Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
l
l
Issue 01 (2012-03-15)
#
ipsec proposal tran1
esp authentication-algorithm sha1
#
ipsec policy map1 10 manual
security acl 3101
proposal tran1
tunnel local 202.38.163.1
tunnel remote 202.38.162.1
sa spi inbound esp 54321
sa string-key inbound esp gfedcba
sa spi outbound esp 12345
sa string-key outbound esp abcdefg
#
interface XGigabitEthernet0/0/1.1
control-vid 20 dot1q-termination
dot1q termination vid 20
ip address 202.38.163.1 255.255.255.0
ipsec policy map1
arp broadcast enable
#
interface XGigabitEthernet0/0/1.2
control-vid 10 dot1q-termination
dot1q termination vid 10
ip address 202.38.163.2 255.255.255.0
arp broadcast enable
#
ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
#
return
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 20
#
interface GigabitEthernet1/0/11
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20
#
interface XGigabitEthernet5/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
return
Configuration of the SPU on SwitchB
#
sysname SPU
#
acl number 3101
rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
ipsec proposal tran1
esp authentication-algorithm sha1
#
ipsec policy use1 10 manual
security acl 3101
proposal tran1
tunnel local 202.38.162.1
tunnel remote 202.38.163.1
sa spi inbound esp 12345
sa string-key inbound esp abcdefg
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
136
Advertisement
Table of Contents
