No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Routing 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - IP Routing
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IPSec Authentication for RIPng

Configuring IPSec Authentication for RIPng

By default, IP security (IPSec) authentication is not configured. Configuring authentication is recommended to ensure system security.

Applicable Environment

As networks develop rapidly, network security has become a major concern. If IPSec authentication is configured on a RIPng network, the sent and received RIPng packets will be authenticated, and those cannot pass authentication will be discarded. This can improve the security of the RIPng network.

Pre-configuration Tasks

Before configuring IPSec authentication for RIPng, complete the following tasks:

Configuration Procedure

You can choose one or more configuration tasks (excluding "Checking the Configuration") as required.

Configuring IPsec Authentication for a RIPng Process

Configuring IP security (IPsec) authentication in the RIPng view is one of the methods used to configure IPsec authentication for RIPng.

Context

After IPsec authentication is configured in the RIPng view, all interfaces in this RIPng process perform IPsec authentication on RIPng packets received and to be sent.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ripng [ process-id ]

    The RIPng view is displayed.

  3. Run ipsec sa sa-name

    IPsec authentication is enabled, and the name of a security association (SA) is specified.

  4. Run commit

    The configuration is committed.

Verifying the Configuration of IPsec Authentication for RIPng

After IP security (IPsec) authentication for RIPng is configured, you can check the security association (SA) used in IPSec authentication and statistics on the RIPng packets that failed authentication.

Prerequisites

After IPsec authentication is enabled in a RIPng process or on a RIPng interface, the configuration takes effect immediately. There is no need to restart the RIPng process.

Procedure

  • Run the display ripng process-id interface [ interface-type interface-number ] [ verbose ] command to check the SA used in IPsec authentication.
  • Run the display ripng process-id statistics interface { all | interface-type interface-number [ verbose | neighbor neighbor-ipv6-address ] } command to check the number of RIPng packets that failed authentication.

Example

Run the display ripng interface command, and you can view the name of an SA used in IPsec authentication on a RIPng interface.

<HUAWEI> display ripng 1 interface GigabitEthernet0/1/0 verbose
 GigabitEthernet0/1/0
    FE80::A0A:200:1
    State : UP, Protocol : RIPNG, MTU : 1440
    Metricin       : 0
    Metricout      : 1
    Default Route : Disabled
    Poison Reverse : Disabled
    Split Horizon : Enabled           
    Authentication : IPSEC (SA - sa1) 

Run the display ripng statistics interface command, and you can view the number of RIPng packets that failed authentication.

<HUAWEI> display ripng 1 statistics interface gigabitethernet 0/1/0
GigabitEthernet0/1/0(FE80::2E0:64FF:FE10:8142)
Statistical information          Last min     Last 5 min    Total
------------------------------------------------------------------
Periodic updates sent            5              23             259
Triggered updates sent           5              30             408
Response packet sent            10              34             434
Response packet received        15              38             467
Response packet ignored          0               0               0
Request packet sent              1               3               8
Request packet received          4              20              40
Request packet ignored           0               0               0
Bad packets received             0               0               0
Routes received                  0               0               0
Routes sent                      0               0               0
Bad routes received              0               0               0
Packet send failed               0               0               0
Packet IPSEC6 Auth failed        0               0               2
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058916

Views: 34171

Downloads: 49

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next