Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

54

Figure 54 Network diagram

Device Interface IP

Address

Device

Interface

IP Address

SecPath A

GE0/1

11.1.1.1/24

SecPath B

GE0/1

11.1.1.2/24

GE0/2

10.1.1.1/24

GE0/2

10.1.1.2/24

GE0/3

192.168.11.1/24

GE0/3

192.168.11.2/24

Tunnel0

172.168.1.1/24

Tunnel0

172.168.2.2/24

Tunnel1

192.168.22.1/24

Tunnel1

192.168.22.2/24

SecPath C

GE0/1

11.1.1.3/24

SecPath C

Tunnel0

172.168.1.3/24

GE0/2

192.168.12.1/24

Tunnel1

172.168.2.3/24

Configuration procedure

Configure IP addresses and masks for interfaces as per

Figure 30

. (Details not shown.)

1.

Configure SecPath A:
# Create interface Tunnel 1 and configure an IP address for it.

system-view

[SecPathA] interface tunnel 1

[SecPathA-Tunnel1] ip address 192.168.22.1 255.255.255.0

# Configure the tunnel encapsulation mode of interface Tunnel 1 as GRE over IPv4.

[SecPathA-Tunnel1] tunnel-protocol gre

# Configure the source and destination IP addresses of interface Tunnel 1.

[SecPathA-Tunnel1] source 10.1.1.1

[SecPathA-Tunnel1] destination 10.1.1.2

[SecPathA-Tunnel1] quit

# Create a tunnel interface Tunnel0 and configure an IP address for it.

[SecPathA] interface tunnel 0

[SecPathA-Tunnel0] ip address 172.168.1.1 255.255.255.0

# Configure the tunnel encapsulation mode of interface Tunnel0 as P2MP GRE.

[SecPathA-Tunnel0] tunnel-protocol gre p2mp

# Configure the mask of the branch network connected to Tunnel0 as 255.255.255.0.

[SecPathA-Tunnel0] gre p2mp branch-network-mask 255.255.255.0

# Set the tunnel entry aging time to 20 seconds.

GE0/2

GE0/1

GE0/1

SecPath A

SecPath B

(Backup gateway)

IPv4 network

SecPath C

GE0/2

GE0/3

GE0/3

GE0/1

GE0/2

Tunnel0

Tunnel0

Tunnel0

Tunnel1

Tunnel1

Tunnel1

Host A

Host B

Host C

GRE P2MP tunnel

GRE over IPv4 tunnel

Headquarters

Branch