Endp authentication, Configuring endp, Configuring the vtep as an ends – H3C Technologies H3C S6800 Series Switches User Manual

Page 40

Advertising
background image

32

If the ENDC does not receive a response after sending five consecutive register packets, the ENDC clears

its neighbor database and starts the ENDS probe timer.
The ENDC adds the register timer setting to each register packet. The ENDS records this timer setting

when it adds the ENDC to the ENDC database. If no register update is received from the ENDC before

five times the timer is reached, ENDS removes the ENDC.

ENDP authentication

ENDP authentication prevents malicious registration with an ENDS in an insecure network.
If authentication is disabled on an ENDS, all ENDCs, including authentication-enabled ENDCs, can

register with the ENDS without authentication.
If authentication is enabled on an ENDS, only authentication-enabled ENDCs that use the same

authentication key as the ENDS can register with the ENDS.

Configuring ENDP

ENDP runs on NVE tunnel interfaces. Before you configure ENDP on a VTEP, you must create an NVE

tunnel interface.
For more information about tunneling configuration and commands, see Layer 3—IP Routing

Configuration Guide and Layer 3—IP Routing Command Reference.

Configuring the VTEP as an ENDS

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an NVE tunnel

interface and enter tunnel
interface view.

interface tunnel tunnel-number
mode nve

By default, no tunnel interfaces exist.

3.

Assign a network ID to the
tunnel interface.

network-id network-id

By default, no network ID is assigned to a

tunnel interface.

4.

Configure a source IP
address or source

interface for the tunnel.

source { ipv4-address |
interface-type interface-number }

By default, no source IP address or
source interface is specified for a tunnel.
This step specifies the IP address that the
local ENDC registers with the ENDS. If a

source interface is specified, its primary

IP address is used.

5.

Enable ENDS on the
tunnel interface.

vxlan neighbor-discovery server
enable

By default, ENDS is disabled.
When you enable ENDS on a tunnel

interface, an ENDC is automatically
enabled, with the source address of the

NVE tunnel as the ENDS address.

6.

(Optional.) Enable ENDP
authentication.

vxlan neighbor-discovery
authentication { cipher |

simple } password

By default, ENDP authentication is
disabled.

Advertising
Popular Brands
Popular manuals