1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Switch
  5. S9700 Series
  6. Configuration manual

Huawei S9700 Series Configuration Manual page 144

Terabit routing switches spu
Hide thumbs Also See for S9700 Series:
Table of Contents

Advertisement

S9700 Core Routing Switch
Configuration Guide - SPU
4.
Step 2 Configure ACLs on the SPUs of SwitchA and SwitchB to define the data flows to be protected.
# Configure an ACL on the SPU of SwitchA.
[SPU] acl number 3101
[SPU-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[SPU-acl-adv-3101] quit
# Configure an ACL on the SPU of SwitchB.
[SPU] acl number 3101
[SPU-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0
0.0.0.255
[SPU-acl-adv-3101] quit
Step 3 Configure static routes between the SPUs of SwitchA and SwitchB.
# Configure a static route to the remote peer on the SPU of SwitchA.
[SPU] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
[SPU] ip route-static 202.38.162.1 255.255.255.0 202.38.163.1
# Configure a static route to the remote peer on the SPU of SwitchB.
[SPU] ip route-static 10.1.1.0 255.255.255.0 202.38.163.1
[SPU] ip route-static 202.38.163.1 255.255.255.0 202.38.162.1
Ping PC B from PC A. The ping succeeds.
Step 4 Create IPSec proposals on the SPUs of SwitchA and SwitchB.
# Configure an IPSec proposal on the SPU of SwitchA.
[SPU] ipsec proposal tran1
[SPU-ipsec-proposal-tran1] encapsulation-mode tunnel
[SPU-ipsec-proposal-tran1] transform esp
[SPU-ipsec-proposal-tran1] esp encryption-algorithm des
[SPU-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SPU-ipsec-proposal-tran1] quit
# Configure an IPSec proposal on SwitchB.
Issue 01 (2012-03-15)
[SwitchB] interface gigabitethernet 1/0/12
[SwitchB-GigabitEthernet1/0/12] port link-type trunk
[SwitchB-GigabitEthernet1/0/12] port trunk allow-pass vlan 20
[SwitchB-GigabitEthernet1/0/12] undo port trunk allow-pass vlan 1
[SwitchB-GigabitEthernet1/0/12] quit
[SwitchB] interface XGigabitEthernet5/0/0
[SwitchB-XGigabitEthernet5/0/0] port link-type trunk
[SwitchB-XGigabitEthernet5/0/0] port trunk allow-pass vlan 30 20
[SwitchB-XGigabitEthernet5/0/0] undo port trunk allow-pass vlan 1
[SwitchB-XGigabitEthernet5/0/0] quit
Configure the SPU on SwitchB.
<Quidway> system-view
[Quidway] sysname SPU
[SPU] interface XGigabitEthernet 0/0/1.1
[SPU-XGigabitEthernet0/0/1.1] control-vid 20 dot1q-termination
[SPU-XGigabitEthernet0/0/1.1] dot1q termination vid 20
[SPU-XGigabitEthernet0/0/1.1] ip address 202.38.162.1 255.255.255.0
[SPU-XGigabitEthernet0/0/1.1] arp broadcast enable
[SPU-XGigabitEthernet0/0/1.1] quit
[SPU] interface XGigabitEthernet 0/0/1.2
[SPU-XGigabitEthernet0/0/1.2] control-vid 30 dot1q-termination
[SPU-XGigabitEthernet0/0/1.2] dot1q termination vid 30
[SPU-XGigabitEthernet0/0/1.2] ip address 202.38.165.2 255.255.255.0
[SPU-XGigabitEthernet0/0/1.2] arp broadcast enable
[SPU-XGigabitEthernet0/0/1.2] quit
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
133

Advertisement

Table of Contents
loading

Related Manuals for Huawei S9700 Series

Related Products for Huawei S9700 Series

Table of Contents