还剩5页未读,继续阅读
文本内容:
AG开通操作指导书一简述软交换在城域网上承载是用城域网的MPLSVPN来实现的,软交换主要涉及三种业务媒体,信令和网管软交换的媒体信令都是通过NE40E或5200G和软交换侧起MPLSVPN组建VPN网络.网管由于和DSLAM网管同时管理,暂不起MPLSVPNNGN具体的网络结构图可参见城域网网管.具体的实施步骤如下:
1.在NE40E下建立各个vpn实例ipvpn-instancecnc_signal信令route-distinguisher65036:21632apply-labelper-instancevpn-target65036:21632export-extcommunityvpn-target65036:21632import-extcommunity#ipvpn-instancecnc_voice媒体route-distinguisher65036:22632apply-labelper-instancevpn-target65036:22632export-extcommunityvpn-target65036:22632import-extcommunity#ipvpn-instancecnc_nmsroute-distinguisher65036:23632apply-labelper-instancevpn-target65036:23632export-extcommunityvpn-target65036:23632import-extcommunity注:网管现在暂时没有用由于AG的网管暂时用华为的dslam网管.
2.在NE40E下建立各个vpn实例子端口每个子端口对应一个模块局按照一个模块局对应一个外层VLAN.在NE40E上要做VRRP每个外层VLAN都透传到331和枢纽楼的两个NE40E.
1.端口上要改变端口的模式.interfaceGigabitEthernet1/0/8descriptionto331_S8512_1/1/2modeuser-termination
2.建立各个子端口并起VRRP.interfaceGigabitEthernet1/0/
8.1000网管可以不用起VRRPcontrol-vid3160qinq-terminationqinqterminationpe-vid2801ce-vid1000ipbindingvpn-instancecnc_nms----------------暂时不要绑定,这样DSLAM网管可以管理到ipaddress
10.
150.
120.
1255.
255.
255.248arp-proxyinter-sub-vlan-proxyenablearpbroadcastenable网管做成qinq的形式而且可以用DSLAM网管到#interfaceGigabitEthernet1/0/
8.2801信令control-vid1qinq-terminationqinqterminationpe-vid2801ce-vid2801qinqvrrppe-vid2801ce-vid2801ipbindingvpn-instancecnc_signalipaddress
10.
3.
175.
2255.
255.
255.248vrrpvrid1virtual-ip
10.
3.
175.1------------------VRRP虚拟地址vrrpvrid1priority105---------------------------VRRP优先级.vrrpvrid1preempt-modetimerdelay100arpbroadcastenable#interfaceGigabitEthernet1/0/
8.2901媒体control-vid2qinq-terminationqinqterminationpe-vid2801ce-vid2901qinqvrrppe-vid2801ce-vid2901ipbindingvpn-instancecnc_voiceipaddress
10.
46.
157.
2255.
255.
255.248vrrpvrid2virtual-ip
10.
46.
157.1vrrpvrid2priority105vrrpvrid2preempt-modetimerdelay100traffic-policyMediainboundarp-proxyinter-sub-vlan-proxyenablearpbroadcastenable各个区县公司都把VPN实例和子端口做在5200G上.5200G操作
1.建立VPN实例同NE40Eipvpn-instancecnc_signal------------------信令route-distinguisher65036:21632vpn-target65036:21632export-extcommunityvpn-target65036:21632import-extcommunity#ipvpn-instancecnc_voice----------------------媒体route-distinguisher65036:22632vpn-target65036:22632export-extcommunityvpn-target65036:22632import-extcommunity#ipvpn-instancecnc_nms网管route-distinguisher65036:23632vpn-target65036:23632export-extcommunityvpn-target65036:23632import-extcommunity
3.建立子端口不用做VRRP但要预留地址以备以后改为VRRP一般要预留地址段的第二个和第三个地址.版本(VERSION
5.30interfaceGigabitEthernet2/0/
1.2801--------------------------信令vlan-typedot1q2801qinq-vlan2801undoshutdownipbindingvpn-instancecnc_signalipaddress
10.
150.
11.
1255.
255.
255.0interfaceGigabitEthernet2/0/
1.2901-----------------------------媒体vlan-typedot1q2801qinq-vlan2901undoshutdownipbindingvpn-instancecnc_voiceipaddress
10.
150.
11.
1255.
255.
255.0interfaceGigabitEthernet2/0/
1.1000----------------------------网管vlanvlan-typedot1q1001qinq-vlan2901undoshutdownipbindingvpn-instancecnc_voiceipaddress
10.
150.
120.
1255.
255.
255.0版本(Version
3.30interfaceGigabitEthernet2/0/
1.2801--------------------------信令qinq-vlan2551vlan-typedot1qvid2801undoshutdownipbindingvpn-instancecnc_signalipaddress
10.
3.
225.
1255.
255.
255.248interfaceGigabitEthernet2/0/
1.2901------------------媒体qinq-vlan2551vlan-typedot1qvid2901undoshutdownipbindingvpn-instancecnc_voiceipaddress
10.
46.
229.
1255.
255.
255.2488512操作如果外层VLAN在8512上起,建议外层VLAN做在模块局,如不支持就做在8512上同以前的qinq的操作
1.acl制作LinkACL40872rulesrule0permits-tag-vlan2800to3000ingressanyegressanyrule1permits-tag-vlan1000ingressanyegressany
2.下联的端口上做成hybrid端口,并起灵活的QINQ.porthybridvlan12801untaggedvlanfilterdisableflow-templateuser-definedtraffic-redirectinboundlink-group4087rule0nested-vlan2801模块局39系列交换机(如果不支持qinq,就做在8512上)[SwitchA]interfaceEthernet1/0/3[SwitchA-Ethernet1/0/3]portlink-typehybrid[SwitchA-Ethernet1/0/3-vid-1200]quit[SwitchA-Ethernet1/0/3]mac-address-mapping0source-vlan2801destination-vlan2201[SwitchA-Ethernet1/0/3]mac-address-mapping1source-vlan2901destination-vlan2201模块局35系列交换机(如果不支持qinq,就做在8512上)portlink-typehybridundoporthybridvlan1porthybridvlan32033134110001079tagged(偷传的VLAN)porthybridvlan2201untagged外层VLANdescriptionTo_SongZhuangJHDvlan-checkdisableqinqvid2201raw-vlan-idinbound28012901mac-mirroring1src-vlan28012901dest-vlan2201port-isolateenableAG接入交换机的配置
1.进入接入AG设备的端口(例如端口是interfacee1/0/1)interfacee1/0/1porttrunkpermitvlan
2801290110002.把这些VLAN偷传到上联的交换机(例如端口是interfacee1/0/24)interfacee1/0/24porttrunkpermitvlan280129011000。