No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring NHRP

Configuring NHRP

Context

NHRP enables a source Spoke on a public network to dynamically obtain the public network address of a destination Spoke. When a Spoke connects to a public network, it sends NHRP Registration Request packets to the Hub by using the public network address of the outbound interface. The Hub creates or updates NHRP mapping entries based on the packets received. Two Spokes exchange NHRP Resolution Request and Reply packets to create or update NHRP mapping entries between them.

When configuring the NHRP authentication string, if simple is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

Perform the following operations on the Hub and Spokes.

Procedure

  • Configure the Hub.
    1. Run system-view

      The system view is displayed.

    2. Run interface tunnel interface-number

      The tunnel interface view is displayed.

    3. (Optional) Run nhrp network-id number

      An NHRP domain is configured for the tunnel interface.

      By default, a tunnel interface belongs to NHRP domain 0.

    4. Run nhrp entry multicast dynamic

      The dynamically registered Spoke is added to the NHRP multicast member table.

      By default, no dynamically registered Spoke is added to the NHRP multicast member table.

    5. Run nhrp authentication { simple string | cipher cipher-string }

      The NHRP authentication string is configured.

      By default, no NHRP authentication string is configured.

    6. (Optional) Run nhrp entry holdtime seconds seconds

      The aging time of NHRP mapping entries is configured.

      By default, the aging time of NHRP mapping entries is 7200 seconds.

    7. (Optional) Run nhrp redirect

      The NHRP redirect function is enabled.

      This configuration is required only when the shortcut mode is used. By default, the NHRP redirect function is disabled.

  • Configure the Spokes.
    1. Run system-view

      The system view is displayed.

    2. Run interface tunnel interface-number

      The tunnel interface view is displayed.

    3. (Optional) Run nhrp network-id number

      An NHRP domain is configured for the tunnel interface.

      By default, a tunnel interface belongs to NHRP domain 0.

    4. Run nhrp entry protocol-address { dns-name | nbma-address } [ register [ preference preference-value ] ] [ track apn apn-name ]

      An NHRP mapping entry is configured.

      When the track apn parameter is specified, whether the NHRP mapping entry takes effect depends on the APN status. If the APN is valid, the NHRP mapping entry takes effect; otherwise, the configuration is saved but the NHRP mapping entry does not take effect.

    5. (Optional) Run nhrp registration no-unique

      The device is configured to send NHRP packets that carry the no-unique flag to instruct the remote end to overwrite conflicting NHRP peer entries.

      By default, the device sends NHRP packets that do not carry the no-unique flag to instruct the remote end not to overwrite conflicting NHRP peer entries.

    6. Run nhrp authentication { simple string | cipher cipher-string }

      The NHRP authentication string is configured.

      By default, no NHRP authentication string is configured.

      NOTE:

      If the NHRP authentication string is configured on the Hub, it must also be configured on the Spoke.

    7. (Optional) Run nhrp registration interval seconds

      The NHRP registration interval is configured.

      By default, a Spoke registers with the Hub at an interval of 1800 seconds.

    8. (Optional) Run nhrp entry holdtime seconds seconds

      The aging time of NHRP mapping entries is configured.

      By default, the aging time of NHRP mapping entries is 7200 seconds.

    9. (Optional) Run nhrp shortcut

      The NHRP shortcut function is enabled.

      This configuration is required only when the shortcut mode is used. By default, the NHRP shortcut function is disabled.

    10. (Optional) Run nhrp tunnel-if-state related

      The mGRE interface status of a Spoke is associated with the Hub status.

      By default, the mGRE interface status of a Spoke is not associated with the Hub status.

      If you want to associate the mGRE interface status of a Spoke with the Hub status for rapid fault detection on the monitor topology, that is, the mGRE interface becomes Down when the Hub status is Down, and to enable the system to send an email to instruct network administrators to rectify faults in a timely manner when the mGRE interface becomes Down, perform this step.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144374

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next