Huawei quidway s7700 Configuration Manual page 148

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
Figure 4-4 Networking for establishing an SA through IKE negotiation
SwitchA
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
6.
7.
8.
Procedure
Step 1 Import flows on SwitchA and SwitchB to the SPUs.
1.
Issue 01 (2011-07-15)
VLAN 20
VLAN 10
202.38.163.1/24
VLAN 20
XGE0/0/1.1
XGE5/0/0
XGE0/0/1.2
202.38.168.2/24
VLAN 10
GE1/0/12
GE1/0/11
10.1.1.2/24
PC A
Import flows from the Switches to the SPUs.
Configure IKE proposal.
Specify the local host ID and IKE peer required in IKE negotiation.
Configure ACLs to define the data flows to be protected.
Configure static routes between the SPUs of SwitchA and SwitchB.
Configure an IPSec proposal.
Configure IPSec policies and apply the ACLs and IPSec proposal to the IPSec policies.
Apply the IPSec policies to interfaces of the SPUs.
Configure SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 1/0/11
[SwitchA-GigabitEthernet1/0/11] port link-type access
[SwitchA-GigabitEthernet1/0/11] port default vlan 10
[SwitchA-GigabitEthernet1/0/11] quit
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface gigabitethernet 1/0/12
[SwitchA-GigabitEthernet1/0/12] port link-type trunk
[SwitchA-GigabitEthernet1/0/12] port trunk allow-pass vlan 20
[SwitchA-GigabitEthernet1/0/12] undo port trunk allow-pass vlan 1
[SwitchA-GigabitEthernet1/0/12] quit
[SwitchA] interface XGigabitEthernet5/0/0
[SwitchA-XGigabitEthernet5/0/0] port link-type trunk
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VLAN 30
VLAN 20
XGE5/0/0 XGE0/0/1.1
GE1/0/12
Internet
10.1.2.2/24
4 IPSec Configuration
VLAN 20
202.38.162.1/24
XGE0/0/1.2
202.38.165.2/24
VLAN 30
SwitchB
GE1/0/11
PC B
137