二层vpn隧道配置

tangdong

总公司通过S2326接入运营商交换机S9303,分公司通过ONU接入OLT再上行到S9303，业务需求：分公司与总公司实现二层互通

S9303配置

[SZ-JD-S9303-MASTER]display current-configuration
#
!Software Version V100R006C00SPC800
sysname SZ-JD-S9303-MASTER
#
undo info-center enable
#
vlan batch 1002 to 1023 2000 to 2007 4008
#
loop-detection enable
loop-detection enable vlan 1002 to 1023
#
dba-profile default0 type3 assure 40000 max 80000
#
diffserv domain default
#
line-profile default0
#
service-profile default0
   undo fec-switch enable
#
drop-profile default
#
vlan 2000
description translation ma5680t epon 0/1/0
vlan 2001                                 
description translation ma5680t epon 0/1/1
vlan 2002
description translation ma5680t epon 0/1/2
vlan 2003
description translation ma5680t epon 0/1/3
vlan 2004
description translation ma5680t epon 0/1/4
vlan 2005
description translation ma5680t epon 0/1/5
vlan 2006
description translation ma5680t epon 0/1/6
vlan 2007
description translation ma5680t epon 0/1/7
vlan 4008
description manage-vlan
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin state block
local-user admin service-type http      
local-user tangdong password cipher 5#T(.,F8DSOQ=^Q`MAF4<1!!
local-user tangdong privilege level 15
local-user tangdong service-type telnet terminal ssh http
#
interface Vlanif4008
ip address 172.18.48.3 255.255.255.0
#
interface Ethernet0/0/0
#
interface GigabitEthernet3/0/0
description to-bas-1
port link-type trunk
port trunk allow-pass vlan 1002 to 1023 2000 to 2007 4008
stp disable
#
interface GigabitEthernet3/0/1
description to-bas-2
port link-type trunk
port trunk allow-pass vlan 1002 to 1023 2000 to 2007 4008
stp disable

#
interface GigabitEthernet3/0/6
description to-s2326
port hybrid pvid vlan 1006
port hybrid untagged vlan 1006 2005
port vlan-stacking vlan 100 stack-vlan 2005
stp disable
loop-detection mode port-shutdown
loop-detection recovery-time 30

#
interface GigabitEthernet3/0/23
description to-ma5680t
port hybrid pvid vlan 1023
port hybrid tagged vlan 2000 to 2007
port hybrid untagged vlan 1023
stp disable
loop-detection mode port-shutdown
loop-detection recovery-time 30
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 172.18.48.1
#
snmp-agent
snmp-agent local-engineid 000007DB7FFFFFFF00004760
snmp-agent community read  dong-r
snmp-agent sys-info contact shenzhen-tyw
snmp-agent sys-info location SZ-LG-BJJDHY--1L
snmp-agent sys-info version all
#
user-interface con 0
authentication-mode aaa                  
user privilege level 15
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
return



MA5680T 配置
SZ-LHBZF-OLT-1(config)#display current-configuration simple
{ <cr>|section<K>||<K> }:

  命令：
        display current-configuration simple
[MA5600V800R008: 7001]
#
[global-config]
  <global-config>
sysname SZ-LHBZF-OLT-1
terminal user name buildrun_new_password tangdong xxxxxxxx
switch adsl mode to rfc2662 vdsl mode to tr129
xpon mode switch-to profile-mode
dba-profile add profile-id 10 profile-name "ma562x" type2 assure 51200
dba-profile add profile-id 11 profile-name "f420" type3 assure 20480 max 51200
ont-lineprofile epon profile-id 1 profile-name "ma562x"
  fec enable
  llid dba-profile-id 10
  commit
ont-lineprofile epon profile-id 2 profile-name "f420"
  fec enable
  llid dba-profile-id 11
  commit                              
#
[device-config]
  <device-config>
board add 0/1 H802EPBD
board add standby
rack info 0 description "RACK-300" name "RACK-300" manufactured-name "Huawei"
system ex-mode backup
#
[public-config]
  <public-config>
snmp-agent local-engineid 800007DB030819A61980E0
snmp-agent community read dong-r
snmp-agent sys-info contact shenzhen-tyw
snmp-agent sys-info location LG-LHBZF--1L
#
[vlan-config]
  <vlan-config>
vlan 2000 to 2007 smart
vlan 4008 standard
vlan attrib 2000 to 2007 stacking
vlan forwarding 2000 vlan-connect
vlan forwarding 2001 vlan-connect
vlan forwarding 2002 vlan-connect
vlan forwarding 2003 vlan-connect     
vlan forwarding 2004 vlan-connect
vlan forwarding 2005 vlan-connect
vlan forwarding 2006 vlan-connect
vlan forwarding 2007 vlan-connect
port vlan 2000 to 2007 0/9 0
port vlan 2000 to 2007 0/9 1
port vlan 2000 to 2007 0/9 2
port vlan 2000 to 2007 0/9 3
port vlan 4008 0/9 0
port vlan 4008 0/9 1
port vlan 4008 0/9 2
port vlan 4008 0/9 3
#
[scu]
  <scu-0/9>
interface scu 0/9
auto-neg 0 disable
auto-neg 1 disable
auto-neg 2 disable
auto-neg 3 disable
#
[epon]
  <epon-0/1>
interface epon 0/1                    
port 0 ont-auto-find enable
port 1 ont-auto-find enable
port 2 ont-auto-find enable
port 3 ont-auto-find enable
port 4 ont-auto-find enable
port 5 ont-auto-find enable
port 6 ont-auto-find enable
port 7 ont-auto-find enable
ont add 5 0 loid-auth "tyw134282418279" always-on snmp ont-lineprofile-id 2
desc "ZTE-F420"
#
[emu-config]
  <emu-config>
emu add 0 fan 0 1  "H801FCBB"
#
[fan]
  <fan-0>
interface emu 0
fan speed mode manual
fan speed adjust 0
#
[bbs-config]
  <bbs-config>
service-port 3 vlan 2005 epon 0/1/5 ont 0 multi-service user-vlan other-all
tag-transform add-double inner-vlan 100 inner-priority 7
#
[abs-config]
  <abs-config>
config
#
[config]
  <config>
mpls label start 8192
#
[prevlanif]
  <prevlanif>
interface vlanif4008
#
[vlanif]
  <vlanif4008>
interface vlanif4008
description "manage-vlan"
ip address 172.18.48.2 255.255.255.0
#
[meth]
  <meth0>
interface meth0
ip address 10.11.104.2 255.255.255.0  
#
[null]
  <null0>
interface null0
#
[aaa]
  <aaa>
aaa
authentication-scheme "default"
#
authorization-scheme "default"
#
accounting-scheme "default"
#
domain "default"
#
[post-system]
  <post-system>
ip route-static 0.0.0.0 0.0.0.0 172.18.48.1
ssh user tangdong authentication-type password
#
return


S2326配置GI 0/0/2 tag上行到9303，1-24口vlan100 untag

MA5680T直接配置添加双层标签上行到9303，S9303通过对S2326的内层标签添加外层标签实现与F420互通，俗称灵活qinq

kkwdn

不错支持一下

xiasha11

很不错，可惜一般人接触不到这种设备

llong

这么好的资料，就只一个字：收

清风雨

MARK，收下了 谢谢分享