353
Figure 118 Network diagram
Configuration procedure
1. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 2.2.2.1 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Define an ACL to identify data flows from Switch A to Switch B.
[SwitchA] acl number 3101
[SwitchA-acl-adv-3101] rule 0 permit ip source 2.2.2.1 0 destination 2.2.3.1 0
[SwitchA-acl-adv-3101] rule 5 permit ip source 2.2.3.1 0 destination 2.2.2.1 0
[SwitchA-acl-adv-3101] quit
# Create an IPsec proposal named tran1.
[SwitchA] ipsec proposal tran1
# Specify the encapsulation mode as tunnel.
[SwitchA-ipsec-proposal-tran1] encapsulation-mode tunnel
# Specify the security protocol as ESP.
[SwitchA-ipsec-proposal-tran1] transform esp
# Specify the algorithms for the proposal.
[SwitchA-ipsec-proposal-tran1] esp encryption-algorithm aes 128
[SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-proposal-tran1] quit
# Configure the IKE peer.
[SwitchA] ike peer peer
[SwitchA-ike-peer-peer] pre-shared-key Ab12<><>
[SwitchA-ike-peer-peer] remote-address 2.2.3.1
[SwitchA-ike-peer-peer] quit
# Create an IPsec policy that uses IKE for IPsec SA negotiation.
[SwitchA] ipsec policy map1 10 isakmp
# Apply the IPsec proposal.
[SwitchA-ipsec-policy-isakmp-map1-10] proposal tran1
# Apply the ACL.
[SwitchA-ipsec-policy-isakmp-map1-10] security acl 3101
# Apply the IKE peer.
[SwitchA-ipsec-policy-isakmp-map1-10] ike-peer peer
[SwitchA-ipsec-policy-isakmp-map1-10] quit
# Apply the IPsec policy group to VLAN-interface 1.
[SwitchA] interface vlan-interface 1
To Next Page
Loading...
