Configuring zero field check on ripng packets, Configuring the maximum number of ecmp routes, Applying ipsec policies for ripng – H3C Technologies H3C S12500 Series Switches User Manual

Page 312

Advertising
background image

296

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Enable the poison reverse
function.

ripng poison-reverse

Disabled by default.

Configuring zero field check on RIPng packets

Some fields in the RIPng packet must be zero. These fields are called zero fields. With zero field check on
RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet is discarded. If

you are sure that all packets are trusty, disable the zero field check to reduce the CPU processing time.
To configure RIPng zero field check:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RIPng view.

ripng [ process-id ]

N/A

3.

Enable the zero field check.

checkzero

Optional.
Enabled by default.

Configuring the maximum number of ECMP routes

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RIPng view.

ripng [ process-id ]

N/A

3.

Configure the maximum

number of ECMP RIPng routes
for load balancing.

maximum load-balancing number

Optional.
16 by default.

Applying IPsec policies for RIPng

To protect routing information and defend attacks, RIPng supports using an IPsec policy to authenticate

protocol packets as follows.
Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the corresponding IPsec

policy. A switch uses the SPI carried in a received packet to match against the configured IPsec policy. If

they match, the switch accepts the packet; otherwise, it discards the packet and thus will not establish a

neighbor relationship with the sending switch.
You can configure an IPsec policy for a RIPng process or interface. The IPsec policy configured for a

process applies to all packets in the process. The IPsec policy configured on an interface applies to

packets on the interface. If an interface and its process each have an IPsec policy configured, the

interface uses its own IPsec policy.

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals