Configuration procedure, Configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 114
102
interface address as the next hop. A similar configuration needs to be performed at the other tunnel
end. If you configure dynamic routing at both ends, enable the dynamic routing protocol on both
tunnel interfaces. For the detailed configuration, see Network Management Configuration Guide.
•
The IPv4 address of the local tunnel interface cannot be on the same subnet as the destination
address of the tunnel.
•
The destination address of a route with a tunnel interface as the egress interface must not be on the
same subnet as the destination address of the tunnel.
•
Two or more tunnel interfaces using the same encapsulation protocol must have different source and
destination addresses.
•
If you specify a source interface instead of a source address for the tunnel, the source address of the
tunnel is the primary IP address of the source interface.
Configuration procedure
To configure an IPv4 over IPv4 tunnel:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter tunnel interface view. interface tunnel number N/A
3.
Configure an IPv4 address
for the tunnel interface.
ip address ip-address { mask |
mask-length } [ sub ]
By default, no IPv4 address is
configured for the tunnel interface.
4.
Specify the IPv4 over IPv4
tunnel mode.
tunnel-protocol ipv4-ipv4
Optional
By default, the tunnel mode is GRE over
IPv4.
The same tunnel mode should be
configured at both ends of the tunnel.
Otherwise, packet delivery will fail.
5.
Configure a source address
or interface for the tunnel
interface.
source { ip-address |
interface-type interface-number }
By default, no source address or
interface is configured for the tunnel.
6.
Configure a destination
address for the tunnel
interface.
destination ip-address
By default, no destination address is
configured for the tunnel.
Configuration example
NOTE:
In this configuration example, either Router A or Router B is the SecPath firewall.
Network requirements
As shown in
, the two subnets Group 1 and Group 2 use private IPv4 addresses. Configure an
IPv4 over IPv4 tunnel between Router A and Router B to make the two subnets reachable to each other.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS