H3C Technologies H3C SecPath F1000-E User Manual

Page 62

Step Command

Remarks

Enter system view.

system-view

N/A

Create a tunnel
interface and enter

tunnel interface view.

interface tunnel
interface-number

By default, no tunnel interface is created on the
firewall.

Configure an IPv4
address for the tunnel

interface.

ip address ip-address { mask
| mask-length }

By default, a tunnel interface has no IPv4
address.

Set the tunnel mode to
P2MP GRE.

tunnel-protocol gre p2mp

The default tunnel mode is GRE over IPv4.
In P2MP GRE tunnel mode, both the transport
protocol and passenger protocol are IPv4.
You must configure the tunnel mode as GRE
over IPv4 on the tunnel peers.

Configure the source
address or interface for

the tunnel interface.

source { ip-address |
interface-type

interface-number }

By default, no source address or interface is
configured for a tunnel interface.
On each branch node, you need to configure

the tunnel destination address as this source
address.

Enable the GRE packet
checksum function.

gre checksum

Optional
Disabled by default
For more information about the GRE packet
checksum function, see "Configuring GRE."

Configure a route for

packet forwarding
through the tunnel.

See Network Management
Configuration Guide

Each end of the tunnel must have a route (static
or dynamic) through the tunnel to the other end.

Configure the aging

time for the tunnel
entries.

gre p2mp aging-time

aging-time

Optional.
5 seconds by default.

Specify the backup
interface.

gre p2mp backup-interface

tunnel number

Optional.
By default, no backup interface is specified.
The backup interface must be an existing tunnel

interface that works in GRE over IPv4 mode.

10.

Configure the mask or
mask length of the

private network
addresses of the

branch.

gre p2mp
branch-network-mask

{ mask | mask-length }

Optional.
By default, the mask of the private network
address of a branch is 255.255.255.255, that

is, the default mask length is 32.

NOTE:

For more information about tunnel interfaces and related configurations, see "Configuring tunneling."

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS