beautypg.com

Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

Page 259

background image

244

2.

Configure an IPsec profile.

{

The IPsec profiles on all the switches must have IPsec transform sets that use the same security
protocol, authentication and encryption algorithms, and encapsulation mode.

{

The SPI and key configured for the inbound SA and those for the outbound SA must be the same

on each switch.

{

The SPI and key configured for the SAs on all the switches must be the same.

3.

Apply the IPsec profile to a RIPng process or to an interface.

Configuration procedure

1.

Configure Switch A:
# Configure IPv6 addresses for interfaces. (Details not shown.)
# Configure basic RIPng.

system-view

[SwitchA] ripng 1

[SwitchA-ripng-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ripng 1 enable

[SwitchA-Vlan-interface100] quit

# Create and configure the IPsec transform set named tran1.

[SwitchA] ipsec transform-set tran1

[SwitchA-ipsec-transform-set-tran1] encapsulation-mode transport

[SwitchA-ipsec-transform-set-tran1] protocol esp

[SwitchA-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128

[SwitchA-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[SwitchA-ipsec-transform-set-tran1] quit

# Create and configure the IPsec profile named profile001.

[SwitchA] ipsec profile profile001 manual

[SwitchA-ipsec-profile-profile1001] transform-set tran1

[SwitchA-ipsec-profile-profile1001] sa spi outbound esp 123456

[SwitchA-ipsec-profile-profile1001] sa spi inbound esp 123456

[SwitchA-ipsec-profile-profile1001] sa string-key outbound esp simple abcdefg

[SwitchA-ipsec-profile-profile1001] sa string-key inbound esp simple abcdefg

[SwitchA-ipsec-profile-profile1001] quit

# Apply the IPsec profile to RIPng process 1.

[SwitchA] ripng 1

[SwitchA-ripng-1] enable ipsec-profile profile001

[SwitchA-ripng-1] quit

2.

Configure Switch B:
# Configure IPv6 addresses for interfaces. (Details not shown.)
# Configure basic RIPng.

system-view

[SwitchB] ripng 1

[SwitchB-ripng-1] quit

[SwitchB] interface vlan-interface 200

[SwitchB-Vlan-interface200] ripng 1 enable

[SwitchB-Vlan-interface200] quit

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: