Hub-spoke dvpn configuration example, Network requirements, Configure the primary vam server – H3C Technologies H3C SecPath F1000-E User Manual
Page 478
466
Hub-spoke DVPN configuration example
Network requirements
•
In the hub-spoke network shown in
, data is forwarded along hub-spoke tunnels. The
primary and secondary VAM servers manage and maintain information about the nodes. The AAA
server takes charge of VAM client authentication and accounting. With each being the backup of
the other, the two hubs perform data forwarding and routing information exchange.
•
A permanent tunnel is established between each hub-spoke pair.
Figure 329 Network diagram
Device Interface
IP
address
Device
Interface IP
address
Hub 1
GE0/2
192.168.1.1/24
Spoke 1
Eth1/1
192.168.1.3/24
Tunnel1
10.0.1.1/24
Eth1/2
10.0.2.1/24
Hub 2
GE0/2
192.168.1.2/24
Tunnel1 10.0.1.3/24
Tunnel1
10.0.1.2/24
Spoke 2
Eth1/1
192.168.1.4/24
Primary server
Eth1/1
192.168.1.22/24 Eth1/2
10.0.3.1/24
Secondary server Eth1/1
192.168.1.33//2
4
Tunnel1
10.0.1.4/24
AAA server
192.168.1.11/24
Configure the primary VAM server
1.
Configure IP addresses for the interfaces. (Details not shown.)
2.
Configure AAA:
<PrimaryServer> system-view
# Configure RADIUS scheme radsun.
[PrimaryServer] radius scheme radsun
[PrimaryServer-radius-radsun] primary authentication 192.168.1.11 1812
[PrimaryServer-radius-radsun] primary accounting 192.168.1.11 1813
[PrimaryServer-radius-radsun] key authentication expert