CX600配置手册Word格式文档下载.docx
《CX600配置手册Word格式文档下载.docx》由会员分享,可在线阅读,更多相关《CX600配置手册Word格式文档下载.docx(11页珍藏版)》请在冰豆网上搜索。
authentication-modelocalradius
#
authorization-schemedefault
accounting-schemedefault0
accounting-schemedefault1
domaindefault0
domaindefault1
domaindefault_admin
1.3NTP配置
NTP配置:
配置ntpserver;
ntpserver指向所连的B设备;
要求在设备上调整为北京时区东8区:
ntp-serviceaccesspeer2004
ntp-serviceunicast-server120.40.64.126source-interfaceLoopBack0preference
ntp-serviceunicast-server120.40.64.127source-interfaceLoopBack0
clocktimezoneTIMEadd8//配置系统时区
clockdatetime09:
10:
002012-05-10
1.4SNMP配置
SNMP配置:
配置基本snmp命令;
配置snmpRO和RW方式(实际配置由网管下发);
Community全省统一且不区分设备:
snmp-agent
snmp-agentsys-infoversionall
snmp-agentmib-viewincludediso-viewiso
snmp-agentcommunityreadcipherHuawei123!
mib-viewiso-view
snmp-agentcommunitywritecipherHuawei@123mib-viewiso-view
snmp-agenttrapenable
snmp-agenttrapsourceLoopBack32
snmp-agenttarget-hosttrapaddressudp-domain4.60.9.4paramssecuritynameHuawei@123v2cprivate-netmanagerext-vb
setnet-managervpn-instanceCTVPN193-GX
1.5设备管理配置
设备管理配置:
开启telnet服务:
user-interfacemaximum-vty15
user-interfacevty014
authentication-modeaaa
userprivilegelevel3
idle-timeout50
2.接口配置
2.1ip地址配置
ip地址配置:
基本ipv4地址配置命令;
接口命名描述:
interfaceGigabitEthernet1/0/5.3
vlan-typedot1q3
descriptiondT:
NN-WXP-A-1.MCN.ATN950()GE2/0/0
undoshutdown
ipaddress3.61.3.61255.255.255.252
2.2mtu配置
mtu配置:
说明厂家默认接口mtu大小;
以及mtu配置命令:
interfaceGigabitEthernet1/0/5
MTU2000
3.ISIS路由协议
3.1isis进程
isis进程:
B设备配置一个isis进程、进程号115;
isis运行在level-2环境中;
NetID参见《越河电信ip-ran部署策略规范指导》isis部分;
lspgenerationinterval/LSPwait:
max:
1s、initial1ms、second20ms;
SPFdealy/interval/waittimer:
Max:
1s;
initial:
100ms;
second:
LSPLifeTime/Maxage:
65535:
LSPrefreshinterval:
32768s:
isis100
is-levellevel-2
cost-stylewide
timerlsp-generation1120level-2
flash-flood15level-2
network-entity86.4603.0591.1200.4006.4097.00
is-nameFZ-GL-HL-ASG-1.M2N.CX600
preference25
timerspf1100100
log-peer-change
timerlsp-max-age65535
timerlsp-refresh32768
set-overloadon-startup300
3.2isismetric
isismetric:
ER-ER设备:
100;
B-ER设备:
1500:
InterfaceEth-trunk1//B-ER
Isiscost1500
InterfaceEth-trunk2//ER-ER
Isiscost100
3.3isis接口
isis接口:
loopback接口通过passive方式公告;
在需要建立isis邻居接口上使能isis协议;
:
Intefaceloopback10
Isis
Isissilent
Isiscircuit-levellevel-2
4.BGP路由协议
4.1AS号
AS号:
ER设备AS号采用南宁AS64820:
bgp64820
router-id120.40.64.97
4.2BGPneighbor配置
1、RR配置
BGPneighbor:
ER设备与同城网内的B和EPCCE设备建立VPNV4邻居,不建立IPV4邻居,以64640作为Cluster-id,对同城网内的B和EPCCE设备启用路由反射器配置。
ER与同城另一台ER之间互为IBGP邻居且互为RR的Client。
关闭Dampen加快收敛;
Timer:
keeplive30s,holdtime90s;
打开BGP多路径E/IGPmaximum-path8
router-id120.40.64.97
peerpgBenable
peerpgBroute-policyrp_toSRexport
peerpgBreflect-client//创建对等体组,且配置反射器客户端属性,此对等体组主要用
户CR与SR的建IBGP用。
peerpgBnext-hop-local
peer120.40.64.122enable
peer120.40.64.122grouppgB
#
ipv4-familyunicast
undosynchronization
reflectorcluster-id64820
undopeer120.40.64.122enable
ipv4-familyvpnv4
peer120.40.64.122next-hop-local
peer120.40.64.122advertise-community
#
ipv4-familyvpn-instanceCTVPN193-GX
import-routedirect
import-routeospf32
ipv4-familyvpn-instanceCDMA-RAN
import-routestatic
2、EBGP配置
在IPV4vrf下使用loopback100与CN2建立EBGP连接,loopback100地址间互通配置采用BFD+静态路由;
启用BFD关联EBGP实现快速故障发现;
EPCCE/ER按白名单方式向CN2VPN发本地VPN汇总路由A,按需发送明细路由;
实现流量流向调整EPCCE/ER按黑名单方式拒收缺省路由,按需增加黑名单路由;
EBGP不做MD5认证;
EBGP设置ebgp-multihop2
bfdtoCN2bindpeer-ip10.11.21.2vpn-instanceIPRANsource-ip10.11.21.1
discriminatorlocal300
discriminatorremote300
commit
ipip-prefixnodefaultindex10deny0.0.0.00
ipip-prefixnodefaultindex20permit0.0.0.00less-equal32
route-policynodefaultpermitnode10
if-matchip-prefixnodefault
ipip-prefixaggregateindex10permit192.168.1.023greater-equal23less-equal32
route-policyaggregatepermitnode10
if-matchip-prefixaggregate
iproute-staticvpn-instanceIPRAN21.21.21.21255.255.255.25510.11.21.2trackbfd-sessiontoCN2
peerX.X.X.Xconnect-interfaceloopback100
peerX.X.X.Xas-numberX
peerX.X.X.Xebgp-max-hop2
peerX.X.X.Xroute-policynodefaultimport
aggregate192.168.0.0255.255.0.0detail-suppressedsuppress-policyaggregate
peerX.X.X.Xconnect-interfaceloopback100
peerX.X.X.Xebgp-max-hop2
第二部分:
设备业务配置
5.MPLSVPN配置
5.1mpls基本配置
mpls基本配置:
启用mpls协议;
mpls标签协议采用ldp;
mpls标签分配只针对设备loopback地址;
RANVPNRD4134:
3050和4134:
3150,export/import均为4134:
305000;
CTVPN193-GX做为A/B设备的网管通道越河省RD为4134:
1621
B设备做为分支节点RT设置如下:
import4134:
162100export4134:
162101
CTVPN194做为基站动环监控互联;
RD为4134:
3070
307000export4134:
307001:
在相应的vpn接口下配置vpn实例;
bfdforLDP检测时间间隔为3*50ms:
ipvpn-instanceCTVPN193-GX
ipv4-family
route-distinguisher4134:
1621
vpn-target4134:
162100export-extcommunity
162101import-extcommunity
ipvpn-instanceCDMA-RAN//双RD另一侧的B设备rd为4134:
3150
3050
305000export-extcommunity
305000import-extcommunity
apply-labelper-instance
mplslsr-id120.40.64.97
mpls
mplste
labeladvertisenon-null
mplsbfdenable
mplsbfd-triggerfec-listRSG
mplsbfdmin-tx-interval50min-rx-interval50
mplsldp
5.2mpls接口启用
mpls接口启用:
在设备互联接口上启用mpls协议:
InterfaceG1/0/1
Mpls
Mplsldp
6.BFD配置
6.1vpn实例接口
Bfdforisis:
isis邻居bfd检测时间间隔为3*50ms:
Isis115
bfdall-interfacesenable
bfdall-interfacesmin-tx-interval30min-rx-interval30frr-binding
升级会员 