No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IPv4 PIM IPSec

Configuring IPv4 PIM IPSec

If you want to authenticate sent and received IPv4 PIM messages, configure IPv4 PIM IP Security (IPSec). IPv4 PIM IPSec protects a device against attacks launched using forged IPv4 PIM messages.

Usage Scenario

IPv4 PIM IPSec provides a complete set of security protection mechanisms to authenticate the sent and received IPv4 PIM messages, protecting devices against attacks launched using forged IPv4 PIM messages.

IPv4 PIM IPSec configured in the interface view has the same effect as that configured in the IPv4 PIM view, but their application scopes are different:

  • IPv4 PIM IPSec configured in the interface view: applies only to the current interface.
  • IPv4 PIM IPSec configured in the IPv4 PIM view: applies to all interfaces.

IPv4 PIM IPSec configured in the interface view takes precedence over IPv4 PIM IPSec configured in the IPv4 PIM view. If no IPv4 PIM IPSec configuration exists in the interface view, the interface uses the IPv4 PIM IPSec configuration in the IPv4 PIM view.

Pre-configuration Tasks

Before configuring IPv4 PIM IPSec, complete the following tasks:

Procedure

  • Configure IPv4 PIM IPSec in the PIM view.
    • Configure IPSec authentication for IPv4 PIM messages.

    1. Run system-view

      The system view is displayed.

    2. Run pim [ vpn-instance vpn-instance-name ]

      The PIM view is displayed.

    3. Run ipsec [ unicast-message ] sa sa-name

      IPv4 PIM IPSec is configured globally, enabling the device to authenticate the sent and received IPv4 PIM messages based on the specified SA. If you specify unicast-message in the command, the device authenticates only the sent and received IPv4 PIM unicast messages based on the specified SA.

    4. Run commit

      The configuration is committed.

    • Configure IPSec authentication for IPv4 PIM Hello messages.

    1. Run system-view

      The system view is displayed.

    2. Run pim [ vpn-instance vpn-instance-name ]

      The PIM view is displayed.

    3. Run hello ipsec sa sa-name

      IPv4 PIM IPSec is configured globally, enabling the device to authenticate the sent and received IPv4 PIM Hello messages based on the specified SA.

    4. Run commit

      The configuration is committed.

    NOTE:

    If the ipsec sa and hello ipsec sa commands are both configured, the command configured later overrides the command configured earlier.

  • Configure IPv4 PIM IPSec in the interface view.
    • Configure IPSec authentication for IPv4 PIM messages.

    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run pim ipsec sa sa-name

      IPv4 PIM IPSec is configured on the interface, enabling the interface to authenticate the sent and received IPv4 PIM messages based on the specified SA.

    4. Run commit

      The configuration is committed.

    • Configure IPSec authentication for IPv4 PIM Hello messages.

    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run pim hello ipsec sa sa-name

      IPv4 PIM IPSec is configured on the interface, enabling the interface to authenticate the sent and received IPv4 PIM Hello messages based on the specified SA.

    4. Run commit

      The configuration is committed.

    NOTE:

    If the pim ipsec sa and pim hello ipsec sa commands are both configured, the command configured later overrides the command configured earlier.

Checking the Configurations

Run the display pim [ vpn-instance vpn-instance-name ] interface [ interface-type interface-number | up | down ] verbose command to check the detailed IPv4 PIM IPSec configuration on an interface.

# Display the IPv4 PIM IPSec configuration on GE1/0/0. The command output shows that IPv4 PIM IPSec has been configured on GE1/0/0, the SA is named sa1.

<HUAWEI> display pim interface gigabitethernet 1/0/0 verbose
 VPN-Instance: public net
 Interface: GigabitEthernet1/0/0, 10.1.1.1
     PIM version: 2
     PIM mode: Sparse
     PIM state: up
     PIM DR: 10.1.1.2
     PIM DR Priority (configured): 1
     PIM neighbor count: 1
     PIM hello interval: 30 s
     PIM LAN delay (negotiated): 500 ms
     PIM LAN delay (configured): 500 ms
     PIM hello override interval (negotiated): 2500 ms
     PIM hello override interval (configured): 2500 ms 
     PIM Silent: disabled 
     PIM neighbor tracking (negotiated): disabled
     PIM neighbor tracking (configured): disabled
     PIM generation ID: 0XF5712241 
     PIM require-GenID: disabled   
     PIM hello hold interval: 105 s
     PIM assert hold interval: 180 s
     PIM triggered hello delay: 5 s
     PIM J/P interval: 60 s
     PIM J/P hold interval: 210 s 
     PIM BSR domain border: disabled
     PIM BFD: enabled
     PIM BFD min-tx-interval: 10 ms
     PIM BFD min-rx-interval: 10 ms
     PIM BFD detect-multiplier: 3
     PIM dr-switch-delay timer: 20 s
     Number of routers on link not using DR priority: 0
     Number of routers on link not using LAN delay: 0
     Number of routers on link not using neighbor tracking: 2
     ACL of PIM neighbor policy: -
     ACL of PIM ASM join policy: -
     ACL of PIM SSM join policy: - 
     ACL of PIM join policy: -
     PIM ipsec: enabled(sa-name: sa1)
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 40627

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next