Configure VPN instances on an AR router to configure virtual firewalls

A virtual firewall is implemented by configuring a VPN instance. A VPN instance corresponds to one virtual firewall. Before configuring a virtual firewall, create a VPN instance first, and then bind an interface with the VPN instance. Interfaces that have the same VPN instance belong to a same virtual firewall, and security policies can be deployed separately for the virtual firewall.
Operation procedure
Run the system-view command to access the system view.
Run the ip vpn-instance vpn-instance-name to create a VPN instance and access the VPN instance view.
(Optional) Run the description description-information command to record the descriptive information of the VPN instance.
Run the route-distinguisher route-distinguisher command to configure a routing label for the VPN instance.
After a VPN instance is created, specify a routing label for the VPN instance; otherwise, subsequent configuration cannot be performed.
Run the interface interface-type interface-number command to access the interface view.
Run the ip binding vpn-instance vpn-instance-name command to bind an interface with the VPN instance.
Bind an interface with the VPN instance, and then configure an IP address for the interface. Otherwise, the configured IP address will be deleted, and you will need to reconfigure an IP address for the interface.
Run the ip address ip-address { mask | mask-length } command to configure an IP address for the interface.

Scroll to top