模拟器拓扑图Leaf1配置脚本LEAF_01dis cu!Software Version V200R005C10SPC607B607!Last configuration was updated at 2026-03-19 10:44:0400:00!Last configuration was saved at 2026-03-19 11:54:2100:00#sysname LEAF_01#device board 17 board-type CE-MPUBdevice board 1 board-type CE-LPUE#stp mode rstpstp v-stp enablestp bpdu-protectionstp tc-protection#evpn-overlay enable#ip vpn-instance vpc1ipv4-familyroute-distinguisher 6:5002vpn-target 0:5002 export-extcommunityvpn-target 0:5002 export-extcommunity evpnvpn-target 0:5002 import-extcommunityvpn-target 0:5002 import-extcommunity evpnvxlan vni 5002#bridge-domain 5001vxlan vni 5003evpnroute-distinguisher 6:5003vpn-target 0:5002 export-extcommunityvpn-target 0:5003 export-extcommunityvpn-target 0:5003 import-extcommunityinterface Vbdif5001description logicswitch_1300ip binding vpn-instance vpc1ip address 192.168.10.254 255.255.255.0arp broadcast-detect enablemac-address 0000-5e00-0020vxlan anycast-gateway enablearp collect host enable##interface GE1/0/0undo portswitchundo shutdownip address 192.168.3.2 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 800000#interface GE1/0/1undo shutdown#interface GE1/0/1.2000 mode l2encapsulation dot1q vid 1300bridge-domain 5001#interface LoopBack0description VTEP-IPip address 192.168.6.2 255.255.255.255#interface LoopBack1description Router-ID/BGP-Peer-IP/DFS-Groupip address 192.168.7.3 255.255.255.255#interface Nve1source 192.168.6.2vni 5003 head-end peer-list protocol bgp#interface NULL0#bgp 100router-id 192.168.7.3undo default ipv4-unicastpeer 192.168.7.1 as-number 100peer 192.168.7.1 connect-interface LoopBack1peer 192.168.7.2 as-number 100peer 192.168.7.2 connect-interface LoopBack1#ipv4-family unicastundo peer 192.168.7.1 enableundo peer 192.168.7.2 enable#ipv4-family vpn-instance vpc1default-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#l2vpn-family evpnpolicy vpn-targetpeer 192.168.7.1 enablepeer 192.168.7.1 advertise irbpeer 192.168.7.1 advertise irbv6peer 192.168.7.2 enablepeer 192.168.7.2 advertise irbpeer 192.168.7.2 advertise irbv6#ospf 1 router-id 192.168.7.3bfd all-interfaces enablebfd all-interfaces min-tx-interval 500 min-rx-interval 500lsa-arrival-interval intelligent-timer 50 50 50area 0.0.0.0network 192.168.3.0 0.0.0.3network 192.168.3.16 0.0.0.3network 192.168.6.2 0.0.0.0network 192.168.7.3 0.0.0.0#returnLeaf3配置脚本LEAF_03 dis cu!Software Version V200R005C10SPC607B607!Last configuration was updated at 2026-03-19 10:56:5500:00!Last configuration was saved at 2026-03-19 11:54:1900:00#sysname LEAF_03#device board 17 board-type CE-MPUBdevice board 1 board-type CE-LPUE#stp mode rstpstp v-stp enablestp bpdu-protectionstp tc-protection#evpn-overlay enable#ip vpn-instance vpc1ipv4-familyroute-distinguisher 4:5002vpn-target 0:5002 export-extcommunityvpn-target 0:5002 export-extcommunity evpnvpn-target 0:5002 import-extcommunityvpn-target 0:5002 import-extcommunity evpnvxlan vni 5002#bridge-domain 5001vxlan vni 5003evpnroute-distinguisher 4:5003vpn-target 0:5002 export-extcommunityvpn-target 0:5003 export-extcommunityvpn-target 0:5003 import-extcommunity#bridge-domain 5002vxlan vni 5004evpnroute-distinguisher 4:5004vpn-target 0:5002 export-extcommunityvpn-target 0:5004 export-extcommunityvpn-target 0:5004 import-extcommunity##interface Vbdif5001description logicswitch_1300ip binding vpn-instance vpc1ip address 192.168.10.254 255.255.255.0arp broadcast-detect enablemac-address 0000-5e00-0020vxlan anycast-gateway enablearp collect host enable#interface Vbdif5002description logicswitch_1301ip binding vpn-instance vpc1ip address 192.168.20.254 255.255.255.0arp broadcast-detect enablemac-address 0000-5e00-0021vxlan anycast-gateway enablearp collect host enable#interface MEth0/0/0undo shutdown#interface GE1/0/0undo portswitchundo shutdownip address 192.168.3.10 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 800000#interface GE1/0/1undo shutdown#interface GE1/0/1.2000 mode l2encapsulation dot1q vid 1300bridge-domain 5001#interface GE1/0/1.2001 mode l2encapsulation dot1q vid 1301bridge-domain 5002#interface LoopBack0description VTEP-IPip address 192.168.6.3 255.255.255.255#interface LoopBack1description Router-ID/BGP-Peer-IP/DFS-Groupip address 192.168.7.5 255.255.255.255#interface Nve1source 192.168.6.3vni 5003 head-end peer-list protocol bgpvni 5004 head-end peer-list protocol bgp#interface NULL0#bgp 100router-id 192.168.7.5undo default ipv4-unicastpeer 192.168.7.1 as-number 100peer 192.168.7.1 connect-interface LoopBack1peer 192.168.7.2 as-number 100peer 192.168.7.2 connect-interface LoopBack1#ipv4-family unicastundo peer 192.168.7.1 enableundo peer 192.168.7.2 enable#ipv4-family vpn-instance vpc1default-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#l2vpn-family evpnpolicy vpn-targetpeer 192.168.7.1 enablepeer 192.168.7.1 advertise irbpeer 192.168.7.1 advertise irbv6peer 192.168.7.2 enablepeer 192.168.7.2 advertise irbpeer 192.168.7.2 advertise irbv6#ospf 1 router-id 192.168.7.5bfd all-interfaces enablebfd all-interfaces min-tx-interval 500 min-rx-interval 500lsa-arrival-interval intelligent-timer 50 50 50area 0.0.0.0network 192.168.3.8 0.0.0.3network 192.168.3.24 0.0.0.3network 192.168.6.3 0.0.0.0network 192.168.7.5 0.0.0.0#returnSpine1配置脚本!Software Version V200R005C10SPC607B607!Last configuration was updated at 2026-03-19 11:00:3500:00!Last configuration was saved at 2026-03-19 12:11:3800:00#sysname SPINE_01#device board 17 board-type CE-MPUBdevice board 1 board-type CE-LPUE#stp mode rstpstp v-stp enablestp bpdu-protectionstp tc-protection#evpn-overlay enable#ip vpn-instance Externalipv4-familyroute-distinguisher 2:5000vpn-target 0:5000 export-extcommunityvpn-target 0:5000 export-extcommunity evpnvpn-target 0:5000 import-extcommunityvpn-target 0:5000 import-extcommunity evpnvxlan vni 5000#ip vpn-instance vpc1ipv4-familyroute-distinguisher 2:5002vpn-target 0:5002 export-extcommunityvpn-target 0:5002 export-extcommunity evpnvpn-target 0:5002 import-extcommunityvpn-target 0:5002 import-extcommunity evpnvxlan vni 5002#bridge-domain 5000vxlan vni 5001evpnroute-distinguisher 2:5001vpn-target 0:5001 export-extcommunityvpn-target 0:5000 export-extcommunityvpn-target 0:5001 import-extcommunity#bridge-domain 5003vxlan vni 5005evpnroute-distinguisher 2:5005vpn-target 0:5002 export-extcommunityvpn-target 0:5005 export-extcommunityvpn-target 0:5005 import-extcommunity#bridge-domain 5004vxlan vni 5006evpnroute-distinguisher 2:5006vpn-target 0:5000 export-extcommunityvpn-target 0:5006 export-extcommunityvpn-target 0:5006 import-extcommunity#interface Vbdif5000ip binding vpn-instance Externalip address 100.1.2.1 255.255.255.252arp broadcast-detect enablemac-address 0000-5e00-0023vxlan anycast-gateway enablearp collect host enable#interface Vbdif5003ip binding vpn-instance vpc1ip address 10.1.1.1 255.255.255.252arp broadcast-detect enablemac-address 0000-5e00-0024vxlan anycast-gateway enablearp collect host enable#interface Vbdif5004ip binding vpn-instance Externalip address 10.1.1.1 255.255.255.252arp broadcast-detect enablemac-address 0000-5e00-0023vxlan anycast-gateway enablearp collect host enable#interface MEth0/0/0undo shutdown#interface GE1/0/0undo portswitchundo shutdownip address 192.168.3.1 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 780000#interface GE1/0/1undo portswitchundo shutdownip address 192.168.3.9 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 780000#interface GE1/0/2undo shutdown#interface GE1/0/2.2000 mode l2encapsulation dot1q vid 2000bridge-domain 5003#interface GE1/0/2.2001 mode l2encapsulation dot1q vid 2001bridge-domain 5004#interface GE1/0/3undo shutdown#interface GE1/0/3.2000 mode l2encapsulation dot1q vid 1399bridge-domain 5000#interface LoopBack0description VTEP-IPip address 192.168.6.1 255.255.255.255#interface LoopBack1description Router-ID/BGP-Peer-IP/DFS-Groupip address 192.168.7.1 255.255.255.255#interface Nve1source 192.168.6.1vni 5001 head-end peer-list protocol bgpvni 5005 head-end peer-list protocol bgpvni 5006 head-end peer-list protocol bgp#interface NULL0#bgp 100router-id 192.168.7.1undo default ipv4-unicastpeer 192.168.7.3 as-number 100peer 192.168.7.3 connect-interface LoopBack1peer 192.168.7.5 as-number 100peer 192.168.7.5 connect-interface LoopBack1#ipv4-family unicastundo peer 192.168.7.3 enableundo peer 192.168.7.5 enable#ipv4-family vpn-instance Externaldefault-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#ipv4-family vpn-instance vpc1default-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#l2vpn-family evpnundo policy vpn-targetpeer 192.168.7.3 enablepeer 192.168.7.3 advertise irbpeer 192.168.7.3 advertise irbv6peer 192.168.7.3 reflect-clientpeer 192.168.7.5 enablepeer 192.168.7.5 advertise irbpeer 192.168.7.5 advertise irbv6peer 192.168.7.5 reflect-client#ospf 1 router-id 192.168.7.1bfd all-interfaces enablebfd all-interfaces min-tx-interval 500 min-rx-interval 500lsa-arrival-interval intelligent-timer 50 50 50area 0.0.0.0network 192.168.3.0 0.0.0.3network 192.168.3.4 0.0.0.3network 192.168.3.8 0.0.0.3network 192.168.3.12 0.0.0.3network 192.168.6.1 0.0.0.0network 192.168.7.1 0.0.0.0#ip route-static vpn-instance External 0.0.0.0 0.0.0.0 100.1.2.2 tag 1000ip route-static vpn-instance External 10.10.10.1 255.255.255.255 10.1.1.2ip route-static vpn-instance External 10.10.10.2 255.255.255.254 10.1.1.2ip route-static vpn-instance External 10.10.10.4 255.255.255.252 10.1.1.2ip route-static vpn-instance External 10.10.10.8 255.255.255.254 10.1.1.2ip route-static vpn-instance External 10.10.10.10 255.255.255.255 10.1.1.2ip route-static vpn-instance External 10.10.10.100 255.255.255.255 10.1.1.2ip route-static vpn-instance External 192.168.10.0 255.255.255.0 10.1.1.2ip route-static vpn-instance External 192.168.20.0 255.255.255.0 10.1.1.2ip route-static vpn-instance vpc1 0.0.0.0 0.0.0.0 10.1.1.2#returnFW1配置脚本2026-03-19 04:14:46.580!Software Version V500R005C10SPC300#sysname FW1vlan batch 2 to 4094firewall packet-filter basic-protocol enable#firewall defend action discard#vsys enableresource-class r0##vsys name vpc1 1assign vlan 2000assign global-ip 10.10.10.1 10.10.10.254 free#vsys name external 2assign vlan 2001#ip vpn-instance defaultipv4-family#ip vpn-instance externalipv4-familyipv6-family#ip vpn-instance vpc1ipv4-familyipv6-family#interface Vlanif2000ip binding vpn-instance vpc1ip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#interface Vlanif2001ip binding vpn-instance externalip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#interface GigabitEthernet1/0/0portswitchundo shutdownport link-type trunkundo port trunk allow-pass vlan 1port trunk allow-pass vlan 2000 to 2002#interface Virtual-if1ip address 10.0.0.1 255.255.255.252#interface Virtual-if2ip address 10.0.0.2 255.255.255.252#firewall zone localset priority 100#firewall zone trustset priority 85add interface GigabitEthernet0/0/0#firewall zone untrustset priority 5#firewall zone dmzset priority 50#ip route-static vpn-instance vpc1 0.0.0.0 0.0.0.0 vpn-instance externalip route-static vpn-instance external 10.10.10.1 255.255.255.255 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.2 255.255.255.254 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.4 255.255.255.252 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.8 255.255.255.254 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.10 255.255.255.255 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.100 255.255.255.255 vpn-instancevpc1ip route-static vpn-instance external 192.168.10.0 255.255.255.0 vpn-instance vpc1ip route-static vpn-instance external 192.168.20.0 255.255.255.0 vpn-instance vpc1#firewall forward cross-vsys extended#firewall detect ftpsecurity-policydefault action permitswitch vsys vpc1#l2tp domain suffix-separator #firewall defend action discard#page-settingpassword-policylevel high#ip address-set 192.168.10.0/24 type objectaddress 0 192.168.10.0 mask 24#time-range worktimeperiod-range 08:00:00 to 18:00:00 working-day#aaaauthentication-scheme defaultauthentication-scheme admin_localauthentication-scheme admin_radius_localauthentication-scheme admin_hwtacacs_localauthentication-scheme admin_ad_localauthentication-scheme admin_ldap_localauthentication-scheme admin_radiusauthentication-scheme admin_hwtacacsauthentication-scheme admin_adauthorization-scheme defaultaccounting-scheme defaultdomain defaultservice-type internetaccess ssl-vpn l2tp ikeinternet-access mode passwordreference user current-domainrole system-adminrole device-adminrole device-admin(monitor)role audit-admin#interface Vlanif2000ip binding vpn-instance vpc1ip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#l2tp-group default-lns#interface Virtual-if1ip address 10.0.0.1 255.255.255.252#sa#firewall zone localset priority 100#firewall zone trustset priority 85add interface Virtual-if1add interface Vlanif2000#firewall zone untrustset priority 5#firewall zone dmzset priority 50#location#nat address-group addgrp_10.10.10.1_1 0mode patsection 0 10.10.10.1 10.10.10.10#multi-linkifmode proportion-of-weight#security-policyrule name permitaction permit#auth-policy#traffic-policy#policy-based-route#nat-policyrule name VM1_to_Externalsource-zone trustdestination-zone untrustsource-address address-set 192.168.10.0/24action source-nat address-group addgrp_10.10.10.1_1#quota-policy#pcp-policy#ip route-static 192.168.10.0 255.255.255.0 10.1.1.1ip route-static 192.168.20.0 255.255.255.0 10.1.1.1#return##switch vsys external#l2tp domain suffix-separator #firewall defend action discard#page-settingpassword-policylevel high#time-range worktimeperiod-range 08:00:00 to 18:00:00 working-day#aaaauthentication-scheme defaultauthentication-scheme admin_localauthentication-scheme admin_radius_localauthentication-scheme admin_hwtacacs_localauthentication-scheme admin_ad_localauthentication-scheme admin_ldap_localauthentication-scheme admin_radiusauthentication-scheme admin_hwtacacsauthentication-scheme admin_adauthorization-scheme defaultaccounting-scheme defaultdomain defaultservice-type internetaccess ssl-vpn l2tp ikeinternet-access mode passwordreference user current-domainrole system-adminrole device-adminrole device-admin(monitor)role audit-admin#interface Vlanif2001ip binding vpn-instance externalip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#l2tp-group default-lns#interface Virtual-if2ip address 10.0.0.2 255.255.255.252#sa#firewall zone localset priority 100#firewall zone trustset priority 85#firewall zone untrustset priority 5add interface Virtual-if2add interface Vlanif2001#firewall zone dmzset priority 50#location#multi-linkifmode proportion-of-weight#security-policydefault action permit#auth-policy#traffic-policy#policy-based-route#nat-policy#quota-policy#pcp-policy#ip route-static 0.0.0.0 0.0.0.0 10.1.1.1#returnExternal交换机配置脚本sysname Huawei#vlan batch 1399#cluster enablentdp enablendp enable#drop illegal-mac alarm#diffserv domain default#drop-profile default#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http#interface Vlanif1#interface Vlanif1399ip address 100.1.2.2 255.255.255.252#interface MEth0/0/1#interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 1399#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#interface GigabitEthernet0/0/4#interface GigabitEthernet0/0/5#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#interface LoopBack0ip address 50.50.50.50 255.255.255.255#ip route-static 0.0.0.0 0.0.0.0 100.1.2.1同BD网段PC测试不同BD网段PC测试PC访问外部网络50.50.50.50地址防火墙会话表
VXLAN分布式网关跨墙转发到外部网络
发布时间:2026/5/18 0:49:26
模拟器拓扑图Leaf1配置脚本LEAF_01dis cu!Software Version V200R005C10SPC607B607!Last configuration was updated at 2026-03-19 10:44:0400:00!Last configuration was saved at 2026-03-19 11:54:2100:00#sysname LEAF_01#device board 17 board-type CE-MPUBdevice board 1 board-type CE-LPUE#stp mode rstpstp v-stp enablestp bpdu-protectionstp tc-protection#evpn-overlay enable#ip vpn-instance vpc1ipv4-familyroute-distinguisher 6:5002vpn-target 0:5002 export-extcommunityvpn-target 0:5002 export-extcommunity evpnvpn-target 0:5002 import-extcommunityvpn-target 0:5002 import-extcommunity evpnvxlan vni 5002#bridge-domain 5001vxlan vni 5003evpnroute-distinguisher 6:5003vpn-target 0:5002 export-extcommunityvpn-target 0:5003 export-extcommunityvpn-target 0:5003 import-extcommunityinterface Vbdif5001description logicswitch_1300ip binding vpn-instance vpc1ip address 192.168.10.254 255.255.255.0arp broadcast-detect enablemac-address 0000-5e00-0020vxlan anycast-gateway enablearp collect host enable##interface GE1/0/0undo portswitchundo shutdownip address 192.168.3.2 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 800000#interface GE1/0/1undo shutdown#interface GE1/0/1.2000 mode l2encapsulation dot1q vid 1300bridge-domain 5001#interface LoopBack0description VTEP-IPip address 192.168.6.2 255.255.255.255#interface LoopBack1description Router-ID/BGP-Peer-IP/DFS-Groupip address 192.168.7.3 255.255.255.255#interface Nve1source 192.168.6.2vni 5003 head-end peer-list protocol bgp#interface NULL0#bgp 100router-id 192.168.7.3undo default ipv4-unicastpeer 192.168.7.1 as-number 100peer 192.168.7.1 connect-interface LoopBack1peer 192.168.7.2 as-number 100peer 192.168.7.2 connect-interface LoopBack1#ipv4-family unicastundo peer 192.168.7.1 enableundo peer 192.168.7.2 enable#ipv4-family vpn-instance vpc1default-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#l2vpn-family evpnpolicy vpn-targetpeer 192.168.7.1 enablepeer 192.168.7.1 advertise irbpeer 192.168.7.1 advertise irbv6peer 192.168.7.2 enablepeer 192.168.7.2 advertise irbpeer 192.168.7.2 advertise irbv6#ospf 1 router-id 192.168.7.3bfd all-interfaces enablebfd all-interfaces min-tx-interval 500 min-rx-interval 500lsa-arrival-interval intelligent-timer 50 50 50area 0.0.0.0network 192.168.3.0 0.0.0.3network 192.168.3.16 0.0.0.3network 192.168.6.2 0.0.0.0network 192.168.7.3 0.0.0.0#returnLeaf3配置脚本LEAF_03 dis cu!Software Version V200R005C10SPC607B607!Last configuration was updated at 2026-03-19 10:56:5500:00!Last configuration was saved at 2026-03-19 11:54:1900:00#sysname LEAF_03#device board 17 board-type CE-MPUBdevice board 1 board-type CE-LPUE#stp mode rstpstp v-stp enablestp bpdu-protectionstp tc-protection#evpn-overlay enable#ip vpn-instance vpc1ipv4-familyroute-distinguisher 4:5002vpn-target 0:5002 export-extcommunityvpn-target 0:5002 export-extcommunity evpnvpn-target 0:5002 import-extcommunityvpn-target 0:5002 import-extcommunity evpnvxlan vni 5002#bridge-domain 5001vxlan vni 5003evpnroute-distinguisher 4:5003vpn-target 0:5002 export-extcommunityvpn-target 0:5003 export-extcommunityvpn-target 0:5003 import-extcommunity#bridge-domain 5002vxlan vni 5004evpnroute-distinguisher 4:5004vpn-target 0:5002 export-extcommunityvpn-target 0:5004 export-extcommunityvpn-target 0:5004 import-extcommunity##interface Vbdif5001description logicswitch_1300ip binding vpn-instance vpc1ip address 192.168.10.254 255.255.255.0arp broadcast-detect enablemac-address 0000-5e00-0020vxlan anycast-gateway enablearp collect host enable#interface Vbdif5002description logicswitch_1301ip binding vpn-instance vpc1ip address 192.168.20.254 255.255.255.0arp broadcast-detect enablemac-address 0000-5e00-0021vxlan anycast-gateway enablearp collect host enable#interface MEth0/0/0undo shutdown#interface GE1/0/0undo portswitchundo shutdownip address 192.168.3.10 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 800000#interface GE1/0/1undo shutdown#interface GE1/0/1.2000 mode l2encapsulation dot1q vid 1300bridge-domain 5001#interface GE1/0/1.2001 mode l2encapsulation dot1q vid 1301bridge-domain 5002#interface LoopBack0description VTEP-IPip address 192.168.6.3 255.255.255.255#interface LoopBack1description Router-ID/BGP-Peer-IP/DFS-Groupip address 192.168.7.5 255.255.255.255#interface Nve1source 192.168.6.3vni 5003 head-end peer-list protocol bgpvni 5004 head-end peer-list protocol bgp#interface NULL0#bgp 100router-id 192.168.7.5undo default ipv4-unicastpeer 192.168.7.1 as-number 100peer 192.168.7.1 connect-interface LoopBack1peer 192.168.7.2 as-number 100peer 192.168.7.2 connect-interface LoopBack1#ipv4-family unicastundo peer 192.168.7.1 enableundo peer 192.168.7.2 enable#ipv4-family vpn-instance vpc1default-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#l2vpn-family evpnpolicy vpn-targetpeer 192.168.7.1 enablepeer 192.168.7.1 advertise irbpeer 192.168.7.1 advertise irbv6peer 192.168.7.2 enablepeer 192.168.7.2 advertise irbpeer 192.168.7.2 advertise irbv6#ospf 1 router-id 192.168.7.5bfd all-interfaces enablebfd all-interfaces min-tx-interval 500 min-rx-interval 500lsa-arrival-interval intelligent-timer 50 50 50area 0.0.0.0network 192.168.3.8 0.0.0.3network 192.168.3.24 0.0.0.3network 192.168.6.3 0.0.0.0network 192.168.7.5 0.0.0.0#returnSpine1配置脚本!Software Version V200R005C10SPC607B607!Last configuration was updated at 2026-03-19 11:00:3500:00!Last configuration was saved at 2026-03-19 12:11:3800:00#sysname SPINE_01#device board 17 board-type CE-MPUBdevice board 1 board-type CE-LPUE#stp mode rstpstp v-stp enablestp bpdu-protectionstp tc-protection#evpn-overlay enable#ip vpn-instance Externalipv4-familyroute-distinguisher 2:5000vpn-target 0:5000 export-extcommunityvpn-target 0:5000 export-extcommunity evpnvpn-target 0:5000 import-extcommunityvpn-target 0:5000 import-extcommunity evpnvxlan vni 5000#ip vpn-instance vpc1ipv4-familyroute-distinguisher 2:5002vpn-target 0:5002 export-extcommunityvpn-target 0:5002 export-extcommunity evpnvpn-target 0:5002 import-extcommunityvpn-target 0:5002 import-extcommunity evpnvxlan vni 5002#bridge-domain 5000vxlan vni 5001evpnroute-distinguisher 2:5001vpn-target 0:5001 export-extcommunityvpn-target 0:5000 export-extcommunityvpn-target 0:5001 import-extcommunity#bridge-domain 5003vxlan vni 5005evpnroute-distinguisher 2:5005vpn-target 0:5002 export-extcommunityvpn-target 0:5005 export-extcommunityvpn-target 0:5005 import-extcommunity#bridge-domain 5004vxlan vni 5006evpnroute-distinguisher 2:5006vpn-target 0:5000 export-extcommunityvpn-target 0:5006 export-extcommunityvpn-target 0:5006 import-extcommunity#interface Vbdif5000ip binding vpn-instance Externalip address 100.1.2.1 255.255.255.252arp broadcast-detect enablemac-address 0000-5e00-0023vxlan anycast-gateway enablearp collect host enable#interface Vbdif5003ip binding vpn-instance vpc1ip address 10.1.1.1 255.255.255.252arp broadcast-detect enablemac-address 0000-5e00-0024vxlan anycast-gateway enablearp collect host enable#interface Vbdif5004ip binding vpn-instance Externalip address 10.1.1.1 255.255.255.252arp broadcast-detect enablemac-address 0000-5e00-0023vxlan anycast-gateway enablearp collect host enable#interface MEth0/0/0undo shutdown#interface GE1/0/0undo portswitchundo shutdownip address 192.168.3.1 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 780000#interface GE1/0/1undo portswitchundo shutdownip address 192.168.3.9 255.255.255.252ospf network-type p2pospf peer hold-max-cost timer 780000#interface GE1/0/2undo shutdown#interface GE1/0/2.2000 mode l2encapsulation dot1q vid 2000bridge-domain 5003#interface GE1/0/2.2001 mode l2encapsulation dot1q vid 2001bridge-domain 5004#interface GE1/0/3undo shutdown#interface GE1/0/3.2000 mode l2encapsulation dot1q vid 1399bridge-domain 5000#interface LoopBack0description VTEP-IPip address 192.168.6.1 255.255.255.255#interface LoopBack1description Router-ID/BGP-Peer-IP/DFS-Groupip address 192.168.7.1 255.255.255.255#interface Nve1source 192.168.6.1vni 5001 head-end peer-list protocol bgpvni 5005 head-end peer-list protocol bgpvni 5006 head-end peer-list protocol bgp#interface NULL0#bgp 100router-id 192.168.7.1undo default ipv4-unicastpeer 192.168.7.3 as-number 100peer 192.168.7.3 connect-interface LoopBack1peer 192.168.7.5 as-number 100peer 192.168.7.5 connect-interface LoopBack1#ipv4-family unicastundo peer 192.168.7.3 enableundo peer 192.168.7.5 enable#ipv4-family vpn-instance Externaldefault-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#ipv4-family vpn-instance vpc1default-route importedimport-route directimport-route staticmaximum load-balancing 32advertise l2vpn evpn#l2vpn-family evpnundo policy vpn-targetpeer 192.168.7.3 enablepeer 192.168.7.3 advertise irbpeer 192.168.7.3 advertise irbv6peer 192.168.7.3 reflect-clientpeer 192.168.7.5 enablepeer 192.168.7.5 advertise irbpeer 192.168.7.5 advertise irbv6peer 192.168.7.5 reflect-client#ospf 1 router-id 192.168.7.1bfd all-interfaces enablebfd all-interfaces min-tx-interval 500 min-rx-interval 500lsa-arrival-interval intelligent-timer 50 50 50area 0.0.0.0network 192.168.3.0 0.0.0.3network 192.168.3.4 0.0.0.3network 192.168.3.8 0.0.0.3network 192.168.3.12 0.0.0.3network 192.168.6.1 0.0.0.0network 192.168.7.1 0.0.0.0#ip route-static vpn-instance External 0.0.0.0 0.0.0.0 100.1.2.2 tag 1000ip route-static vpn-instance External 10.10.10.1 255.255.255.255 10.1.1.2ip route-static vpn-instance External 10.10.10.2 255.255.255.254 10.1.1.2ip route-static vpn-instance External 10.10.10.4 255.255.255.252 10.1.1.2ip route-static vpn-instance External 10.10.10.8 255.255.255.254 10.1.1.2ip route-static vpn-instance External 10.10.10.10 255.255.255.255 10.1.1.2ip route-static vpn-instance External 10.10.10.100 255.255.255.255 10.1.1.2ip route-static vpn-instance External 192.168.10.0 255.255.255.0 10.1.1.2ip route-static vpn-instance External 192.168.20.0 255.255.255.0 10.1.1.2ip route-static vpn-instance vpc1 0.0.0.0 0.0.0.0 10.1.1.2#returnFW1配置脚本2026-03-19 04:14:46.580!Software Version V500R005C10SPC300#sysname FW1vlan batch 2 to 4094firewall packet-filter basic-protocol enable#firewall defend action discard#vsys enableresource-class r0##vsys name vpc1 1assign vlan 2000assign global-ip 10.10.10.1 10.10.10.254 free#vsys name external 2assign vlan 2001#ip vpn-instance defaultipv4-family#ip vpn-instance externalipv4-familyipv6-family#ip vpn-instance vpc1ipv4-familyipv6-family#interface Vlanif2000ip binding vpn-instance vpc1ip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#interface Vlanif2001ip binding vpn-instance externalip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#interface GigabitEthernet1/0/0portswitchundo shutdownport link-type trunkundo port trunk allow-pass vlan 1port trunk allow-pass vlan 2000 to 2002#interface Virtual-if1ip address 10.0.0.1 255.255.255.252#interface Virtual-if2ip address 10.0.0.2 255.255.255.252#firewall zone localset priority 100#firewall zone trustset priority 85add interface GigabitEthernet0/0/0#firewall zone untrustset priority 5#firewall zone dmzset priority 50#ip route-static vpn-instance vpc1 0.0.0.0 0.0.0.0 vpn-instance externalip route-static vpn-instance external 10.10.10.1 255.255.255.255 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.2 255.255.255.254 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.4 255.255.255.252 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.8 255.255.255.254 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.10 255.255.255.255 vpn-instance vpc1ip route-static vpn-instance external 10.10.10.100 255.255.255.255 vpn-instancevpc1ip route-static vpn-instance external 192.168.10.0 255.255.255.0 vpn-instance vpc1ip route-static vpn-instance external 192.168.20.0 255.255.255.0 vpn-instance vpc1#firewall forward cross-vsys extended#firewall detect ftpsecurity-policydefault action permitswitch vsys vpc1#l2tp domain suffix-separator #firewall defend action discard#page-settingpassword-policylevel high#ip address-set 192.168.10.0/24 type objectaddress 0 192.168.10.0 mask 24#time-range worktimeperiod-range 08:00:00 to 18:00:00 working-day#aaaauthentication-scheme defaultauthentication-scheme admin_localauthentication-scheme admin_radius_localauthentication-scheme admin_hwtacacs_localauthentication-scheme admin_ad_localauthentication-scheme admin_ldap_localauthentication-scheme admin_radiusauthentication-scheme admin_hwtacacsauthentication-scheme admin_adauthorization-scheme defaultaccounting-scheme defaultdomain defaultservice-type internetaccess ssl-vpn l2tp ikeinternet-access mode passwordreference user current-domainrole system-adminrole device-adminrole device-admin(monitor)role audit-admin#interface Vlanif2000ip binding vpn-instance vpc1ip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#l2tp-group default-lns#interface Virtual-if1ip address 10.0.0.1 255.255.255.252#sa#firewall zone localset priority 100#firewall zone trustset priority 85add interface Virtual-if1add interface Vlanif2000#firewall zone untrustset priority 5#firewall zone dmzset priority 50#location#nat address-group addgrp_10.10.10.1_1 0mode patsection 0 10.10.10.1 10.10.10.10#multi-linkifmode proportion-of-weight#security-policyrule name permitaction permit#auth-policy#traffic-policy#policy-based-route#nat-policyrule name VM1_to_Externalsource-zone trustdestination-zone untrustsource-address address-set 192.168.10.0/24action source-nat address-group addgrp_10.10.10.1_1#quota-policy#pcp-policy#ip route-static 192.168.10.0 255.255.255.0 10.1.1.1ip route-static 192.168.20.0 255.255.255.0 10.1.1.1#return##switch vsys external#l2tp domain suffix-separator #firewall defend action discard#page-settingpassword-policylevel high#time-range worktimeperiod-range 08:00:00 to 18:00:00 working-day#aaaauthentication-scheme defaultauthentication-scheme admin_localauthentication-scheme admin_radius_localauthentication-scheme admin_hwtacacs_localauthentication-scheme admin_ad_localauthentication-scheme admin_ldap_localauthentication-scheme admin_radiusauthentication-scheme admin_hwtacacsauthentication-scheme admin_adauthorization-scheme defaultaccounting-scheme defaultdomain defaultservice-type internetaccess ssl-vpn l2tp ikeinternet-access mode passwordreference user current-domainrole system-adminrole device-adminrole device-admin(monitor)role audit-admin#interface Vlanif2001ip binding vpn-instance externalip address 10.1.1.2 255.255.255.252service-manage http permitservice-manage https permitservice-manage ping permitservice-manage ssh permitservice-manage telnet permit#l2tp-group default-lns#interface Virtual-if2ip address 10.0.0.2 255.255.255.252#sa#firewall zone localset priority 100#firewall zone trustset priority 85#firewall zone untrustset priority 5add interface Virtual-if2add interface Vlanif2001#firewall zone dmzset priority 50#location#multi-linkifmode proportion-of-weight#security-policydefault action permit#auth-policy#traffic-policy#policy-based-route#nat-policy#quota-policy#pcp-policy#ip route-static 0.0.0.0 0.0.0.0 10.1.1.1#returnExternal交换机配置脚本sysname Huawei#vlan batch 1399#cluster enablentdp enablendp enable#drop illegal-mac alarm#diffserv domain default#drop-profile default#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http#interface Vlanif1#interface Vlanif1399ip address 100.1.2.2 255.255.255.252#interface MEth0/0/1#interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 1399#interface GigabitEthernet0/0/2#interface GigabitEthernet0/0/3#interface GigabitEthernet0/0/4#interface GigabitEthernet0/0/5#interface GigabitEthernet0/0/6#interface GigabitEthernet0/0/7#interface GigabitEthernet0/0/8#interface GigabitEthernet0/0/9#interface GigabitEthernet0/0/10#interface GigabitEthernet0/0/11#interface GigabitEthernet0/0/12#interface GigabitEthernet0/0/13#interface GigabitEthernet0/0/14#interface GigabitEthernet0/0/15#interface GigabitEthernet0/0/16#interface GigabitEthernet0/0/17#interface GigabitEthernet0/0/18#interface GigabitEthernet0/0/19#interface GigabitEthernet0/0/20#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24#interface NULL0#interface LoopBack0ip address 50.50.50.50 255.255.255.255#ip route-static 0.0.0.0 0.0.0.0 100.1.2.1同BD网段PC测试不同BD网段PC测试PC访问外部网络50.50.50.50地址防火墙会话表
)
)
)
)
)
