vpn-instance(AAA domain view)

Function

The vpn-instance command binds a VPN instance to a domain.

The undo vpn-instance command unbinds the VPN instance from the domain.

By default, a public network VPN instance is bound to a domain.

This command is supported only on the NetEngine 8000 F1A.

Format

vpn-instance instance-name

undo vpn-instance

Parameters

Parameter Description Value
instance-name

Specifies the VPN instance name.

The value is a string of 1 to 31 characters.

Views

AAA domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
aaa-access write

Usage Guidelines

Usage Scenario

To provide wholesale services for multiple ISPs over an MPLS VPN, you need to run the vpn-instance command to bind the VPN instance to a domain.

If an IPoE user wants to access a VPN, you need to run the command to bind the VPN instance to the domain.

Prerequisites

The VPN instance to be bound to a domain has been created using the ip vpn-instance command in the system view, and RD has been configured for the VPN instance.

Configuration Impact

  • If only an IPv4 address family is enabled for the VPN instance that is bound to a domain, only the VPN users using IPv4 addresses can access the device.
  • If only an IPv6 address family is enabled for the VPN instance that is bound to a domain, only the VPN users using IPv6 addresses can access the device.
  • If both the IPv4 and IPv6 address families are enabled for the VPN instance that is bound to a domain, both the VPN users using the IPv4 addresses and the VPN users using the IPv6 addresses can access the device.

Precautions

The VPN instance bound to a domain must be the same as that bound to the address pool in the domain. Otherwise, users in the domain cannot get online.

After a domain has been bound to a VPN instance, no address family can be added to or deleted from the VPN instance. Before adding an address family to or deleting an address family from a VPN instance, you must unbind the VPN instance from the domain.

In VS mode, this command is supported only by the admin VS.

Example

# Bind a VPN instance named vrf1 to a domain named huawei.
<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vrf1
[*HUAWEI-vpn-instance-vrf1] ipv4-family
[*HUAWEI-vpn-instance-vrf1-af-ipv4] route-distinguisher 22:1
[*HUAWEI-vpn-instance-vrf1-af-ipv4] vpn-target 3:3 export-extcommunity
[*HUAWEI-vpn-instance-vrf1-af-ipv4] vpn-target 4:4 import-extcommunity
[*HUAWEI-vpn-instance-vrf1-af-ipv4] commit
[~HUAWEI-vpn-instance-vrf1-af-ipv4] quit
[~HUAWEI-vpn-instance-vrf1] quit
[~HUAWEI] aaa
[~HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] commit
[~HUAWEI-aaa-domain-huawei] vpn-instance vrf1
Parent Topic: AAA and User Management Configuration (Access User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >