H3C Technologies H3C SecPath F1000-E User Manual

17

[CE-GigabitEthernet0/0] ip binding vpn-instance CE-VPN1

[CE-GigabitEthernet0/0] ip address 10.1.1.2 255.255.255.0

# Configure interface GigabitEthernet 0/2.

[CE] interface gigabitEthernet0/2

[CE-GigabitEthernet0/2] ip binding vpn-instance CE-VPN1

[CE-GigabitEthernet0/2] ip address 10.2.1.2 255.255.255.0

# Configure interface GigabitEthernet 0/1.

[CE] interface gigabitEthernet0/1

[CE- GigabitEthernet0/1] ip binding vpn-instance CE-VPN2

[CE- GigabitEthernet0/1] ip address 20.1.1.2 255.255.255.0

# Configure interface GigabitEthernet 0/3.

[CE] interface gigabitEthernet0/3

[CE-GigabitEthernet0/3] ip binding vpn-instance CE-VPN2

[CE-GigabitEthernet0/3] ip address 20.2.1.2 255.255.255.0

# Configure OSPF process 100.

[CE] ospf 100 vpn-instance CE-VPN1

[CE-ospf-100] vpn-instance-capability simple

[CE-ospf-100] area 0.0.0.0

[CE-ospf-100-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[CE-ospf-100-area-0.0.0.0] network 10.2.1.0 0.0.0.255

# Configure OSPF process 200.

[CE] ospf 200 vpn-instance CE-VPN2

[CE-ospf-200] vpn-instance-capability simple

[CE-ospf-200] area 0.0.0.1

[CE-ospf-200-area-0.0.0.1] network 20.1.1.0 0.0.0.255

[CE-ospf-200-area-0.0.0.1] network 20.2.1.0 0.0.0.255

After you finish the above configuration through command lines, you need to log in to the Web interface
of the device to create a virtual device, add security zones in the virutal device, add interfaces

GigabitEthernet 0/0 through GigabitEthernet 0/3 to different security zones, and configure security

policies to permit OSPF packets from different VPN instances to the local device.