You are here: Cookbook > VPN > Configuring VXLAN Static Unicast Tunnel

Configuring VXLAN Static Unicast Tunnel

This example introduces how to configure VXLAN static unicast tunnel. VXLAN uses MAC-in-UDP encapsulation to extend Layer 2 networks, allowing a large number of tenant accesses to virtual networks.

In the topology below, PC1 and PC2 communicate through the VXLAN tunnel (VNI100).

Note: In the same tunnel, different VNIs cannot communicate with each other.

Configuration Steps

VTEP1 Configuratio

Step 1: Configure the interface.

hostname(config)# interface ethernet0/1

hostname(config-if-eth0/1)# zone l2-trust

hostname(config-if-eth0/1)# ip address 10.1.2.1/24

hostname(config-if-eth0/1)# exit

Step2: Configure VXLAN tunnel.

hostname(config)# tunnel vxlan tunnel 1

hostname(config-tunnel-vxlan)# interface ethernet0/7

hostname(config-tunnel-vxlan)# destination 7.1.1.2

hostname(config-tunnel-vxlan)# vni 100

hostname(config-tunnel-vxlan)# exit

hostname(config)#

Step 3: Configure the tunnel interface and bind the Layer 2 security zone.

hostname(config)# interface tunnel1

hostname(config-if-tun1)# zone l2-trust

hostname(config-if-tun1)#tunnel vxlan tunnel1

hostname(config-if-tun1)# exit

hostname(config)#

Step 4: Configure the policy.

hostname(config)# policy-global

hostname(config-policy)# rule id 1

Rule id 1 is created

hostname(config-policy-rule)# src-addr -any

hostname(config-policy-rule)# dst-addr any

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# exit

hostname(config)#

VTEP2 Configuration

Step 1: Configure the interface.

hostname(config)# interface ethernet0/1

hostname(config-if-eth0/1)# zone l2-trust

hostname(config-if-eth0/1)# exit

Step2: Configure VXLAN tunnel.

hostname(config)# tunnel vxlan tunnel 1

hostname(config-tunnel-vxlan)# interface ethernet0/7

hostname(config-tunnel-vxlan)# destination 7.1.1.1

hostname(config-tunnel-vxlan)# vni 100

hostname(config-tunnel-vxlan)# exit

hostname(config)#

Step 3: Configure the tunnel interface and bind the Layer 2 security zone.

hostname(config)# interface tunnel1

hostname(config-if-tun1)# zone l2-trust

hostname(config-if-tun1)#tunnel vxlan tunnel1

hostname(config-if-tun1)# exit

hostname(config)#

Step 4: Configure the policy

hostname(config)# policy-global

hostname(config-policy)# rule id 1

Rule id 1 is created

hostname(config-policy-rule)# src-addr -any

hostname(config-policy-rule)# dst-addr any

hostname(config-policy-rule)# service any

hostname(config-policy-rule)# action permit

hostname(config-policy-rule)# exit

hostname(config)#

Step5: Verify result

PC1 and PC2 can communicate with each other through the VXLAN tunnel successfully.