Applying a qos policy to an ipsec tunnel interface – H3C Technologies H3C SecPath F1000-E User Manual
Page 150
22
To do…
Use the command…
Remarks
Create a tunnel interface and enter
its view
interface tunnel number
Required
By default, no tunnel interface exists
on the device.
Assign an IPv4 address to the
tunnel interface
ip address ip-address { mask |
mask-length } [ sub ]
Required
By default, no IPv4 address is
assigned to a tunnel interface.
Set the tunnel mode of the tunnel
interface to IPsec over IPv4
tunnel-protocol ipsec ipv4
Required
By default, GRE encapsulation mode
is used.
Specify the source address or
interface of the tunnel interface
source { ip-address |
interface-type
interface-number }
Required
By default, no source address or
interface is specified for a tunnel
interface.
If you specify an interface, the tunnel
interface will take the primary IP
address of the source interface.
Specify the destination address of
the tunnel interface
destination ip-address
Optional for IKE negotiation
responder
Required for IKE negotiation initiator
By default, no tunnel destination
address is configured.
Apply an IPsec profile to the tunnel
interface
ipsec profile profile-name
Required
The IPsec profile must have been
created.
NOTE:
•
For information about commands interface tunnel, tunnel-protocol, source and destination, refer to
Tunneling Commands in the IP Services Volume.
•
An IPsec tunnel interface can reference only one IPsec profile.
•
Though an IPsec profile can be applied to multiple IPsec tunnel interfaces; it takes effect only on the IPsec
tunnel interface that goes up first. Thus it is recommended to apply an IPsec profile to only one IPsec
tunnel interface.
Applying a QoS Policy to an IPsec Tunnel Interface
The device allows you to apply a QoS policy to the IPsec tunnel interface. In this case, QoS is performed
before IPsec encapsulation, and the priority of a resulting packet is the same as that of the original packet.
In addition, the QoS congestion management is done to the packets before encapsulation, avoiding the
disorder of IPsec packets.
Follow these steps to apply a QoS policy to an IPsec tunnel interface:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter tunnel interface view
interface tunnel number —