name lab.local
!
ip vrf EFT
rd 1:38
route-target export 1:38
route-target import 1:38
!
mpls label protocol ldp
!
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding EFT
ip address 10.1.2.17 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 100
router-id 172.16.1.1
log-adjacency-changes
passive-interface Loopback0
network 10.1.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
!
router rip
version 2
!
address-family ipv4 vrf EFT
redistribute bgp 1 metric transparent
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 172.16.1.2 remote-as 1
neighbor 172.16.1.2 update-source Loopback0
neighbor 172.16.1.3 remote-as 1
neighbor 172.16.1.3 update-source Loopback0
neighbor 172.16.1.4 remote-as 1
neighbor 172.16.1.4 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.1.2 activate
neighbor 172.16.1.2 send-community extended
neighbor 172.16.1.3 activate
neighbor 172.16.1.3 send-community extended
neighbor 172.16.1.4 activate
neighbor 172.16.1.4 send-community extended
exit-address-family
!
address-family ipv4 vrf EFT
redistribute rip
no synchronization
exit-address-family
!
no ip http server
!
mpls ldp router-id Loopback0 force
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

复制内容到剪贴板代码:Shanghai-PE: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Shanghai ! boot-start-marker boot-end-marker ! no aaa new-model memory-size iomem 5 ! ip cef no ip domain lookup ip domain name lab.local ! ip vrf EFT rd 1:38 route-target export 1:38 route-target import 1:38 ! ip vrf MOP rd 1:78 route-target export 1:78 route-target import 1:78 ! mpls label protocol ldp ! interface Loopback0 ip address 172.16.1.2 255.255.255.255 ! interface FastEthernet0/0 ip address 10.1.1.6 255.255.255.252 duplex auto speed auto mpls ip ! interface FastEthernet1/0 ip vrf forwarding EFT ip address 10.1.2.25 255.255.255.252 duplex auto speed auto ! interface FastEthernet2/0 ip vrf forwarding MOP ip address 10.1.2.29 255.255.255.252 duplex auto speed auto ! router ospf 100 router-id 172.16.1.2 log-adjacency-changes passive-interface Loopback0 network 10.1.1.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0 ! router rip version 2 ! address-family ipv4 vrf EFT redistribute bgp 1 metric transparent network 10.0.0.0 no auto-summary version 2 exit-address-family ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 172.16.1.1 remote-as 1 neighbor 172.16.1.1 update-source Loopback0 neighbor 172.16.1.3 remote-as 1 neighbor 172.16.1.3 update-source Loopback0 neighbor 172.16.1.4 remote-as 1 neighbor 172.16.1.4 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 172.16.1.1 activate neighbor 172.16.1.1 send-community extended neighbor 172.16.1.3 activate neighbor 172.16.1.3 send-community extended neighbor 172.16.1.4 activate neighbor 172.16.1.4 send-community extended exit-address-family ! address-family ipv4 vrf MOP no synchronization exit-address-family ! address-family ipv4 vrf EFT redistribute rip no synchronization exit-address-family ! no ip http server ! mpls ldp router-id Loopback0 force ! control-plane ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! end

复制内容到剪贴板代码:中心-p: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Centre ! boot-start-marker boot-end-marker ! no aaa new-model memory-size iomem 5 ! ip cef no ip domain lookup ip domain name lab.local ! mpls label protocol ldp ! interface Loopback0 ip address 172.16.1.5 255.255.255.255 ! interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.252 duplex auto speed auto mpls ip ! interface FastEthernet1/0 ip address 10.1.1.5 255.255.255.252 duplex auto speed auto mpls ip ! interface FastEthernet2/0 ip address 10.1.1.13 255.255.255.252 duplex auto speed auto mpls ip ! interface FastEthernet3/0 ip address 10.1.1.9 255.255.255.252 duplex auto speed auto mpls ip ! router ospf 100 router-id 172.16.1.5 log-adjacency-changes passive-interface Loopback0 network 10.1.1.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0 ! no ip http server ! mpls ldp router-id Loopback0 force ! control-plane ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! end

复制内容到剪贴板代码:BJEF-CE:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BJEF
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
ip domain name lab.local
!
interface FastEthernet0/0
ip address 10.1.2.18 255.255.255.252
duplex auto
speed auto
!
interface Ethernet1/0
ip address 192.168.3.1 255.255.255.0
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
router rip
version 2
redistribute static
network 10.0.0.0
network 192.168.3.0
!
no ip http server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
SHEF-CE:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SHEF
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
interface FastEthernet0/0
ip address 10.1.2.26 255.255.255.252
duplex auto
speed auto
!
interface Ethernet1/0
ip address 192.168.1.1 255.255.255.0
half-duplex
!
interface Ethernet1/1
no ip address
shutdown
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
router rip
version 2
redistribute static
network 10.0.0.0
network 192.168.1.0
!
no ip http server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

lglglgx

自己顶一下 求大神看下配置哪有问题

duanzhili1982

建议修改上述配置的PE的BGP配置如下：
BeijingPE#sh run | b r bgp
router bgp 1
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 172.16.1.2 remote-as 1
neighbor 172.16.1.2 update-source Loopback0
!
address-family vpnv4
  neighbor 172.16.1.2 activate
  neighbor 172.16.1.2 send-community extended
exit-address-family
!
address-family ipv4 vrf EFT
  redistribute rip
  no synchronization
exit-address-family
!


=====
ShangHaiPE#sh run | b r bgp
router bgp 1
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 172.16.1.1 remote-as 1
neighbor 172.16.1.1 update-source Loopback0
!
address-family vpnv4
  neighbor 172.16.1.1 activate
  neighbor 172.16.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf EFT
  redistribute rip
  no synchronization
exit-address-family
!