Configuration prerequisites, Configuration guidelines, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

321

•

To implement area-based IPsec protection, you need to configure the same IPsec policy on the

routers in the target area.

•

To implement interface-based IPsec protection, you need to configure the same IPsec policy on the
interfaces between two neighboring routers.

•

To implement virtual link-based IPsec protection, you need to configure the same IPsec policy on the
two routers connected over the virtual link.

If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.

If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own IPsec policy.

Configuration prerequisites

Before you apply an IPsec policy for OSPFv3, complete following tasks.

•

Create an IPsec proposal.

•

Create an IPsec policy.

For more information about IPsec policy configuration, see Security Configuration Guide.

Configuration guidelines

An IPsec policy used for OSPFv3 can only be in manual mode. For more information, see Security

Configuration Guide.

Configuration procedure

To apply an IPsec policy in an area:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.

Enter OSPFv3 area
view.

area area-id

N/A

4.

Apply an IPsec policy

in the area.

enable ipsec-policy policy-name

Not configured by default.

To apply an IPsec policy on an interface:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Apply an IPsec policy
on the interface.

ospfv3 ipsec-policy policy-name
[ instance instance-id ]

Not configured by default.

To apply an IPsec policy on a virtual link:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.

Enter OSPFv3 area
view.

area area-id

N/A