EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #332 background imageLoading...
Page #332 background image
319
# Configure IPv4 advanced ACL 3101 to identify traffic between Switch A and Switch B.
[SwitchA] acl advanced 3101
[SwitchA-acl-ipv4-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-ipv4-adv-3101] quit
# Create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
[SwitchA-ipsec-transform-set-tran1] encapsulation-mode tunnel
# Use the ESP protocol for the IPsec transform set.
[SwitchA-ipsec-transform-set-tran1] protocol esp
# Specify the encryption and authentication algorithms.
[SwitchA-ipsec-transform-set-tran1] esp encryption-algorithm des-cbc
[SwitchA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-transform-set-tran1] quit
# Create an IKEv2 keychain named keychain1.
[SwitchA] ikev2 keychain keychain1
# Create an IKEv2 peer named peer1.
[SwitchA-ikev2-keychain-keychain1] peer peer1
# Specify peer IP address 2.2.2.2/24.
[SwitchA-ikev2-keychain-keychain1-peer-peer1] address 2.2.2.2 24
# Specify the peer ID, which is IP address 2.2.2.2.
[SwitchA-ikev2-keychain-keychain1-peer-peer1] identity address 2.2.2.2
# Specify abcde in plain text as the pre-shared key to be used with the peer at 2.2.2.2.
[SwitchA-ikev2-keychain-keychain1-peer-peer1] pre-shared-key plaintext abcde
[SwitchA-ikev2-keychain-keychain1-peer-peer1] quit
[SwitchA-ikev2-keychain-keychain1] quit
# Create an IKEv2 profile named profile1.
[SwitchA] ikev2 profile profile1
# Specify the local authentication method as pre-shared key.
[SwitchA-ikev2-profile-profile1] authentication-method local pre-share
# Specify the remote authentication method as pre-shared key.
[SwitchA-ikev2-profile-profile1] authentication-method remote pre-share
# Specify IKEv2 keychain keychain1.
[SwitchA-ikev2-profile-profile1] keychain keychain1
# Specify the peer ID that the IKEv2 profile matches. The peer ID is IP address 2.2.2.2/24.
[SwitchA-ikev2-profile-profile1] match remote identity address 2.2.2.2 255.255.255.0
[SwitchA-ikev2-profile-profile1] quit
# Create an IKE-based IPsec policy entry. Specify the policy name as map1 and set the
sequence number to 10.
[SwitchA] ipsec policy map1 10 isakmp
# Specify remote IP address 2.2.2.2 for the IPsec tunnel.
[SwitchA-ipsec-policy-isakmp-map1-10] remote-address 2.2.2.2
# Specify ACL 3101 to identify the traffic to be protected.
[SwitchA-ipsec-policy-isakmp-map1-10] security acl 3101
# Specify IPsec transform set tran1 for the IPsec policy.
[SwitchA-ipsec-policy-isakmp-map1-10] transform-set tran1
# Specify IKEv2 profile profile1 for the IPsec policy.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals