Configuring Routing; Configuring Ipsec For Advpn Tunnels; Displaying And Maintaining Advpn - HPE FlexNetwork HSR6800 Configuration Manual
Comware 7 layer 3, ip services
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (482 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
Step
13. (Optional.) Configure a
mapping between an
ADVPN group and a QoS
policy.
For more information about tunnel interface configurations and commands, see Layer 3—IP
Services Configuration Guide and Layer 3—IP Services Command Reference.
Configuring routing
ADVPN supports OSPF, RIP, and BGP for IPv4:
•
When OSPF is used, set the network type of an OSPF interface to broadcast in a full-mesh
network or to P2MP in a hub-spoke network.
•
You can use RIP only in a hub-spoke network and you must also disable split horizon. RIP is not
supported in a full-mesh network.
•
When BGP is used, configure a routing policy to make sure the next hop of a route destined for
a remote private network is the IP address of the peer spoke in a full-mesh network (EBGP does
not support full-mesh), or is the IP address of the hub in a hub-spoke network.
ADVPN supports OSPFv3, RIPng, and IPv6 BGP for IPv6:
•
When OSPFv3 is used, set the network type of an OSPFv3 interface to broadcast in a full-mesh
network or to P2MP in a hub-spoke network.
•
When RIPng is used, only the full-mesh network is supported.
•
When IPv6 BGP is used, configure a routing policy to make sure the next hop of a route
destined for a remote private network is the IP address of the peer spoke in a full-mesh network
(EBGP does not support full-mesh), or is the IP address of the hub in a hub-spoke network.
For more information about routing protocols and policies, see Layer 3—IP Routing Configuration
Guide.
Configuring IPsec for ADVPN tunnels
You can configure an IPsec profile to secure ADVPN tunnels:
1.
Configure IPsec transform sets to specify the security protocols, authentication and encryption
algorithms, and the encapsulation mode.
2.
Configure an IKE-mode IPsec profile that uses the IPsec transform sets.
3.
Apply the IPsec profile to an ADVPN tunnel interface.
For more information about IPsec configuration, see Security Configuration Guide.
Displaying and maintaining ADVPN
Execute display commands in any view and reset commands in user view.
Task
Display IPv4 private-to-public address
mapping information for VAM clients
registered with the VAM server.
Command
advpn map group group-name
qos-policy policy-name
outbound
Command
display vam server address-map [ advpn-domain
domain-name [ private-address private-ip-address ] ] [ verbose ]
339
Remarks
By default, no ADVPN
group-to-QoS policy mappings
are configured.
Perform this configuration on the
hub.
Advertisement
Table of Contents
Troubleshooting
