beautypg.com

Hub-spoke dvpn configuration example, Network requirements, Configure the primary vam server – H3C Technologies H3C SecPath F1000-E User Manual

Page 478

background image

466

Hub-spoke DVPN configuration example

Network requirements

In the hub-spoke network shown in

Figure 329

, data is forwarded along hub-spoke tunnels. The

primary and secondary VAM servers manage and maintain information about the nodes. The AAA

server takes charge of VAM client authentication and accounting. With each being the backup of
the other, the two hubs perform data forwarding and routing information exchange.

A permanent tunnel is established between each hub-spoke pair.

Figure 329 Network diagram

Device Interface

IP

address

Device

Interface IP

address

Hub 1

GE0/2

192.168.1.1/24

Spoke 1

Eth1/1

192.168.1.3/24

Tunnel1

10.0.1.1/24

Eth1/2

10.0.2.1/24

Hub 2

GE0/2

192.168.1.2/24

Tunnel1 10.0.1.3/24

Tunnel1

10.0.1.2/24

Spoke 2

Eth1/1

192.168.1.4/24

Primary server

Eth1/1

192.168.1.22/24 Eth1/2

10.0.3.1/24

Secondary server Eth1/1

192.168.1.33//2
4

Tunnel1

10.0.1.4/24

AAA server

192.168.1.11/24

Configure the primary VAM server

1.

Configure IP addresses for the interfaces. (Details not shown.)

2.

Configure AAA:

system-view

# Configure RADIUS scheme radsun.

[PrimaryServer] radius scheme radsun

[PrimaryServer-radius-radsun] primary authentication 192.168.1.11 1812

[PrimaryServer-radius-radsun] primary accounting 192.168.1.11 1813

[PrimaryServer-radius-radsun] key authentication expert

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: