No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S7700 and S9700 V200R011C10

This document describes IP Unicast Routing configurations supported by the switch, including the principle and configuration procedures of IP Routing Overview, Static Route, RIP, RIPng, OSPF, OSPFv3, IS-IS(IPv4), IS-IS(IPv6), BGP, Routing Policy ,and PBR, and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring OSPFv3 IPSec Authentication

Configuring OSPFv3 IPSec Authentication

Context

Perform the following operations on the switch that runs OSPFv3.
NOTE:

To ensure device forwarding, configure OSPFv3 IPSec on all devices running OSPFv3.

Procedure

  • Use an SA to authenticate packets in a specified OSPFv3 process.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run ipsec sa sa-name

      An SA is configured in the OSPFv3 process.

      By default, no SA is configured in the OSPFv3 process.

      An OSPFv3 process can be associated with multiple OSPFv3 areas. An SA configured in an OSPFv3 process can be used in the associated areas.

  • Use an SA to authenticate packets in a specified OSPFv3 area.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run area area-id

      The OSPFv3 area view is displayed.

    4. Run ipsec sa sa-name

      An SA is configured in the OSPFv3 area.

      By default, no SA is configured in the OSPFv3 area.

      NOTE:

      The SA configured on an OSPFv3 area takes precedence over that configured in an OSPFv3 process.

  • Use an SA to authenticate packets sent and received by an interface.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. (Optional) On an Ethernet interface, run undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

    4. Run ospfv3 ipsec sa sa-name

      An SA is configured on the interface.

      By default, no SA is configured on the OSPFv3 interface.

      NOTE:

      The SA configured on an OSPFv3 interface takes precedence over that configured in an OSPFv3 process or an OSPFv3 area.

  • Use an SA to authenticate packets sent and received on a virtual link.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run area area-id

      The OSPFv3 area view is displayed.

    4. Run vlink-peer router-id ipsec sa sa-name

      An SA is configured on the virtual link.

      NOTE:
      The SA configured on a virtual link takes precedence over that configured in an OSPFv3 process or OSPFv3 area 0.

  • Use an SA to authenticate packets sent and received on a sham link.
    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ]

      The OSPFv3 process view is displayed.

    3. Run area area-id

      The OSPFv3 area view is displayed.

    4. Run sham-link source-address destination-address ipsec sa sa-name

      An SA is configured on the sham link.

      NOTE:
      The SA configured on a sham link takes precedence over that configured in an OSPFv3 process or OSPFv3 area 0.

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178324

Views: 215530

Downloads: 194

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next