Alcatel7750设备配置指南

Alcatel7750SR设备配置指南\l“_TOC_250025“设备配置命令说明 2\l“_TOC_250024“SYSTEM根本配置 2\l“_TOC_250023“LOG配置 3\l“_TOC_250022“PORT配置 3\l“_TOC_250021“ISIS协议配置 5\l“_TOC_250020“MPLS、LDP协议配置 6\l“_TOC_250019“SECURITY配置 7\l“_TOC_250018“VPN-BGP配置 9\l“_TOC_250017“POLICY配置 10\l“_TOC_250016“SERVICE配置 11\l“_TOC_250015“IES业务配置 11\l“_TOC_250014“VPLS业务配置 13\l“_TOC_250013“VPRN业务配置 15\l“_TOC_250012“故障排解方法说明 17\l“_TOC_250011“光路正常但PORT端口DOWN 17\l“_TOC_250010“PING不通对端地址 17\l“_TOC_250009“ISIS邻接关系无法建立 18\l“_TOC_250008“BGP邻居无法正常建立 18\l“_TOC_250007“BGP表中有路由，但路由没有被放进VPN路由表中 18\l“_TOC_250006“VPN中用户CE设备无法访问远端 18\l“_TOC_250005“业务运行状态检查命令 19\l“_TOC_250004“查看SERVICE业务运行状态 19\l“_TOC_250003“检查路由器接口运行状态 19\l“_TOC_250002“查看设备PORT端口运行状态 20\l“_TOC_250001“查看设备MAC地址表信息 21\l“_TOC_250000“删除SERVICE配置步骤 22confidential 第1页共22页 IPD1设备配置命令说明System根本配置feature。7。BEIJ08。配置例如：systemname“YZ-SYL-R-AC7750-01“chassis-modecsnmppacket-size9216exittelnetinbound-max-sessions7outbound-max-sessions7exit

exitnologin-bannertimesntpshutdownexit

exitzoneBEIJ08thresholdsrmonexitexitexit检查命令：showchassischassismodeC。Showtime查看系统时间。confidential 第2页共22页 IPDLog配置1. log7750SR的日常设备信息，log-id11，file-id11。配置例如：logfile-id11locationcf3:exitsnmp-trap-group98trap-destination80“snmpv2c“notify-community“alcateltrap“trap-destination88“snmpv2c“notify-community“yzsnmprw123“exitlog-id11fromsecuritychangetofile11exitlog-id98frommainsecuritytosnmp1024exitexit检查命令：Showloglog-id10LOGPort配置PORT配置依据下联交换机的端口类型和协商方式灵敏配置。承受7750物理端口与下联设备直联就不需要封装dot1Q，假设有VLAN则需要封装dot1Q。端口下配置的用户数据，如需配置IES、VLL、VPLS、VPRN等数据就需要设置modeaccess。与下联设备不需要协商需要配置noautonegotiate。配置例如：port1/1/1exitnoshutdownexitport1/1/2Ethernetconfidential 第3页共22页 IPDexit

modeaccessencap-typedot1qnoautonegotiatenoshutdownexit检查命令：ShowportUP。设备的唯一标识地址系统默认名字为system，配置IP地址。64665。翻开多链路负载均衡ECMP8。配置设备router-idsystem地址。配置例如：routerinterface“system“address/32exitinterface“to_DBL12416-1_1“address4/30port2/1/1exitinterface“to_DBL12416-1_2“address8/30port1/1/2exitinterface“to_SYL12416-1_1“address2/30port1/1/1exitinterface“to_SYL12416-1_2“address6/30port2/1/2exitautonomous-system64665ecmp8 -equalcostmulti-pathrouter-id检查命令：showrouterinterfaceconfidential 第4页共22页 IPDinterfaceUP。showrouterecmpecmp是否翻开。ISIS协议配置ISISleverl-12. area-id为86.4665.05143. systemGSR互联的接口、与下联设备互联接口参与到ISIS进程。配置例如：isislevel-capabilitylevel-1area-id86.4665.0514traffic-engineeringlevel1wide-metrics-onlyexitinterface“system“level-capabilitylevel-1exitinterface“to_SYL12416-1_1“level-capabilitylevel-1level1metric200exitexitinterface“to_SYL12416-1_2“level-capabilitylevel-1level1metric200exitexitinterface“to_DBL12416-1_1“level-capabilitylevel-1level1metric200exitexitinterface“to_DBL12416-1_2“level-capabilitylevel-1level1confidential 第5页共22页 IPDexit

exit

metric200exit检查命令：showrouterisisadjacencyISIS邻接是否建立。Mpls、LDP协议配置systemGSR互联的接口、与下联设备互联接口参与到MPLSLDP进程。配置例如：mplsinterface“system“exitinterface“to_SYL12416-1_1“exitinterface“to_SYL12416-1_2“exitinterface“to_DBL12416-1_1“exitinterface“to_DBL12416-1_2“exitnoshutdownexitldpimport“block_0_fec“interface-parametersinterface“to_SYL12416-1_1“exitinterface“to_SYL12416-1_2“exitinterface“to_DBL12416-1_1“exitinterface“to_DBL12416-1_2“exitexittargeted-sessionexitconfidential 第6页共22页 IPDexitexit检查命令：showroutermplsinterfaceshowrouterldpsessionLDP邻接是否建立成功。Security配置telnet、snmp效劳。并对访问IP进展限制。7750SR设备关闭SSH效劳。IPV6-filter7750SR的一般上网用户和每个VPRN用户都要进展IPV6包的过滤。配置例如：systemsecuritytelnet-serverftp-servermanagement-access-filterdefault-actionpermitentry10description“fortelnet“actionpermitsrc-ip/22exitentry20actionpermitsrc-ip/27exitentry30actionpermitsrc-ip/23exitentry40actionpermitsrc-ip/24exitentry50actionpermitconfidential 第7页共22页 IPDsrc-ip/23exitentry60actionpermitsrc-ip/23exitentry70actionpermitsrc-ip80/32exitentry80actionpermitsrc-ip/24exitentry90actionpermitsrc-ip/32exitentry100actiondenyprotocol6dst-port2365535exitentry190actiondenyprotocol17dst-port16165535exitexitpasswordauthentication-ordertacpluslocalhash2

exittacplusaccountingauthorizationtimeout10single-connectionserver1addresssecret“z05szr1ZBJCPeLCQOtckOk“server 2 address 46 secret“WZBK9MwJl5GOacy0i5JXTE“hash2exituser“admin“password“VeuGBy9agmYtpDhhW0yi359H.JvK5.8c“hash2confidential 第8页共22页 IPDaccessconsoleftpsnmpconsolemember“administrative“exitexitsnmpcommunity“yzsnmpro123“rversionbothcommunity“yzsnmprw123“rwaversionbothexitper-peer-queuingip-filtershutdownexitipv6-filterentry10createlog110matchrouterBaseexitexitentry20creatematchrouter***(VPRNServiceID)exitexitexit

noshutdown检查命令：Showsystemsecuritycpm-filteripv6-filterIPV6包的数量。VPN-BGP配置7750SR和GSR建立VPN-BGPIBGP邻居关系，GSR核心作为RR。bgpfamilyipv4vpn-ipv4multipath8ibgp-multipathrouter-idgroup“ibgp“confidential 第9页共22页 IPDexit

exit

exit

typeinternalexport“prefix2bgp“peer-as64665local-addressneighbor53exitneighbor54exit检查命令：showrouterbgpneighborBGP邻居是否建立成功。Policy配置1LDP/0FEC安全过滤。2Prefixlist公布到BGP。配置例如：static-route8/29black-holepreference200-----〔省略〕-----policy-optionsbeginprefix-list“0_fec“prefix/0exactexitprefix-list“networks“prefix6/28exact-----〔省略〕-----exitpolicy-statement“prefix2bgp“entry10fromexittoexit

prefix-list“networks“protocolbgpactionacceptconfidential 第10页共22页 IPDexit

exit

exit

originigppolicy-statement“block_0_fec“entry10fromprefix-list“0_fec“exitactionrejectexitexit

default-actionacceptexitcommitexitService配置customer10IESserver关联。customer11与VPRN&VPLSserver关联。每个VPRN都有一个server-id。IESserver-id8位，1－4port号〔1/1/1为110，－8为VLANI，缺乏4位用0补齐。ServerInterface命名规章是连接用户简称。配置例如：servicecustomer1createdescription“Defaultcustomer“exitcustomer10createdescription“to_IES“exitcustomer11createdescription“to_VPRN&VPLS“exitIES业务配置configureserviceconfidential 第11页共22页 IPDies12023002customer10create 4位为vlan-id)interface“jiansheju“create address9/29 Mask〕sap1/2/1:4002create sap〕exitexitnoshutdown 留意：一个interface下仅仅可以绑定一个sap，sap叫做ServiceAccessPoint。同时一个sap仅仅可以service中，比方本例1/2/1:4002service中去。添加静态blcakhole及Prefixlist配置，用于在BGP中公布路由static-route8/29black-holepreference200prefix-list“networks“prefix6/28exactexitpolicy-statement“prefix2bgp“entry10fromexittoexit

prefix-list“networks“protocolbgpactionacceptoriginigpexit

exit

exitbgpfamilyipv4vpn-ipv4multipath8ibgp-multipathrouter-idgroup“ibgp“typeinternalexport“prefix2bgp“peer-as64665confidential 第12页共22页 IPDexit

exit

exit

local-addressneighbor53exitneighbor54exit检查命令：Showserviceservice-usingShowrouterarparp表vpls业务配置1、配置全网SR设备全互联的SDP，用于VPLS的业务开展sdp102mplscreate mpls，gre可选)far-end4 system地址)ldp mpls的标签分发协议)path-mtu1514 mtu)keep-aliveshutdownexit

exitnoshutdown 检测对端是否工作正常)sdp103mplscreatefar-endldpkeep-aliveshutdownexitnoshutdownexit………………留意：SDP叫做servicedistributepoint，概念类似与cisco的tunnelinterface，SDP具有单向性，配confidential 第13页共22页 IPD置时需要对两端均进展配置。7750通过使用SDP，将本地的流量泛洪到远端。SDP可以为mpls封装，也可以为gre封装，默认状况下承受t-ldp对安排的标签进展自动映射，vpls1001customer11create description“xiaofang-vpls“stpshutdownexitsap1/1/3:1401create description“hangjiangzhidui“ingressqos10exitegressqos10exitexitsap1/2/2:4013create vpls〕description“guanglingchanyezhidui“ingressqos10exitegressqos10exitexitmesh-sdp104:1001create sdpvpls〕exitmesh-sdp109:1001createexitmesh-sdp112:1001createexitmesh-sdp113:1001createexitmesh-sdp115:1001createexitmesh-sdp117:1001createexitexitvplssapmtu必需要大于等于servicemtuportaccessdot1q封装后，mtu15184vlan-tagmtu1514servicemtuvplssapconfidential 第14页共22页 IPD会起不来，并且报错portmtutoosmall.检查命令：Showserviceservice-usingShowrouterarparp表oammac-pingservice1001destinationff:ff:ff:ff:ff:ffvprn业务配置1VPRNVPN节点路由可以互访。configureservicevprn514001001customer11create (vprn业务)description“wuxiandian-vprn“route-distinguisher514:1001 (RD值)auto-bindldp 协议分发的标签)vrf-targettarget:514:1001 (RT值，RTRD一样值)interface“wuxiandian“create address/30sap2/2/1:4029createingressqos2exitegressqos2exit

exit

exitstatic-route/24next-hop 〔配置VPN静态路由〕exitexit2VPRNVPN站点间的访问。configurerouterpolicy-optionsbegin 〔begin关键词〕confidential 第15页共22页 IPDcommunity“wuxiandian-vpn-in1“members“target:1001:2“(RT1001:2)community“wuxiandian-vpn-in2“members“target:1001:3“community“wuxiandian-vpn-out“members“target:1001:1“policy-statement“wuxiandian-vpn-in“entry10 10，越小越优先)fromprotocolbgp-vpn 路由)community“wuxiandian-vpn-in1“ (RT1001:2)exitexit

actionaccept 10的行为为允许)exitentry20 20，越小越优先)fromexit

protocolbgp-vpn 路由)community“wuxiandian-vpn-in2“ (RT1001:3)exit

exit

actionacceptexitpolicy-statement“wuxiandian-vpn-out“entry10 10，越小越优先)actionacceptcommunityadd“wuxiandian-vpn-out“ (RT1001:1)exit

exit

exitcommit commit策略才会生效)configureservicevprn514001001customer11createdescription“wuxiandian-vprn“vrf-import“wuxiandian-vpn-in“ VPN路由导入策略〕vrf-export“wuxiandian-vpn-out“ VPN路由导出策略〕route-distinguisher514:1001auto-bindldpinterface“wuxiandian“createaddress/30sap2/2/1:4029createingressqos2 QOS限速策略〕exitconfidential 第16页共22页 IPDegressqos2exit

exit

exitstatic-route/24next-hop 〔配置VPN静态路由〕shutdownexitexitpolicy-option中进展编辑检查命令showserviceservice-usingpingrouter514001001showrouter514001001route-tableshowrouter514001002static-routeshowrouter514001002route-tableprotocollocalshowrouter514001002route-tablesummaryshowrouter514001002route-tableprotocolbgp-vpnshowserviceid514001001arp故障排解方法说明portdown7750port默认为自协商开启configureportx/x/xethernetnoauto (关闭端口自协商)showportping不通对端地址interfacebindingport是否正确configureportx/x/xethernetencap-typedot1q/nullconfidential 第17页共22页 IPDISIS邻接关系无法建立ISIS参数是否全都showrouterISISadjx.x.x.xdetailshowrouterisisinterfaceBGP邻居无法正常建立使用命令showrouterbgpneighbor检查邻居关系如显示为no-type则说明本地AS号没有被配置或者BGPtype没有被配置，假设显示 BadPeerAS则说明对端指向本地的 as号配错了。并且检查两端 BGP配置中的authentication-key及family-address等其他参数。BGPvpn路由表中vpn路由，7750ldp也要可达。showrouterbgproutesprefixVPNCE设备无法访问远端VPNRD、RT策略、LDP等address，arp表routerxxxxxroute-tablePE是否能成功访问远端PE重复上述检查过程confidential 第18页共22页 IPD业务运行状态检查命令Service业务运行状态showserviceservice-using 该命令可以查看设备上用户service的开展状况，包括IESVPRNA:WX-AZ-R-AC7750-01#showserviceservice-using===============================================================================Services===============================================================================ServiceId Type Adm Opr CustomerId LastMgmtChange10001VPRNUpUp1109/01/202300:00:1910004VPRNUpUp1109/01/202300:00:1910012VPRNUpUp1109/01/202300:00:1910018VPRNUpUp1109/01/202300:00:1910027VPRNUpUp1109/01/202300:00:1910065VPRNUpUp1109/01/202300:00:1911130050IESUpUp1009/01/202300:00:1911130051IESUpUp1009/01/202300:00:1911130053IESUpUp1009/01/202300:00:1911130055IESUpUp1009/01/202300:00:1911130056IESUpUp1009/01/202300:00:1911130059IESUpUp1009/01/202300:00:19检查路由器接口运行状态showrouterinterface 命令用于查看路由器接口运行状况A:WX-AZ-R-AC7750-01#showrouterinterface===============================================================================InterfaceTable(Router:Base)===============================================================================confidential 第19页共22页 IPDInterface-Name Adm Opr(v4/v6) Mode Port/SapIdIP-Address PfxStatesystemUpUp/DownNetworksystem29/32n/ato_GM7750-2_1UpDown/DownNetwork1/1/4/30n/ato_GM7750-2_2UpDown/DownNetwork1/1/28/30n/ato_QY7750-1_1UpUp/DownNetwork2/1/2/30n/ato_QY7750-1_2UpUp/DownNetwork2/1/26/30n/ato_WX-AZ-S-C3550-01_1UpUp/DownIES 1/1/3:50/30n/ato_WX-DHT-S-C3550-01_1UpUp/DownIES 1/1/6:503/30n/ato_WX-DK-S-S3552F-01_1UpUp/DownIES 1/1/8:50Adm状态-治理状态,Opr状态端口实际的工作状态.port/sapIdinterface使用的是那个端口Port端口运行状态showport可以看到路由器物理端口的状态,mode,mtu,encapsulation等等A:WX-AZ-R-AC7750-01#showport==============================================================================PortsonSlot1==============================================================================Port AdminLinkPort Cfg OperLAG/PortPortPort SFP/XFP/Id State State MTU MTU BndlModeEncpType MDIMDX1/1/1UpNoDown92129212-netwnullgigeGIGE-LX80KM1/1/2UpNoDown92129212-netwnullgigeGIGE-LX80KM1/1/3UpYesUp15181518-accsdotqgigeGIGE-LX10KM1/1/4UpYesUp15181518-accsdotqgigeGIGE-LX10KM1/1/5UpYesUp15181518-accsdotqgigeGIGE-LX40KMconfidential 第20页共22页 IPDservice,access模式,vlan来对应多个业务,portdot1qMAC地址表信息showrouterarpmac7750学到showrouterarpA:WX-AZ-R-AC7750-01#showrouterarp===============================================================================ARPTable(Router:Base)===============================================================================IPAddress MACAddress Expiry Type Interface2900:03:fa:8c:54:8800