Endp authentication, Configuring endp, Configuring the vtep as an ends – H3C Technologies H3C S12500-X Series Switches User Manual

Page 39

Advertising
background image

32

If the ENDC does not receive a response after sending five consecutive register packets, the ENDC clears

its neighbor database and starts the ENDS probe timer.
The ENDC adds the register timer setting to each register packet. The ENDS records this timer setting

when it adds the ENDC to the ENDC database. If no register update is received from the ENDC before

five times the timer is reached, ENDS removes the ENDC.

ENDP authentication

ENDP authentication prevents malicious registration with an ENDS in an insecure network.
For ENDSs and ENDCs to establish VXLAN tunnels, make sure the following requirements are met:

ENDP authentication is enabled or disabled across the ENDSs and ENDCs.

If ENDP authentication is enabled, all ENDCs and ENDSs in a VXLAN network use the same
authentication key.

Configuring ENDP

ENDP runs on NVE tunnel interfaces. Before you configure ENDP on a VTEP, you must create an NVE

tunnel interface.

Configuring the VTEP as an ENDS

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an NVE tunnel

interface and enter tunnel
interface view.

interface tunnel tunnel-number
mode nve

By default, no tunnel interfaces exist.

3.

Assign a network ID to the
tunnel interface.

network-id network-id

By default, no network ID is assigned to a
tunnel interface.

4.

Configure a source IP

address or source
interface for the tunnel.

source { ipv4-address |
interface-type interface-number }

By default, no source IP address or
source interface is specified for a tunnel.
This step specifies the IP address that the
local ENDC registers with the ENDS. If a

source interface is specified, its primary
IP address is used.

5.

Enable ENDS on the

tunnel interface.

vxlan neighbor-discovery server
enable

By default, ENDS is disabled.
When you enable ENDS on a tunnel
interface, an ENDC is automatically

enabled, with the source address of the

NVE tunnel as the ENDS address.

6.

(Optional.) Enable ENDP
authentication.

vxlan neighbor-discovery
authentication { cipher |

simple } password

By default, ENDP authentication is
disabled.

Advertising
This manual is related to the following products:

H3C S9800 Series Switches

Popular Brands
Popular manuals