华为HCIP:MPLS实验

相思难忘成疾2026-02-01 9:02

一、实验拓扑

二、实验需求

三、实验步骤

1、公网IP地址配置

bash 复制代码 
r2
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip ad 23.1.1.2 24
[r2-GigabitEthernet0/0/1]int lo 0
[r2-LoopBack0]ip ad 2.2.2.2 24
[r2-LoopBack0]q

r3
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip ad 23.1.1.3 24
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip ad 34.1.1.3 24
[r3-GigabitEthernet0/0/1]int lo0 
[r3-LoopBack0]ip ad 3.3.3.3 24
[r3-LoopBack0]q

r4
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip ad 34.1.1.4 24
[r4-GigabitEthernet0/0/0]int lo0
[r4-LoopBack0]ip ad 4.4.4.4 24
[r4-LoopBack0]int g0/0/2
[r4-GigabitEthernet0/0/2]ip ad 47.1.1.4 24
[r4-GigabitEthernet0/0/2]q

r7
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip ad 47.1.1.7 24
[r7-GigabitEthernet0/0/0]q

2、公网IGP路由协议配置

bash 复制代码 
r2
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]ar 0
[r2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[r2-ospf-1-area-0.0.0.0]q
[r2-ospf-1]q

r3
[r3]os 1 ro 3.3.3.3
[r3-ospf-1]ar 0
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]q
[r3-ospf-1]q

r4
[r4]os 1 ro 4.4.4.4
[r4-ospf-1]ar 0
[r4-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[r4-ospf-1-area-0.0.0.0]q
[r4-ospf-1]q

注:配置完成后需要检查OSPF邻居间的关系(邻居之间的状态为Full):[r3]display ospf peer brief

3、公网Mpls配置

bash 复制代码 
r2
[r2]mpls lsr-id 2.2.2.2
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2-mpls]mpls ldp
[r2-mpls-ldp]int g0/0/1
[r2-GigabitEthernet0/0/1]mpls
[r2-GigabitEthernet0/0/1]mpls ldp
[r2-GigabitEthernet0/0/1]q

r3
[r3]mpls lsr-id 3.3.3.3
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]mpls ldp
[r3-mpls-ldp]int g0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp
[r3-GigabitEthernet0/0/0]q

r4
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]mpls ldp
[r4-mpls-ldp]int g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
[r4-GigabitEthernet0/0/0]q

注:配置完成后进行检查:

方法①:检查TCP会话

方法②:查看邻居

4、Mpls-VPN配置

(1)私网A

bash 复制代码 
r2
[r2]ip vpn-instance a1    #创建名为a1的vrf空间
[r2-vpn-instance-a1]route-distinguisher 2:2	    #RD值(进入IPV4的配置模式下)
[r2-vpn-instance-a1-af-ipv4]vpn-target 2:2    #RT值 必须对端的PE端一致
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r2-vpn-instance-a1-af-ipv4]q
[r2-vpn-instance-a1]q
[r2]int g0/0/2    #绑定接口(私网与公网相连的公网设备的接口)
[r2-GigabitEthernet0/0/2]ip binding vpn-instance a1     #关联到vpn空间
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/2]ip ad 192.168.2.2 24    #配置私有ip地址
[r2-GigabitEthernet0/0/2]q

r4
[r4]ip vpn-instance a2
[r4-vpn-instance-a2]route-distinguisher 2:2
[r4-vpn-instance-a2-af-ipv4]vpn-target 2:2
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r4-vpn-instance-a2-af-ipv4]q
[r4-vpn-instance-a2]q
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance a2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/2]ip ad 192.168.3.4 24
[r4-GigabitEthernet0/0/2]q

(2)私网B

bash 复制代码 
r2
[r2]ip vpn-instance b1    #创建名为b1的vrf空间
[r2-vpn-instance-b1]route-distinguisher 1:1    #RD值(进入IPV4的配置模式下)
[r2-vpn-instance-b1-af-ipv4]vpn-target 1:1    #RT值 必须对端的PE端一致
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r2-vpn-instance-b1-af-ipv4]q
[r2-vpn-instance-b1]q
[r2]int g0/0/0    #绑定接口(私网与公网相连的公网设备的接口)
[r2-GigabitEthernet0/0/0]ip binding vpn-instance b1    #关联到vpn空间
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/0]ip ad 192.168.2.2 24    #配置私有ip地址
[r2-GigabitEthernet0/0/0]q

r4
[r4]ip  vpn-instance b2
[r4-vpn-instance-b2]route-distinguisher 1:1
[r4-vpn-instance-b2-af-ipv4]vpn-target 1:1
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r4-vpn-instance-b2-af-ipv4]q
[r4-vpn-instance-b2]q
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance b2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/1]ip ad 192.168.3.4 24
[r4-GigabitEthernet0/0/1]q

注:因为r2的g0/0/0接口绑定在VPN空间,因此r2 ping r1不通,但是r1 ping r2 能通

例如:[r2]ping -vpn-instance b1 192.168.2.1可使r2 ping r1 通

5、私网IP地址配置

bash 复制代码 
r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip ad 192.168.2.1 24
[r1-GigabitEthernet0/0/0]int lo0
[r1-LoopBack0]ip ad 192.168.1.1 24
[r1-LoopBack0]q

r5
[r5]int g0/0/0
[r5-GigabitEthernet0/0/0]ip ad 192.168.3.5 24
[r5-GigabitEthernet0/0/0]int lo0
[r5-LoopBack0]ip ad 192.168.4.1 24
[r5-LoopBack0]q


r6
[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ip ad 192.168.2.6 24
[r6-GigabitEthernet0/0/0]int lo0
[r6-LoopBack0]ip ad 192.168.1.1 24
[r6-LoopBack0]q

r7
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip ad 192.168.3.7 24
[r7-GigabitEthernet0/0/0]int g0/0/1
[r7-GigabitEthernet0/0/1]ip ad 47.1.1.7 24
[r7-GigabitEthernet0/0/1]int lo0
[r7-LoopBack0]ip ad 192.168.4.2 24
[r7-LoopBack0]q

6、R1和R5编写静态路由

bash 复制代码 
r1
[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2

r2
[r2]ip route-static vpn-instance b1 192.168.1.0 24 192.168.2.1

r5
[r5]ip route-static 192.168.1.0 24 192.168.3.4
[r5]ip route-static 192.168.2.0 24 192.168.3.4

r4
[r4]ip route-static vpn-instance b2 192.168.4.0 24 192.168.3.5

7、R2和R4间建立BPG邻居关系

bash 复制代码 
r2
#公有
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as-number 1
[r2-bgp]peer 4.4.4.4 connect-interface lo0
#VPN空间
[r2-bgp]ipv4-family vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable 
[r2-bgp-af-vpnv4]q
[r2-bgp]q

r4
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface lo0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable 
[r4-bgp-af-vpnv4]q
[r4-bgp]q

查看r2上bgp邻居(上为公有,下为VPN空间)

8、宣告路由

bash 复制代码 
r2
#私网A
[r2]rip 1 vpn-instance a1
[r2-rip-1]v 2
[r2-rip-1]network 192.168.2.0
[r2-rip-1]q
#私网B
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b1
[r2-bgp-b1]import-route static 
[r2-bgp-b1]import-route direct 
[r2-bgp-b1]q
[r2-bgp]q

r4
#私网A
[r4]ospf 2 vpn-instance a2
[r4-ospf-2]ar 0
[r4-ospf-2-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[r4-ospf-2-area-0.0.0.0]q
[r4-ospf-2]q
#私网B
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b2
[r4-bgp-b2]import-route static 
[r4-bgp-b2]import-route direct 
[r4-bgp-b2]q
[r4-bgp]q

r6
[r6]rip 1 
[r6-rip-1]v 2
[r6-rip-1]network 192.168.1.0	
[r6-rip-1]network 192.168.2.0
[r6-rip-1]q

r7
[r7]os 1 ro 7.7.7.7
[r7-ospf-1]ar 0
[r7-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[r7-ospf-1-area-0.0.0.0]network 192.168.4.2 0.0.0.0
[r7-ospf-1-area-0.0.0.0]q
[r7-ospf-1]q

9、启动标签调用隧道功能

bash 复制代码 
r2
[r2]route recursive-lookup tunnel 

r4
[r4]route recursive-lookup tunnel

10、双向重发布

bash 复制代码 
r2
[r2]rip vpn-instance a1	
[r2-rip-1]import-route bgp
[r2-rip-1]q
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a1
[r2-bgp-a1]import-route rip 1
[r2-bgp-a1]q
[r2-bgp]q

r4
[r4]ospf 2 vpn-instance a2
[r4-ospf-2]import-route bgp
[r4-ospf-2]q
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance a2
[r4-bgp-a2]import-route ospf 2
[r4-bgp-a2]q
[r4-bgp]q

11、r4和r7公网连接

bash 复制代码 
r4
[r4]int g4/0/0
[r4-GigabitEthernet4/0/0]ip ad 47.1.1.4 24
[r4-GigabitEthernet4/0/0]q
[r4]ospf 1
[r4-ospf-1]ar 0
[r4-ospf-1-area-0.0.0.0]network 47.1.1.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]q
[r4-ospf-1]silent-interface g4/0/0
[r4-ospf-1]q

r7
[r7]ip route-static 0.0.0.0 0 47.1.1.4

四、实验结果测试

1、R1可以访问R5但是不能访问R7

2、R6可以访问R7但是不能访问R5

3、R7可以访问公网环回

附:查看VPN空间相关信息的命令

bash 复制代码 
#查看VPN空间bgp邻居表
[r2]dis bgp vpnv4 all peer
#查看VPN空间路由表
[r2]dis ip routing-table vpn-instance b1
#查看VPN空间bgp路由表
[r2]dis bgp vpnv4 vpn-instance b1 routing-table 
#查看VPN空间fib表
[r2]dis fib vpn-instance b1
相关推荐
星辰徐哥14 小时前
C语言网络编程入门:socket编程、TCP/IP协议、客户端与服务器通信的实现
c语言·网络·tcp/ip
清漠23314 小时前
win11“网络和Internet“中无“以太网“这个选项解决记录
服务器·网络·数据库
意疏14 小时前
技术党必看:节点小宝网关模式上线,无需客户端享远程访问,附新春抽NAS奖攻略
网络·智能路由器·节点小宝
时空潮汐14 小时前
神卓N600 NAS远程访问实用指南(两篇)
网络·神卓nas·神卓n600 pro·家庭轻nas
清清&14 小时前
【网络】一文读懂HTTPS协议
网络·https·智能路由器
sg_knight14 小时前
如何为 Claude Code 配置代理与网络环境
网络·ai·大模型·llm·claude·code·claude-code
袁小皮皮不皮14 小时前
数据通信20-IPv6基础
运维·服务器·网络·网络协议·智能路由器
时空潮汐15 小时前
nas远程访问专用设备
网络·智能路由器·神卓nas·神卓n600 pro·家庭轻nas
Swift社区15 小时前
鸿蒙 PC 架构的终点:工作流
华为·harmonyos
零基础的修炼18 小时前
Linux网络---数据链路层
linux·服务器·网络
热门推荐
01GitHub 镜像站点02如何解决 OpenClaw “Pairing required” 报错:两种官方解决方案详解03Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services04AI Agent 平台横评:ZeroClaw vs OpenClaw vs Nanobot05全面体验 Grok API 中转站(2025 · Grok 4 系列最新版)06MIUI显示/隐藏5G开关的方法,信号弱时开启手机Wifi通话方法07openClaw安装飞书插件|核心踩坑:spawn EINVAL 错误终极解决指南08配置 OpenClaw 使用 Ollama 本地模型09Tripo AI:构建游戏就绪的3D资产10从零搭建一个 PHP 登录注册系统(含完整源码)