HP FlexFabric 5700 Series Security Configuration Manual page 291
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (125 pages) ,
- Configuration manual (63 pages)
Table of Contents
Advertisement
[SwitchB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[SwitchB-ipsec-transform-set-tran1] quit
# Create and configure the IPsec profile named profile001.
[SwitchB] ipsec profile profile001 manual
[SwitchB-ipsec-profile-profile001] transform-set tran1
[SwitchB-ipsec-profile-profile001] sa spi outbound esp 123456
[SwitchB-ipsec-profile-profile001] sa spi inbound esp 123456
[SwitchB-ipsec-profile-profile001] sa string-key outbound esp simple abcdefg
[SwitchB-ipsec-profile-profile001] sa string-key inbound esp simple abcdefg
[SwitchB-ipsec-profile-profile001] quit
# Apply the IPsec profile to RIPng process 1.
[SwitchB] ripng 1
[SwitchB-ripng-1] enable ipsec-profile profile001
[SwitchB-ripng-1] quit
Configure Switch C:
3.
# Configure IPv6 addresses for interfaces. (Details not shown.)
# Configure basic RIPng.
<SwitchC> system-view
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] ripng 1 enable
[SwitchC-Vlan-interface200] quit
# Create and configure the IPsec transform set named tran1.
[SwitchC] ipsec transform-set tran1
[SwitchC-ipsec-transform-set-tran1] encapsulation-mode transport
[SwitchC-ipsec-transform-set-tran1] protocol esp
[SwitchC-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128
[SwitchC-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[SwitchC-ipsec-transform-set-tran1] quit
# Create and configure the IPsec profile named profile001.
[SwitchC] ipsec profile profile001 manual
[SwitchC-ipsec-profile-profile001] transform-set tran1
[SwitchC-ipsec-profile-profile001] sa spi outbound esp 123456
[SwitchC-ipsec-profile-profile001] sa spi inbound esp 123456
[SwitchC-ipsec-profile-profile001] sa string-key outbound esp simple abcdefg
[SwitchC-ipsec-profile-profile001] sa string-key inbound esp simple abcdefg
[SwitchC-ipsec-profile-profile001] quit
# Apply the IPsec profile to RIPng process 1.
[SwitchC] ripng 1
[SwitchC-ripng-1] enable ipsec-profile profile001
[SwitchC-ripng-1] quit
Verifying the configuration
After the configuration is completed, Switch A, Switch B, and Switch C learn IPv6 routing information
through RIPng. IPsec SAs are set up successfully on the switches to protect RIPng packets. This example
uses Switch A to verify the configuration.
279
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
