H3C Technologies H3C S5560 Series Switches User Manual

Page 338

Advertising
background image

322

[SwitchC-bgp-ipv6] peer ebgp enable

[SwitchC-bgp-ipv6] quit

[SwitchC-bgp] quit

# Configure Switch B.

[SwitchB-bgp] group ebgp external

[SwitchB-bgp] peer 3::2 as-number 65009

[SwitchB-bgp] peer 3::2 group ebgp

[SwitchB-bgp] address-family ipv6 unicast

[SwitchB-bgp-ipv6] peer ebgp enable

[SwitchB-bgp-ipv6] quit

[SwitchB-bgp] quit

4.

Configure IPsec transform sets and IPsec profiles:
# On Switch A, create an IPsec transform set named tran1.

[SwitchA] ipsec transform-set tran1

# Set the encapsulation mode to transport mode.

[SwitchA-ipsec-transform-set-tran1] encapsulation-mode transport

# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm

to SHA1.

[SwitchA-ipsec-transform-set-tran1] esp encryption-algorithm des

[SwitchA-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[SwitchA-ipsec-transform-set-tran1] quit

# Create an IPsec profile named policy001, and specify the manual mode for it.

[SwitchA] ipsec profile policy001 manual

# Reference IPsec transform set tran1.

[SwitchA-ipsec-profile-policy001-manual] transform-set tran1

# Set the SPIs of the inbound and outbound SAs to 12345.

[SwitchA-ipsec-profile-policy001-manual] sa spi outbound esp 12345

[SwitchA-ipsec-profile-policy001-manual] sa spi inbound esp 12345

# Set the keys for the inbound and outbound SAs using ESP to abcdefg.

[SwitchA-ipsec-profile-policy001-manual] sa string-key outbound esp simple abcdefg

[SwitchA-ipsec-profile-policy001-manual] sa string-key inbound esp simple abcdefg

[SwitchA-ipsec-profile-policy001-manual] quit

# On Switch B, create an IPsec transform set named tran1.

[SwitchB] ipsec transform-set tran1

# Set the encapsulation mode to transport mode.

[SwitchB-ipsec-transform-set-tran1] encapsulation-mode transport

# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm
to SHA1.

[SwitchB-ipsec-transform-set-tran1] esp encryption-algorithm des

[SwitchB-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[SwitchB-ipsec-transform-set-tran1] quit

# Create IPsec profile named policy001, and specify the manual mode for it.

[SwitchB] ipsec profile policy001 manual

# Reference IPsec transform set tran1.

[SwitchB-ipsec-profile-policy001-manual] transform-set tran1

Advertising
This manual is related to the following products: