Configuring A Pre-Shared Key For The Vam Server; Configuring Hub Groups - HPE FlexNetwork HSR6800 Configuration Manual
Comware 7 layer 3, ip services
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (482 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
Configuring a pre-shared key for the VAM server
The pre-shared key is used to generate initial encryption and authentication keys during connection
initialization. It is also used to generate encryption and authentication keys for subsequent packets if
encryption and authentication are needed.
The VAM server must have the same pre-shared key as the clients in the same ADVPN domain. If
they have different pre-shared keys, decryption and authentication will fail, and they cannot establish
a connection.
To configure a pre-shared key for the VAM server:
Step
1.
Enter system view.
2.
Enter ADVPN domain view.
3.
Configure a pre-shared key
for the VAM server.
Configuring hub groups
Hub groups apply to large ADVPN networks. You can classify spokes to different hub groups, and
specify one or more hubs for each group.
When a VAM client registers with the VAM server, the VAM server selects a hub group for the client
as follows:
1.
The server matches the private address of the client against the private addresses of hubs in
different hub groups in lexicographic order.
2.
If a match is found, the server assigns the client to the hub group as a hub.
3.
If no match is found, the server matches the client's private address against the private
addresses of spokes in different hub groups in lexicographic order.
4.
If a match is found, the server assigns the client to the hub group as a spoke.
5.
If no match is found, the registration fails.
The VAM server only assigns hub information in the matching hub group to the client. The client only
establishes permanent ADVPN tunnels to the hubs in the matching hub group.
Creating a hub group
Step
1.
Enter system view.
2.
Enter ADVPN domain view.
3.
Create a hub group and
enter hub group view.
Configuring hub private addresses in a hub group
A hub group must have at least one hub private address.
To configure hub private addresses in the hub group:
Command
system-view
vam server advpn-domain
domain-name [ id domain-id ]
pre-shared-key { cipher | simple }
string
Command
system-view
vam server advpn-domain
domain-name [ id domain-id ]
hub-group group-name
330
Remarks
N/A
N/A
By default, no pre-shared key
is configured.
Remarks
N/A
N/A
By default, no hub group exists.
Advertisement
Table of Contents
Troubleshooting
