CCNP-第十六篇-VXLAN(二)+端口镜像
这一篇主要搞vxlan的实操演示
VXLAN演示
正常的ensp里面应该是没这个镜像的
要用到这个CE12800
我这有,可以提供给大家使用
链接:https://pan.baidu.com/s/1nqGo8a7mmWpthu-CuBC80Q?pwd=cjnb
提取码:cjnb
这玩意要手动导入到ENSP里面去
我32g的电脑,开机都等了几分钟,但是不会太影响使用,就是开机慢
不要看图片的VLAN,左边的PC对应VLAN为100,右边为200
最上面的左边VLAN为10,右边为20
至于最上面的underlay就没什么关系了,随便写
顺带讲一下
在华为的CE级设备中
进入了sys之后,他这会多了一个波浪号
意思是做的所有配置不生效
为什么呢,怕你做的有问题,得commit後提交,才能生效
CE:企业边界设备,也可用于数据中心边界
当然也有解决办法
这样的意思是立刻进入生效视图,做什么命令就跟平时的一样了
下联那个接口做子接口,是用来给VLAN去标签的
然后只能启2层的子接口,因为上面已经配置了IP是三层的了
给底层去标签
首先提前做好VXLAN和BD
请注意,连接vswitch的接口不需要任何配置,打开接口即可!VLAN对应的是Vswitch的VLAN
在这个点,有多少VLAN,就有多少子接口,这个工程也是够大的
子接口的作用仅仅是给下面的VLAN解封装
建隧道,tunnel(VPET)
各自的工作都做好了,那就差建隧道了,那不就来了嘛
这个过程很像写tunnel,但是,不需要写目的地
各设备配置如下
对应此图片
[CE1]dis current-configuration
!Software Version V800R013C00SPC560B560
!Last configuration was updated at 2022-02-21 00:25:00+00:00
!Last configuration was saved at 2022-02-20 23:59:09+00:00
#
sysname CE1
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
vlan batch 10
#
bridge-domain 1000
vxlan vni 1000
#
vni 1000
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
#
interface GE1/0/0.10 mode l2
encapsulation dot1q vid 100
bridge-domain 1000
#
interface GE1/0/1
undo shutdown
port default vlan 10
#
interface GE1/0/2
undo shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.0
#
interface Nve1
source 1.1.1.1
vni 1000 head-end peer-list 3.3.3.3
#
interface NULL0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
ssh authorization-type default aaa
#
user-interface con 0
#
port-group lin
#
vm-manager
#
return
[CE1]dis ip int br
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol VPN
LoopBack0 1.1.1.1/24 up up(s) --
MEth0/0/0 unassigned up down --
NULL0 unassigned up up(s) --
Vlanif10 10.1.1.1/24 up up --
[CE1]dis ip rout
[CE1]dis ip routing-table
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 LoopBack0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
3.3.3.3/32 OSPF 10 2 D 10.1.1.2 Vlanif10
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
20.1.1.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[CE1]
[CE1]
[CE1]
[CE1]
[CE1]
[CE1]
[CE2]dis current-configuration
!Software Version V800R013C00SPC560B560
!Last configuration was updated at 2022-02-21 00:42:44+00:00
!Last configuration was saved at 2022-02-20 23:58:52+00:00
#
sysname CE2
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
vlan batch 20
#
bridge-domain 2000
vxlan vni 1000
#
vni 1000
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
port default vlan 20
#
interface GE1/0/1
undo shutdown
#
interface GE1/0/1.1 mode l2
encapsulation dot1q vid 200
bridge-domain 2000
#
interface GE1/0/2
undo shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.0
#
interface Nve1
source 3.3.3.3
vni 1000 head-end peer-list 1.1.1.1
#
interface NULL0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
ssh authorization-type default aaa
#
user-interface con 0
#
vm-manager
#
return
[CE2]
[CE2]
[CE2]dis ip int br
[CE2]dis ip int brief
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol VPN
LoopBack0 3.3.3.3/24 up up(s) --
MEth0/0/0 unassigned up down --
NULL0 unassigned up up(s) --
Vlanif20 20.1.1.1/24 up up --
[CE2]
[CE2]
[CE2]dis ip rougt
[CE2]dis ip rou
[CE2]dis ip routing-table
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 2 D 20.1.1.2 Vlanif20
3.3.3.0/24 Direct 0 0 D 3.3.3.3 LoopBack0
3.3.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
3.3.3.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.1.1.0/24 OSPF 10 2 D 20.1.1.2 Vlanif20
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif20
20.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
20.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[CE2]
[ZHONGXIN]dis ip int br
[ZHONGXIN]dis ip int brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned down down
Vlanif10 10.1.1.2/24 up up
Vlanif20 20.1.1.2/24 up up
[ZHONGXIN]dis ip rout
[ZHONGXIN]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 1 D 10.1.1.1 Vlanif10
3.3.3.3/32 OSPF 10 1 D 20.1.1.1 Vlanif20
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10
10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10
20.1.1.0/24 Direct 0 0 D 20.1.1.2 Vlanif20
20.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[ZHONGXIN]
[ZHONGXIN]dis cu
[ZHONGXIN]dis current-configuration
#
sysname ZHONGXIN
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
Feb 21 2022 00:48:22-08:00 ZHONGXIN DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011
.5.25.191.3.1 configurations have been changed. The current change number is 1,
the change loop count is 0, and the maximum number of records is 4095.interface
Vlanif1
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
#
return
[ZHONGXIN]
剩下的不贴上来了,左边为VLAN100右边为VLAN200
然后上行口是Trunk放行全部
PC就对应左右各一个同网段IP就没了
在CE设备上是可以看到两个PC的MAC地址的
这个就是VXLAN的演示效果
SPAN-端口镜像(官网叫分析器)
但是,镜像是非常消耗设备内存的,搞不好会搞的低性能的设备宕机
操作方法
思科
这个比较常用,特别在安全领域
所以思科和华为都演示一下
手动指定源和目的,就完事了.
RSPAN配置仅做展示,不做演示
其实这个很麻烦,因为这个会要求每一台设备都有相同的remote-vlan,先不说浪不浪费,就挺麻烦的.
ERSPAN,这个也无法演示
这个要求的硬件性能很高,我这没有这个的ISO,所以只能给出配置了,一般也用不到,一般这些高端设备都是用在数据中心,IDC的
注:这个只是配置模板,实际请自己修改.建立与互通的前提下
附带一句,这里的技术有人会觉得归属NA,会有人觉得归属NP,也会有人觉得归属IE,我这个只是自我感觉的定义哈
