Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual

Page 71

[SecPathB-Tunnel0] source 11.1.1.2

[SecPathB-Tunnel0] destination 11.1.1.1

# Set the GRE key of Tunnel0 to 1.

[SecPathB-Tunnel0] gre key 1

[SecPathB-Tunnel0] quit

# Configure a static route to the headquarters network with the outgoing interface being Tunnel 0.

[SecPathB] ip route-static 172.17.17.0 255.255.255.0 tunnel 0

Configure SecPath C:
# Create tunnel interface Tunnel0 and configure an IP address for it.

system-view

[SecPathC] interface tunnel 0

[SecPathC-Tunnel0] ip address 192.168.22.3 255.255.255.0

# Configure the tunnel encapsulation mode of interface Tunnel0 as GRE over IPv4.

[SecPathC-Tunnel0] tunnel-protocol gre

# Configure the source and destination IP addresses of interface Tunnel0.

[SecPathC-Tunnel0] source 11.1.1.3

[SecPathC-Tunnel0] destination 11.1.1.1

# Set the GRE key of Tunnel0 to 2.

[SecPathC-Tunnel0] gre key 2

[SecPathC-Tunnel0] quit

# Configure a static route to the headquarters network with the outgoing interface being Tunnel 0.

[SecPathC] ip route-static 172.17.17.0 255.255.255.0 tunnel 0

Verifying the configuration

# On Host B, specify SecPath C as the default gateway. Ping Host A from Host B. The ping operation

succeeds. View tunnel entries on SecPath A:

[SecPathA] display gre p2mp tunnel-table interface tunnel 0

Dest Addr Mask Tunnel Dest Addr Gre Key

192.168.1.0 255.255.255.0 11.1.1.3 2

# On Host B, specify SecPath B as the default gateway.Ping Host A from Host B. The ping operation
succeeds. View tunnel entries on SecPath A:

[SecPathA] display gre p2mp tunnel-table interface tunnel 0

Dest Addr Mask Tunnel Dest Addr Gre Key

192.168.1.0 255.255.255.0 11.1.1.3 2

192.168.1.0 255.255.255.0 11.1.1.2 1

The output indicates that SecPath A has two tunnel entries to the branch network and prefers the tunnel
entry with a smaller GRE key value. Packets are forwarded to hosts on the branch network through
SecPath B first.
# On SecPath B, shut down interface Tunnel0 to cut off the tunnel link between SecPath A and SecPath

[SecPathB] interface tunnel 0

[SecPathB-Tunnel0] shutdown

# On Host B, specify SecPath C as the default gateway. After the tunnel entry corresponding to SecPath
B ages out, ping Host A from Host B. The ping operation succeeds. View tunnel entries on SecPath A:

[SecPathA] display gre p2mp tunnel-table interface tunnel 0

Dest Addr Mask Tunnel Dest Addr Gre Key

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS