1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Switch
  5. S9700 Series
  6. Configuration manual

Huawei S9700 Series Configuration Manual page 152

Terabit routing switches spu
Hide thumbs Also See for S9700 Series:
Table of Contents

Advertisement

S9700 Core Routing Switch
Configuration Guide - SPU
[SPU-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0
0.0.0.255
[SPU-acl-adv-3101] quit
Step 5 Configure static routes between the SPUs of SwitchA and SwitchB.
Configure the SPU on SwitchA.
[SPU] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
[SPU] ip route-static 202.38.162.1 255.255.255.0 202.38.163.1
Configure the SPU on SwitchB.
[SPU] ip route-static 10.1.1.0 255.255.255.0 202.38.163.1
[SPU] ip route-static 202.38.163.1 255.255.255.0 202.38.162.1
Step 6 Create an IPSec proposal on the SPUs of SwitchA and SwitchB.
# Configure an IPSec proposal on the SPU of SwitchA.
[SPU] ipsec proposal tran1
[SPU-ipsec-proposal-tran1] encapsulation-mode tunnel
[SPU-ipsec-proposal-tran1] transform esp
[SPU-ipsec-proposal-tran1] esp encryption-algorithm des
[SPU-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SPU-ipsec-proposal-tran1] quit
# Configure an IPSec proposal on SwitchB.
[SPU] ipsec proposal tran1
[SPU-ipsec-proposal-tran1] encapsulation-mode tunnel
[SPU-ipsec-proposal-tran1] transform esp
[SPU-ipsec-proposal-tran1] esp encryption-algorithm des
[SPU-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SPU-ipsec-proposal-tran1] quit
Run the display ipsec proposal command on the SPUs of SwitchA and SwitchB to view the
configuration of the IPSec proposals. Take the display on the SPU of SwitchA as an example.
[SPU] display ipsec proposal
Number of Proposals: 1
IPsec Proposal Name: tran1
Encapsulation mode: Tunnel
Transform
ESP protocol
Step 7 Create IPSec policies on the SPUs of SwitchA and SwitchB.
# Configure an IPSec policy on the SPU of SwitchA.
[SPU] ipsec policy map1 10 isakmp
[SPU-ipsec-policy-isakmp-map1-10] ike-peer spub
[SPU-ipsec-policy-isakmp-map1-10] proposal tran1
[SPU-ipsec-policy-isakmp-map1-10] security acl 3101
[SPU-ipsec-policy-isakmp-map1-10] quit
# Configure an IPSec policy on SwitchB.
[SPU] ipsec policy use1 10 isakmp
[SPU-ipsec-policy-isakmp-use1-10] ike-peer spua
[SPU-ipsec-policy-isakmp-use1-10] proposal tran1
[SPU-ipsec-policy-isakmp-use1-10] security acl 3101
[SPU-ipsec-policy-isakmp-use1-10] quit
Run the display ipsec policy command on the SPUs of SwitchA and SwitchB to view the
configuration of the IPSec policies. Take the display on the SPU of SwitchA as an example.
Issue 01 (2012-03-15)
: esp-new
: Authentication SHA1-HMAC-96
Encryption
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
DES
4 IPSec Configuration
141

Advertisement

Table of Contents
loading

Related Manuals for Huawei S9700 Series

Related Products for Huawei S9700 Series

Table of Contents