MSR路由器SDWAN 分支CPE tte建立問題
- 0關注
- 0收藏,1108瀏覽
問題描述:
如題,
總部MSR 3610-X1,公網ip,作為sdwan RR角色,同時配置stun server
分支msr810-lm,采用4g網絡,私網ip,作為sdwan cpe角色
問題:
CPE1 CPE2 CPE3 均能與總部RR建立tte連接,但是cpe之間無法建立導致cpe間無法互通,應如果處理?
CPE1查看tte連接信息及site-tte
相關配置如下:
總部:
interface LoopBack10
ip address 10.70.70.254 255.255.255.255
interface GigabitEthernet0/0
port link-mode route
ip address 218.xx.xx.xx 255.255.255.248
interface Tunnel10 mode sdwan udp
ip address unnumbered interface GigabitEthernet0/0
source GigabitEthernet0/0
tunnel out-interface GigabitEthernet0/0
tunnel protection ipsec profile prf1
sdwan interface-id 10
sdwan routing-domain rda id 10
sdwan transport-network tna id 10
bgp 65535
peer 10.70.70.20 as-number 65535
peer 10.70.70.20 connect-interface LoopBack10
peer 10.70.70.30 as-number 65535
peer 10.70.70.30 connect-interface LoopBack10
peer 10.70.70.50 as-number 65535
peer 10.70.70.50 connect-interface LoopBack10
#
address-family ipv4 tnl-encap-ext
peer 10.70.70.20 enable
peer 10.70.70.20 reflect-client
peer 10.70.70.30 enable
peer 10.70.70.30 reflect-client
peer 10.70.70.50 enable
peer 10.70.70.50 reflect-client
address-family l2vpn evpn
undo policy vpn-target
peer 10.70.70.20 enable
peer 10.70.70.20 reflect-client
peer 10.70.70.20 advertise encap-type sdwan
peer 10.70.70.30 enable
peer 10.70.70.30 reflect-client
peer 10.70.70.30 advertise encap-type sdwan
peer 10.70.70.50 enable
peer 10.70.70.50 reflect-client
peer 10.70.70.50 advertise encap-type sdwan
ip route-static 0.0.0.0 0 218.xx.xx.yy
stun server ip 218.xx.xx.xx port 8510 alternative-ip 111.206.174.3 alternative-port 3478
sdwan site-id 10
sdwan site-name wnd
sdwan device-id 1
sdwan encapsulation global-udp-port 6668
sdwan system-ip LoopBack10
sdwan site-role rr
sdwan server port 6661
sdwan server enable
分支CPE1:
interface Eth-channel1/0:0
dialer circular enable
dialer-group 89
dialer timer autodial 5
dialer number *99# autodial
ip address cellular-alloc
tcp mss 1280
nat outbound
nat hairpin enable
apn-profile apply profile69
interface Tunnel10 mode sdwan udp
ip address unnumbered interface Eth-channel1/0:0
source Eth-channel1/0:0
tunnel out-interface Eth-channel1/0:0
stun client destination-ip 218.XX.XX.XX destination-port 8510 tunnel protection ipsec profile prf1
sdwan interface-id 35
sdwan routing-domain rda id 10
sdwan transport-network tna id 10
bgp 65535
peer 10.70.70.254 as-number 65535
peer 10.70.70.254 connect-interface LoopBack10
#
address-family ipv4 tnl-encap-ext
peer 10.70.70.254 enable
#
address-family l2vpn evpn
peer 10.70.70.254 enable
peer 10.70.70.254 advertise encap-type sdwan
ssl client-policy plc1
prefer-cipher rsa_aes_256_cbc_sha
undo server-verify enable
sdwan site-id 20
sdwan site-name msr810_03
sdwan device-id 1
sdwan encapsulation global-udp-port 6668
sdwan system-ip LoopBack10
sdwan site-role cpe
sdwan ssl-client-policy plc1
sdwan server system-ip 10.70.70.254 ip 218.XX.XX.XX port 6661
CPE2 CPE3 配置與CPE1類似, 此處不再上傳
問題:
CPE1 CPE2 CPE3 均能與總部RR建立tte連接,但是cpe之間無法建立導致cpe間無法互通,應如果處理?
CPE1查看tte連接信息及site-tte
<MSR810-LM_03>display sdwan site-tte
1 10.70.70.50 100 UP UDP IPv4 Disabled Enabled 10 10
總部查看tte連接信息及site-tte
- 2025-01-10提問
- 舉報
-
(1)
親~登錄後才可以操作哦!
確定你的郵箱還未認證,請認證郵箱或綁定手機後進行當前操作
舉報
×
侵犯我的權益
×
侵犯了我企業的權益
×
- 1. 您舉報的內容是什麼?(請在郵件中列出您舉報的內容和鏈接地址)
- 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
- 3. 是哪家企業?(營業執照,單位登記證明等證件)
- 4. 您與該企業的關係是?(您是企業法人或被授權人,需提供企業委托授權書)
抄襲了我的內容
×
原文鏈接或出處
誹謗我
×
- 1. 您舉報的內容以及侵犯了您什麼權益?(請在郵件中列出您舉報的內容、鏈接地址,並給出簡短的說明)
- 2. 您是誰?(身份證明材料,可以是身份證或護照等證件)
對根叔社區有害的內容
×
不規範轉載
×
舉報說明
暫無評論