No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R012C00 Configuration Guide - VPN

This document describes the configurations of VPN, including IPSec, MCE.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VPN Instance on MCEs

Configuring a VPN Instance on MCEs

Context

The following configurations are performed on the MCE device.

Similar configurations must be performed on the PE devices. The PE configuration procedure and commands used vary in devices from different vendors and different product models. For detailed configuration, see the documentation of the PE devices.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ip vpn-instance vpn-instance-name

    A VPN instance is created, and its view is displayed.

    NOTE:

    A VPN instance name is case sensitive. For example, "vpn1" and "VPN1" are different VPN instances.

  3. (Optional) Run description description-information

    The description is configured for the VPN instance.

  4. (Optional) Run service-id service-id

    A service ID is created for the VPN instance.

    A service ID is unique on a device. It distinguishes a VPN service from other VPN services on the network.

  5. Run ipv4-family

    The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4 address family view is displayed.

    VPN instances support both the IPv4 and IPv6 address families. Configurations in a VPN instance can be performed only after an address family is enabled for the VPN instance based on the advertised route and forwarding data type.

  6. Run route-distinguisher route-distinguisher

    An RD is configured for the VPN instance IPv4 address family.

    A VPN instance IPv4 address family takes effect only after being configured with an RD. The RDs of different VPN instances on a PE must be different.

    NOTE:
    • An RD can be modified or deleted only after the VPN instance is deleted or the VPN instance IPv4 address family is disabled.

    • If you configure an RD for the VPN instance IPv4 address family in the created VPN instance view, the VPN instance IPv4 address family is enabled and the VPN instance IPv4 address family is displayed.

  7. (Optional) Restrict the number of routes in a VRF.

    The configuration restricts the number of routes or route prefixes imported from the attached CE devices and peer PE devices into a VPN instance on a PE device. It is recommended that you use only one of the following commands.

    By default, the number of routes in a VRF is not limited as long as the total number of routes does not exceed the maximum number of unicast routes supported by the PE device.

    • To set the maximum number of routes in the VPN instance IPv4 address family, run routing-table limit number { alert-percent | simply-alert }.
    • To set the maximum number of route prefixes in the VPN instance IPv4 address family, run prefix limit number { alert-percent [ route-unchanged ] | simply-alert }.

  8. (Optional) Run limit-log-interval interval

    The interval for logging the event that the number of routes exceeds the threshold is set for the VPN instance IPv4 address family.

    If the routes or prefixes in the IPv4 address family of a VPN instance reach the maximum, the system will generate logs at intervals (defaulting to 5 seconds). To prevent logs from being displayed frequently, run this step to prolong the interval of log generation.

Translation
Download
Updated: 2018-09-01

Document ID: EDOC1100037956

Views: 2555

Downloads: 7

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next