[x]

MPLS L3VPN configuration examples > Configuring multirole host

 

 Next

Configuring multirole host

Network requirements

Configure the multirole host feature to allow Host A to access VPN 1 and VPN 2 and Host B to access only VPN 1.

Figure 80: Network diagram

Configuration procedure

  1. Configure CE 1:

    # Configure IP addresses for interfaces.

    <CE1> system-view
[CE1] interface gigabitethernet 2/1/1
[CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24
[CE1-GigabitEthernet2/1/1] quit
[CE1] interface serial 2/1/0
[CE1-Serial2/1/0] ip address 1.1.1.2 24
[CE1-Serial2/1/0] quit

    # Configure a default route to PE 1.

    [CE1] ip route-static 0.0.0.0 0 1.1.1.1

  2. Configure PE 1:

    # Create VPN instances vpn1 and vpn2 for VPN 1 and VPN 2, respectively, and configure different RDs and route targets for the VPN instances.

    <PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 100:2 both
[PE1-vpn-instance-vpn2] quit

    # Associate VPN instance vpn1 with Serial 2/1/1 (the interface connected to CE 1).

    [PE1] interface serial 2/1/1
[PE1-Serial2/1/1] ip binding vpn-instance vpn1
[PE1-Serial2/1/1] ip address 1.1.1.1 255.255.255.0
[PE1-Serial2/1/1] quit

    # Configure a static route for VPN 2 to reach Host A and redistribute the route to BGP. This configuration ensures that packets from VPN 2 to Host A can be forwarded through the correct route in the routing table of VPN instance vpn1.

    [PE1] ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 1.1.1.2
[PE1] bgp 100
[PE1-bgp-default] ip vpn-instance vpn2
[PE1-bgp-default-vpn2] address-family ipv4
[PE1-bgp-default-ipv4-vpn2] import-route static
[PE1-bgp-default-ipv4-vpn2] quit
[PE1-bgp-default-vpn2] quit
[PE1-bgp-default] quit

    # Configure PBR to route packets from Host A according to the routing tables of both VPN instances vpn1 and vpn2.

    [PE1] acl advanced 3001
[PE1-acl-ipv4-adv-3001] rule 0 permit ip vpn-instance vpn1 source 100.1.1.2 0
[PE1-acl-ipv4-adv-3001] quit
[PE1] policy-based-route policy1 permit node 10
[PE1-policy-based-route] if-match acl 3001
[PE1-policy-based-route] apply access-vpn vpn-instance vpn1 vpn2
[PE1-policy-based-route] quit

    # Apply policy policy1 to Serial 2/1/1.

    [PE1] interface serial 2/1/1
[PE1-Serial2/1/1] ip policy-based-route policy1

  3. Configure basic MPLS L3VPN. (Details not shown.)

Verifying the configuration

# Verify that Host A can ping Host C, and that Host B cannot ping Host C. (Details not shown.)

prev

 

up

 next

Configuring nested VPN 

home

 Configuring HoVPN

© Copyright 2017 Hewlett Packard Enterprise Development LP