No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Multicast 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Multicast
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring MLD IPsec

Configuring MLD IPsec

If you want to encrypt and authenticate the sent and received MLD messages, configure MLD IP Security (IPSec). MLD IPsec protects a device against attacks launched using forged MLD messages.

Usage Scenario

MLD IPsec provides a complete set of security protection mechanisms to authenticate the sent and received MLD messages, protecting devices against attacks launched using forged MLD messages.

MLD IPsec configured in the interface view has the same function as that configured in the MLD view, but their application scopes are different:

  • MLD IPsec configured in the interface view: applies only to the current interface.
  • MLD IPsec configured in the MLD view: applies to all interfaces.

MLD IPsec configured in the interface view takes precedence over MLD IPsec configured in the MLD view. If no MLD IPsec configuration exists in the interface view, the interface uses the MLD IPsec configuration in the MLD view.

Pre-configuration Tasks

Before configuring MLD IPsec, complete the following tasks:

Procedure

  • Configure MLD IPsec in the MLD view.
    • Configure IPsec authentication for MLD messages.
    1. Run system-view

      The system view is displayed.

    2. Run mld

      The MLD view is displayed.

    3. Run ipsec sa sa-name

      MLD IPsec is configured globally, enabling the device to authenticate the sent and received MLD messages based on the specified SA policy.

    4. Run commit

      The configuration is committed.

    • Configure IPsec authentication for MLD Query messages.
    1. Run system-view

      The system view is displayed.

    2. Run mld

      The MLD view is displayed.

    3. Run query ipsec sa sa-name

      MLD IPsec is configured globally, enabling the device to authenticate the sent and received MLD Query messages based on the specified SA policy.

    4. Run commit

      The configuration is committed.

    NOTE:

    If the ipsec sa and query ipsec sa commands are both configured, the command configured later overrides the command configured earlier.

  • Configure MLD IPsec in the interface view.
    • Configure IPsec authentication for MLD messages.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run mld ipsec sa sa-name

      MLD IPsec is configured on an interface, enabling the interface to authenticate the sent and received MLD messages based on the specified SA policy.

    4. Run commit

      The configuration is committed.

    • Configure IPsec authentication for MLD Query messages.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run mld query ipsec sa sa-name

      MLD IPsec is configured on an interface, enabling the interface to authenticate the sent and received MLD Query messages based on the specified SA policy.

    4. Run commit

      The configuration is committed.

    NOTE:

    If the mld ipsec sa and mld query ipsec sa commands are both configured, the command configured later overrides the command configured earlier.

Checking the Configurations

Run the display mld interface [ interface-type interface-number | up | down ] [ verbose ] command to check the detailed MLD IPsec configuration on an interface.

# Display the MLD IPsec configuration on GE1/0/0. The command output shows that MLD IPsec has been configured on GE1/0/0 and the SA policy is named 1.

<HUAWEI> display mld interface gigabitethernet 1/0/0 verbose
Interface information
 GigabitEthernet1/0/0(FE80::2E0:B4FF:FE35:FF01):
   MLD is enabled
   Current MLD version is 2
   MLD state: up
   MLD group policy: none
   Value of query interval for MLD (negotiated): 125 s
   Value of query interval for MLD (configured): 125 s
   Value of other querier timeout for MLD: 0 s
   Value of maximum query response time for MLD: 10 s
   Value of last listener query time: 2 s
   Value of last listener query interval: 1 s
   Value of startup query interval: 31 s
   Value of startup query count: 2
   General query timer expiry (hours:minutes:seconds): 00:00:28
   Querier for MLD: FE80::2E0:B4FF:FE35:FF01 (this router)
   MLD activity: 0 joins, 0 dones
   Robustness (negotiated): 2
   Robustness (configured): 2
   Require-router-alert: disabled
   Send-router-alert: enabled
   Ip-source-policy: ab   
   Query ip-source-policy: 2000
   Prompt-leave: disabled
   SSM-Mapping: enabled
   SSM-Mapping policy: ssmmap1
   Startup-query-timer-expiry: on
   Other-querier-present-timer-expiry: off
   MLD ipsec: enabled(sa-name: 1)
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055017

Views: 44517

Downloads: 97

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next