Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 861
836
Figure 395 Network diagram
Configuration procedure
1.
Configure SecPath A:
# Define ACL 3001 to match TCP packets.
[SecPathA] ipv6
[SecPathA] acl ipv6 number 3001
[SecPathA-acl6-adv-3001] rule permit tcp
[SecPathA-acl6-adv-3001] quit
# Define Node 5 of policy aaa, so that TCP packets are forwarded via GigabitEthernet 0/1.
[SecPathA] ipv6 policy-based-route aaa permit node 5
[SecPathA-pbr6-aaa-5] if-match acl6 3001
[SecPathA-pbr6-aaa-5] apply ipv6-address next-hop 1::2
[SecPathA-pbr6-aaa-5] quit
# Apply policy aaa to SecPath A.
[SecPathA] ipv6 local policy-based-route aaa
# Configure the IPv6 addresses of GigabitEthernet 0/1 and GigabitEthernet 0/2.
[SecPathA] interface GigabitEthernet 0/1
[SecPathA-GigabitEthernet0/1] ipv6 address 1::1 64
[SecPathA-GigabitEthernet0/1] quit
[SecPathA] interface GigabitEthernet 0/2
[SecPathA-GigabitEthernet0/2] ipv6 address 2::1 64
2.
Configure SecPath B:
# Configure the IPv6 address for GigabitEthernet 0/1.
[SecPathB] ipv6
[SecPathB] interface GigabitEthernet 0/1
[SecPathB-GigabitEthernet0/1] ipv6 address 1::2 64
[SecPathB-GigabitEthernet0/1] quit
3.
Configure SecPath C:
# Configure the IPv6 address for GigabitEthernet 0/2.
[SecPathC] ipv6
[SecPathC] interface GigabitEthernet 0/2
[SecPathC-GigabitEthernet0/2] ipv6 address 2::2 64
[SecPathC-GigabitEthernet0/2] quit
4.
Verify the configuration:
# Telnet to SecPath B (1::2/64) from SecPath A. The operation succeeds.
GE0/1
1::1/64
GE0/2
2::1/64
GE0/1
1::2/64
GE0/2
2::2/64
SecPath A
SecPath C
SecPath B
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer