H3C Technologies H3C SecPath F1000-E User Manual

449

Step Command

Remarks

5.

Specify the source address or

interface of the tunnel
interface.

source { ip-address |
interface-type

interface-number }

The source IP address is the IP address of
the physical interface that sends the DVPN
packets.
A tunnel interface has no source address or
interface configured by default.

6.

Bind a VAM client to the
tunnel interface.

vam client client-name

A DVPN tunnel interface must be bound to
a VAM client; otherwise the tunnel

interface cannot come up.
The client to be bound must exist and has

not been bound to any other tunnel
interface.
No VAM client is bound to a DVPN tunnel
interface by default.

7.

Set the DVPN keepalive
interval and transmission

attempt limit.

keepalive [ seconds
[ times ] ]

Optional.
The defaults are as follows:

•

180 seconds for the DVPN keepalive

interval,

•

3 times for the transmission attempt

limit.

8.

Set the idle timeout for the
spoke-spoke tunnel.

dvpn session idle-time

time-interval

Optional.
600 seconds by default.

9.

Set the DVPN tunneling quiet

period.

dvpn session dumb-time
time-interval

Optional.
120 seconds by default.

10.

Specify the network type of

the OSPF interface.

ospf network-type
{ broadcast | p2mp }

Required when OSPF is used.
Not specified by default
A DVPN tunnel can use only two types of

OSPF interfaces: broadcast and point to
multi-point (P2MP).

11.

Set the DR priority of the OSPF
interface.

ospf dr-priority priority

Optional for a hub but required for a
spoke, when OSPF is used.
By default, the interface DR priority is 1.
The DR priority of a hub should be higher
than that of a spoke. H3C recommends

setting the DR priority of a spoke to 0 to
keep the spoke from participating in

DR/BDR election.

12.

Bind an IPsec profile to the
DVPN tunnel interface.

ipsec profile
ipsec-profile-name

Optional.
By default, no IPsec profile is bound to a
DVPN tunnel interface.
The IPsec profile to be bound must already
exist.