beautypg.com

H3C Technologies H3C S5560 Series Switches User Manual

Page 400

background image

384

Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec profile.

A device uses the SPI carried in a received packet to match against the configured IPsec profile. If they
match, the device accepts the packet. Otherwise, the device discards the packet and will not establish a

neighbor relationship with the sending device.
You can configure an IPsec profile for an area, an interface, a virtual link, or a sham link.

To implement area-based IPsec protection, configure the same IPsec profile on the routers in the
target area.

To implement interface-based IPsec protection, configure the same IPsec profile on the interfaces

between two neighboring routers.

To implement virtual link-based IPsec protection, configure the same IPsec profile on the two routers
connected over the virtual link.

To implement sham link-based IPsec protection, configure the same IPsec profile on the two routers
connected over the sham link. For information about sham link, see MPLS Configuration Guide.

If an interface and its area each have an IPsec profile configured, the interface uses its own IPsec
profile.

If a virtual link and area 0 each have an IPsec profile configured, the virtual link uses its own IPsec
profile.

If a sham link and its area each have an IPsec profile configured, the sham link uses its own IPsec
profile.

To apply an IPsec profile to an area:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter OSPFv3 view.

ospfv3 [ process-id | vpn-instance
vpn-instance-name ] *

N/A

3.

Enter OSPFv3 area view.

area area-id

N/A

4.

Apply an IPsec profile to the

area.

enable ipsec-profile profile-name

By default, no IPsec profile is
applied.

To apply an IPsec profile to an interface:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Apply an IPsec profile to the

interface.

ospfv3 ipsec-profile profile-name

By default, no IPsec profile is
applied.

To apply an IPsec profile to a virtual link:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter OSPFv3 view.

ospfv3 [ process-id | vpn-instance
vpn-instance-name ] *

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: