Huawei quidway s7700 Configuration Manual page 151
Smart routing switch
Hide thumbs
Also See for quidway s7700:
- Configuration manual (833 pages) ,
- Configuration manual - ethernet (648 pages) ,
- Configuration manual - multicast (551 pages)
Table of Contents
Advertisement
Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
[SPU-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0
0.0.0.255
[SPU-acl-adv-3101] quit
Step 5 Configure static routes between the SPUs of SwitchA and SwitchB.
Configure the SPU on SwitchA.
[SPU] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
[SPU] ip route-static 202.38.162.1 255.255.255.0 202.38.163.1
Configure the SPU on SwitchB.
[SPU] ip route-static 10.1.1.0 255.255.255.0 202.38.163.1
[SPU] ip route-static 202.38.163.1 255.255.255.0 202.38.162.1
Step 6 Create an IPSec proposal on the SPUs of SwitchA and SwitchB.
# Configure an IPSec proposal on the SPU of SwitchA.
[SPU] ipsec proposal tran1
[SPU-ipsec-proposal-tran1] encapsulation-mode tunnel
[SPU-ipsec-proposal-tran1] transform esp
[SPU-ipsec-proposal-tran1] esp encryption-algorithm des
[SPU-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SPU-ipsec-proposal-tran1] quit
# Configure an IPSec proposal on SwitchB.
[SPU] ipsec proposal tran1
[SPU-ipsec-proposal-tran1] encapsulation-mode tunnel
[SPU-ipsec-proposal-tran1] transform esp
[SPU-ipsec-proposal-tran1] esp encryption-algorithm des
[SPU-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SPU-ipsec-proposal-tran1] quit
Run the display ipsec proposal command on the SPUs of SwitchA and SwitchB to view the
configuration of the IPSec proposals. Take the display on the SPU of SwitchA as an example.
[SPU] display ipsec proposal
Number of Proposals: 1
IPsec Proposal Name: tran1
Encapsulation mode: Tunnel
Transform
ESP protocol
Step 7 Create IPSec policies on the SPUs of SwitchA and SwitchB.
# Configure an IPSec policy on the SPU of SwitchA.
[SPU] ipsec policy map1 10 isakmp
[SPU-ipsec-policy-isakmp-map1-10] ike-peer spub
[SPU-ipsec-policy-isakmp-map1-10] proposal tran1
[SPU-ipsec-policy-isakmp-map1-10] security acl 3101
[SPU-ipsec-policy-isakmp-map1-10] quit
# Configure an IPSec policy on SwitchB.
[SPU] ipsec policy use1 10 isakmp
[SPU-ipsec-policy-isakmp-use1-10] ike-peer spua
[SPU-ipsec-policy-isakmp-use1-10] proposal tran1
[SPU-ipsec-policy-isakmp-use1-10] security acl 3101
[SPU-ipsec-policy-isakmp-use1-10] quit
Run the display ipsec policy command on the SPUs of SwitchA and SwitchB to view the
configuration of the IPSec policies. Take the display on the SPU of SwitchA as an example.
Issue 01 (2011-07-15)
: esp-new
: Authentication SHA1-HMAC-96
Encryption
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
DES
4 IPSec Configuration
140
Advertisement
Table of Contents
