H3C Technologies H3C S5560 Series Switches User Manual
Page 338
322
[SwitchC-bgp-ipv6] peer ebgp enable
[SwitchC-bgp-ipv6] quit
[SwitchC-bgp] quit
# Configure Switch B.
[SwitchB-bgp] group ebgp external
[SwitchB-bgp] peer 3::2 as-number 65009
[SwitchB-bgp] peer 3::2 group ebgp
[SwitchB-bgp] address-family ipv6 unicast
[SwitchB-bgp-ipv6] peer ebgp enable
[SwitchB-bgp-ipv6] quit
[SwitchB-bgp] quit
4.
Configure IPsec transform sets and IPsec profiles:
# On Switch A, create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
# Set the encapsulation mode to transport mode.
[SwitchA-ipsec-transform-set-tran1] encapsulation-mode transport
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm
to SHA1.
[SwitchA-ipsec-transform-set-tran1] esp encryption-algorithm des
[SwitchA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-transform-set-tran1] quit
# Create an IPsec profile named policy001, and specify the manual mode for it.
[SwitchA] ipsec profile policy001 manual
# Reference IPsec transform set tran1.
[SwitchA-ipsec-profile-policy001-manual] transform-set tran1
# Set the SPIs of the inbound and outbound SAs to 12345.
[SwitchA-ipsec-profile-policy001-manual] sa spi outbound esp 12345
[SwitchA-ipsec-profile-policy001-manual] sa spi inbound esp 12345
# Set the keys for the inbound and outbound SAs using ESP to abcdefg.
[SwitchA-ipsec-profile-policy001-manual] sa string-key outbound esp simple abcdefg
[SwitchA-ipsec-profile-policy001-manual] sa string-key inbound esp simple abcdefg
[SwitchA-ipsec-profile-policy001-manual] quit
# On Switch B, create an IPsec transform set named tran1.
[SwitchB] ipsec transform-set tran1
# Set the encapsulation mode to transport mode.
[SwitchB-ipsec-transform-set-tran1] encapsulation-mode transport
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm
to SHA1.
[SwitchB-ipsec-transform-set-tran1] esp encryption-algorithm des
[SwitchB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[SwitchB-ipsec-transform-set-tran1] quit
# Create IPsec profile named policy001, and specify the manual mode for it.
[SwitchB] ipsec profile policy001 manual
# Reference IPsec transform set tran1.
[SwitchB-ipsec-profile-policy001-manual] transform-set tran1