Displaying and maintaining dvpn, Full mesh dvpn configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 463

Advertising
background image

451

Routing information is exchanged between hubs or between hubs and spokes; it is not exchanged

between spokes.
The routing protocol can be OSPF or BGP in a DVPN network.

When the routing protocol is OSPF, set the network type of an OSPF interface to broadcast in a full
mesh network and P2MP in a hub-spoke network.

When the routing protocol is BGP, configure IBGP between the hubs and spokes and configure the
hubs as the route reflectors in a full mesh network; configure EBGP between the hubs and spokes in

a hub-spoke network.

For more information about OSPF and BGP configuration, see Network Management Configuration
Guide.

Displaying and maintaining DVPN

Task Command

Remarks

Display address mapping
information about VAM clients

registered with the VAM server.

display vam server address-map { all | vpn
vpn-name [ private-ip private-ip ] } [ | { begin |

exclude | include } regular-expression ]

Available in any view

Display statistics about VAM
clients registered with the VAM
server.

display vam server statistic { all | vpn
vpn-name } [ | { begin | exclude | include }
regular-expression ]

Available in any view

Display registration information
about VAM clients.

display vam client { address-map | fsm }
[ client-name ] [ | { begin | exclude | include }

regular-expression ]

Available in any view

Display information about DVPN
tunnels.

display dvpn session { all | interface
interface-type interface-number [ private-ip

ip-address ] } [ | { begin | exclude | include }

regular-expression ]

Available in any view

Display information about a
specified or all IPsec profiles.

display ipsec profile [ name profile-name ] [ |
{ begin | exclude | include }
regular-expression ]

Available in any view

Remove DVPN tunnels.

reset dvpn session { all | interface
interface-type interface-number [ private-ip

ip-address ] }

Available in user view

NOTE:

For information about command display ipsec profile, see

VPN Command Reference.

Full mesh DVPN configuration example

Network requirements

In the full mesh network shown in

Figure 328

, the primary VAM server and the secondary VAM

server manage and maintain information about the nodes. The AAA server takes charge of VAM

client authentication and accounting. With each being the backup of the other, the two hubs

perform data forwarding and routing information exchange.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals