Verifying the configuration – H3C Technologies H3C S5560 Series Switches User Manual

411

[SwitchC-ipsec-profile-profile002-manual] sa spi outbound ah 4294967295

# Configure the inbound and outbound SPIs for ESP.

[SwitchC-ipsec-profile-profile002-manual] sa spi inbound esp 256

[SwitchC-ipsec-profile-profile002-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for AH.

[SwitchC-ipsec-profile-profile002-manual] sa string-key inbound ah simple hello

[SwitchC-ipsec-profile-profile002-manual] sa string-key outbound ah simple hello

# Configure the inbound and outbound SA keys for ESP.

[SwitchC-ipsec-profile-profile002-manual] sa string-key inbound esp simple byebye

[SwitchC-ipsec-profile-profile002-manual] sa string-key outbound esp simple

byebye

[SwitchC-ipsec-profile-profile002-manual] quit

4.

Apply the IPsec profiles to areas:
# Configure Switch A.

[SwitchA] ospfv3 1

[SwitchA-ospfv3-1] area 1

[SwitchA-ospfv3-1-area-0.0.0.1] enable ipsec-profile profile001

[SwitchA-ospfv3-1-area-0.0.0.1] quit

[SwitchA-ospfv3-1] quit

# Configure Switch B.

[SwitchB] ospfv3 1

[SwitchB-ospfv3-1] area 0

[SwitchB-ospfv3-1-area-0.0.0.0] enable ipsec-profile profile002

[SwitchB-ospfv3-1-area-0.0.0.0] quit

[SwitchB-ospfv3-1] area 1

[SwitchB-ospfv3-1-area-0.0.0.1] enable ipsec-profile profile001

[SwitchB-ospfv3-1-area-0.0.0.1] quit

[SwitchB-ospfv3-1] quit

# Configure Switch C.

[SwitchC] ospfv3 1

[SwitchC-ospfv3-1] area 0

[SwitchC-ospfv3-1-area-0.0.0.0] enable ipsec-profile profile002

[SwitchC-ospfv3-1-area-0.0.0.0] quit

[SwitchC-ospfv3-1] quit

Verifying the configuration

# Verify that OSPFv3 packets between Switches A, B, and C are protected by IPsec. (Details not shown.)