05-Layer 3-IP Routing Configuration Guide

HomeSupportConfigure & DeployConfiguration GuidesH3C S12500-X & S12500X-AF Switch Series Configuration Guides(R115x)-6W10205-Layer 3-IP Routing Configuration Guide
09-RIPng configuration
Title Size Download
09-RIPng configuration 207.65 KB

Configuring RIPng

Overview

RIP next generation (RIPng) is an extension of RIP-2 for support of IPv6. Most RIP concepts are applicable to RIPng.

RIPng is a distance vector routing protocol. It employs UDP to exchange route information through port 521. RIPng uses a hop count to measure the distance to a destination. The hop count is the metric or cost. The hop count from a router to a directly connected network is 0. The hop count between two directly connected routers is 1. When the hop count is greater than or equal to 16, the destination network or host is unreachable.

By default, the routing update is sent every 30 seconds. If the router receives no routing updates from a neighbor within 180 seconds, the routes learned from the neighbor are considered unreachable. If no routing update is received within another 240 seconds, the router removes these routes from the routing table.

RIPng for IPv6 has the following differences from RIP:

·          UDP port number—RIPng uses UDP port 521 to send and receive routing information.

·          Multicast address—RIPng uses FF02::9 as the link-local-router multicast address.

·          Destination Prefix—128-bit destination address prefix.

·          Next hop—128-bit IPv6 address.

·          Source address—RIPng uses FE80::/10 as the link-local source address.

RIPng route entries

RIPng stores route entries in a database. Each route entry contains the following elements:

·          Destination address—IPv6 address of a destination host or a network.

·          Next hop address—IPv6 address of the next hop.

·          Egress interface—Egress interface of the route.

·          Metric—Cost from the local router to the destination.

·          Route time—Time elapsed since the most recent update. The time is reset to 0 every time the route entry is updated.

·          Route tag—Used for route control. For more information, see "Configuring routing policies."

RIPng packets

RIPng uses request and response packets to exchange routing information as follows:

1.        When RIPng starts or needs to update some route entries, it sends a multicast request packet to neighbors.

2.        When a RIPng neighbor receives the request packet, it sends back a response packet that contains the local routing table. RIPng can also advertise route updates in response packets periodically or advertise a triggered update caused by a route change.

3.        After RIPng receives the response, it checks the validity of the response before adding routes to its routing table, including the following details:

¡  Whether the source IPv6 address is the link-local address.

¡  Whether the port number is correct.

4.        A response packet that fails the check is discarded.

Protocols and standards

·          RFC 2080, RIPng for IPv6

·          RFC 2081, RIPng Protocol Applicability Statement

RIPng configuration task list

Tasks at a glance

(Required.) Configuring basic RIPng

(Optional.) Configuring RIPng route control:

·         Configuring an additional routing metric

·         Configuring RIPng route summarization

·         Advertising a default route

·         Configuring received/redistributed route filtering

·         Configuring a preference for RIPng

·         Configuring RIPng route redistribution

(Optional.) Tuning and optimizing the RIPng network:

·         Configuring RIPng timers

·         Configuring split horizon and poison reverse

·         Configuring zero field check on RIPng packets

·         Configuring the maximum number of ECMP routes

(Optional.) Configuring RIPng GR

(Optional.) Applying an IPsec profile

 

Configuring basic RIPng

Before you configure basic RIPng, configure IPv6 addresses for interfaces to ensure IPv6 connectivity between neighboring nodes.

To configure basic RIPng:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Create a RIPng process and enter its view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

By default, the RIPng process is not created.

3.       Return to system view.

quit

N/A

4.       Enter interface view.

interface interface-type interface-number

N/A

5.       Enable RIPng on the interface.

ripng process-id enable

By default, RIPng is disabled.

If RIPng is not enabled on an interface, the interface does not send or receive any RIPng route.

 

Configuring RIPng route control

Before you configure RIPng, complete the following tasks:

·          Configure IPv6 addresses for interfaces to ensure IPv6 connectivity between neighboring nodes.

·          Configure basic RIPng.

Configuring an additional routing metric

An additional routing metric (hop count) can be added to the metric of an inbound or outbound RIPng route.

An outbound additional metric is added to the metric of a sent route, and it does not change the route's metric in the routing table.

An inbound additional metric is added to the metric of a received route before the route is added into the routing table, and the route's metric is changed.

To configure an inbound or outbound additional routing metric:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Specify an inbound additional routing metric.

ripng metricin value

The default setting is 0.

4.       Specify an outbound additional routing metric.

ripng metricout value

The default setting is 1.

 

Configuring RIPng route summarization

Configure route summarization on an interface, so RIPng advertises a summary route based on the longest match.

RIPng route summarization improves network scalability, reduces routing table size, and increases routing table lookup efficiency.

RIPng advertises a summary route with the smallest metric of all the specific routes.

For example, RIPng has two specific routes to be advertised through an interface: 1:11:11::24 with a metric of a 2 and 1:11:12::34 with a metric of 3. Configure route summarization on the interface, so RIPng advertises a single route 11::0/16 with a metric of 2.

To configure RIPng route summarization:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Advertise a summary IPv6 prefix.

ripng summary-address ipv6-address prefix-length

By default, the summary IPv6 prefix is not configured.

 

Advertising a default route

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Configure RIPng to advertise a default route.

ripng default-route { only | originate } [ cost cost ]

By default, RIPng does not advertise a default route.

This command advertises a default route on the current interface regardless of whether the default route is available in the local IPv6 routing table.

 

Configuring received/redistributed route filtering

Perform this task to filter received or redistributed routes by using an IPv6 ACL or IPv6 prefix list. You can also configure RIPng to filter routes redistributed from other routing protocols and routes from a specified neighbor.

To configure a RIPng route filtering policy:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Configure a filter policy to filter received routes.

filter-policy { acl6-number | prefix-list prefix-list-name } import

By default, RIPng does not filter received routes.

4.       Configure a filter policy to filter redistributed routes.

filter-policy { acl6-number | prefix-list prefix-list-name } export [ protocol [ process-id ] ]

By default, RIPng does not filter redistributed routes.

 

Configuring a preference for RIPng

Routing protocols each have a preference. When they find routes to the same destination, the route found by the routing protocol with the highest preference is selected as the optimal route. You can manually set a preference for RIPng. The smaller the value, the higher the preference.

To configure a preference for RIPng:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Configure a preference for RIPng.

preference [ route-policy route-policy-name ] value

The default setting is 100.

 

Configuring RIPng route redistribution

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Redistribute routes from other routing protocols.

import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] *

By default, RIPng does not redistribute routes from other routing protocols.

4.       (Optional.) Configure a default routing metric for redistributed routes.

default cost cost

The default metric of redistributed routes is 0.

 

Tuning and optimizing the RIPng network

This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments.

Before you tune and optimize the RIPng network, complete the following tasks:

·          Configure IPv6 addresses for interfaces to ensure IPv6 connectivity between neighboring nodes.

·          Configure basic RIPng.

Configuring RIPng timers

You can adjust RIPng timers to optimize the performance of the RIPng network.

When you adjust RIPng timers, consider the network performance, and perform unified configurations on routers running RIPng to avoid unnecessary network traffic or route oscillation.

To configure RIPng timers:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Set RIPng timers.

timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } *

By default:

·         The update timer is 30 seconds.

·         The timeout timer is 180 seconds.

·         The suppress timer is 120 seconds.

·         The garbage-collect timer is 120 seconds.

 

Configuring split horizon and poison reverse

If both split horizon and poison reverse are configured, only the poison reverse function takes effect.

Configuring split horizon

Split horizon disables RIPng from sending routes through the interface where the routes were learned to prevent routing loops between neighbors.

As a best practice, enable split horizon to prevent routing loops in normal cases.

To configure split horizon:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Enable split horizon.

ripng split-horizon

By default, split horizon is enabled.

 

Configuring poison reverse

Poison reverse enables a route learned from an interface to be advertised through the interface. However, the metric of the route is set to 16, which means the route is unreachable.

To configure poison reverse:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Enable poison reverse.

ripng poison-reverse

By default, poison reverse is disabled.

 

Configuring zero field check on RIPng packets

Some fields in the RIPng packet header must be zero. These fields are called zero fields. You can enable zero field check on incoming RIPng packets. If a zero field of a packet contains a non-zero value, RIPng does not process the packets. If you are certain that all packets are trustworthy, disable the zero field check to save CPU resources.

To configure RIPng zero field check:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Enable the zero field check on incoming RIPng packets.

checkzero

By default, this feature is enabled.

 

Configuring the maximum number of ECMP routes

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Configure the maximum number of ECMP routes.

maximum load-balancing number

By default, the maximum number of RIPng ECMP routes equals the maximum number of ECMP routes supported by the system.

Use the max-ecmp-num command to configure the maximum number of ECMP routes supported by the system. For more information about the max-ecmp-num command, see Layer 3—IP Routing Command Reference.

 

Configuring RIPng GR

GR ensures forwarding continuity when a routing protocol restarts or an active/standby switchover occurs.

Two routers are required to complete a GR process. The following are router roles in a GR process:

·          GR restarter—Graceful restarting router. It must have GR capability.

·          GR helper—A neighbor of the GR restarter. It helps the GR restarter to complete the GR process.

After RIPng restarts on a router, the router must learn RIPng routes again and updates its FIB table, which causes network disconnections and route reconvergence.

With the GR feature, the restarting router (known as the GR restarter) can notify the event to its GR capable neighbors. GR capable neighbors (known as GR helpers) maintain their adjacencies with the router within a configurable GR interval. During this process, the FIB table of the router does not change. After the restart, the router contacts its neighbors to retrieve its FIB.

By default, a RIPng-enabled device acts as the GR helper. Perform this task on the GR restarter.

To configure GR on the GR restarter:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable RIPng and enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Enable the GR capability for RIPng.

graceful-restart

By default, RIPng GR is disabled.

 

Applying an IPsec profile

To protect routing information and prevent attacks, RIPng supports using an IPsec profile to authenticate protocol packets. For more information about IPsec profiles, see Security Configuration Guide.

Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec profile. A device uses the SPI carried in a received packet to match against the configured IPsec profile. If they match, the device accepts the packet. If they do not match, the device discards the packet and does not establish a neighbor relationship with the sending device.

You can configure an IPsec profile for a RIPng process or interface. The IPsec profile configured for a process applies to all packets in the process. The IPsec profile configured for an interface applies to packets on the interface. If an interface and its process each have an IPsec profile configured, the interface uses its own IPsec profile.

To apply an IPsec profile to a process:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter RIPng view.

ripng [ process-id ] [ vpn-instance vpn-instance-name ]

N/A

3.       Apply an IPsec profile to the process.

enable ipsec-profile profile-name

By default, no IPsec profile is applied.

 

To apply an IPsec profile to an interface:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Apply an IPsec profile to the interface.

ripng ipsec-profile profile-name

By default, no IPsec profile is applied.

 

Displaying and maintaining RIPng

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display configuration information for a RIPng process.

display ripng [ process-id ]

Display routes in the RIPng database.

display ripng process-id database [ ipv6-address prefix-length ]

Display routing information for a RIPng process.

display ripng process-id route [ ipv6-address prefix-length [ verbose ] | peer ipv6-address | statistics ]

Display RIPng interface information.

display ripng process-id interface [ interface-type interface-number ]

Reset a RIPng process.

reset ripng process-id process

Clear statistics for a RIPng process.

reset ripng process-id statistics

 

RIPng configuration examples

Basic RIPng configuration example

Network requirements

As shown in Figure 1, Switch A, Switch B, and Switch C run RIPng. Configure Switch B to filter the route 2::/64 learned from Switch A and to forward only the route 4::/64 to Switch A.

Figure 1 Network diagram

 

Configuration procedure

1.        Configure IPv6 addresses for interfaces. (Details not shown.)

2.        Configure basic RIPng:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] ripng 1

[SwitchA-ripng-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ripng 1 enable

[SwitchA-Vlan-interface100] quit

[SwitchA] interface vlan-interface 400

[SwitchA-Vlan-interface400] ripng 1 enable

[SwitchA-Vlan-interface400] quit

# Configure Switch B.

<SwitchA> system-view

[SwitchA] ripng 1

[SwitchA-ripng-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ripng 1 enable

[SwitchA-Vlan-interface100] quit

[SwitchA] interface vlan-interface 400

[SwitchA-Vlan-interface400] ripng 1 enable

[SwitchA-Vlan-interface400] quit

# Configure Switch C.

<SwitchC> system-view

[SwitchC] ripng 1

[SwitchC-ripng-1] quit

[SwitchC] interface vlan-interface 200

[SwitchC-Vlan-interface200] ripng 1 enable

[SwitchC-Vlan-interface200] quit

[SwitchC] interface vlan-interface 500

[SwitchC-Vlan-interface500] ripng 1 enable

[SwitchC-Vlan-interface500] quit

[SwitchC] interface vlan-interface 600

[SwitchC-Vlan-interface600] ripng 1 enable

[SwitchC-Vlan-interface600] quit

# Display the RIPng routing table on Switch B.

[SwitchB] display ripng 1 route

   Route Flags: A - Aging, S - Suppressed, G - Garbage-collect

                O - Optimal, F - Flush to RIB

 ----------------------------------------------------------------

 

 Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100

 Destination 1::/64,

     via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, AOF, 6 secs

 Destination 2::/64,

     via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, AOF, 6 secs

 

 Peer FE80::20F:E2FF:FE00:100  on Vlan-interface200

 Destination 3::/64,

     via FE80::20F:E2FF:FE00:100, cost 1, tag 0, AOF, 11 secs

 Destination 4::/64,

     via FE80::20F:E2FF:FE00:100, cost 1, tag 0, AOF, 11 secs

 Destination 5::/64,

     via FE80::20F:E2FF:FE00:100, cost 1, tag 0, AOF, 11 secs

# Display the RIPng routing table on Switch A.

[SwitchA] display ripng 1 route

   Route Flags: A - Aging, S - Suppressed, G - Garbage-collect

                O - Optimal, F - Flush to RIB

 ----------------------------------------------------------------

 

 Peer FE80::200:2FF:FE64:8904 on Vlan-interface100

 Destination 1::/64,

     via FE80::200:2FF:FE64:8904, cost 1, tag 0, AOF, 31 secs

 Destination 3::/64,

     via FE80::200:2FF:FE64:8904, cost 1, tag 0, AOF, 31 secs

 Destination 4::/64,

     via FE80::200:2FF:FE64:8904, cost 2, tag 0, AOF, 31 secs

 Destination 5::/64,

     via FE80::200:2FF:FE64:8904, cost 2, tag 0, AOF, 31 secs

3.        Configure route filtering:

# Use IPv6 prefix lists on Switch B to filter received and redistributed routes.

[SwitchB] ipv6 prefix-list aaa permit 4:: 64

[SwitchB] ipv6 prefix-list bbb deny 2:: 64

[SwitchB] ipv6 prefix-list bbb permit :: 0 less-equal 128

[SwitchB] ripng 1

[SwitchB-ripng-1] filter-policy prefix-list aaa export

[SwitchB-ripng-1] filter-policy prefix-list bbb import

[SwitchB-ripng-1] quit

# Display RIPng routing tables on Switch B and Switch A.

[SwitchB] display ripng 1 route

   Route Flags: A - Aging, S - Suppressed, G - Garbage-collect

                O - Optimal, F - Flush to RIB

 ----------------------------------------------------------------

 

 Peer FE80::1:100 on Vlan-interface100

 Destination 1::/64,

     via FE80::2:100, cost 1, tag 0, AOF, 6 secs

 

 Peer FE80::3:200 on Vlan-interface200

 Destination 3::/64,

     via FE80::2:200, cost 1, tag 0, AOF, 11 secs

 Destination 4::/64,

     via FE80::2:200, cost 1, tag 0, AOF, 11 secs

 Destination 5::/64,

     via FE80::2:200, cost 1, tag 0, AOF, 11 secs

[SwitchA] display ripng 1 route

   Route Flags: A - Aging, S - Suppressed, G - Garbage-collect

                O - Optimal, F - Flush to RIB

 ----------------------------------------------------------------

 

 Peer FE80::2:100 on Vlan-interface100

 Destination 4::/64,

     via FE80::1:100, cost 2, tag 0, AOF, 2 secs

RIPng route redistribution configuration example

Network requirements

As shown in Figure 2, Switch B communicates with Switch A through RIPng 100 and with Switch C through RIPng 200.

Configure route redistribution on Switch B, so the two RIPng processes can redistribute routes from each other.

Figure 2 Network diagram

 

Configuration procedure

1.        Configure IPv6 addresses for interfaces. (Details not shown.)

2.        Configure basic RIPng:

# Enable RIPng 100 on Switch A.

<SwitchA> system-view

[SwitchA] ripng 100

[SwitchA-ripng-100] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ripng 100 enable

[SwitchA-Vlan-interface100] quit

[SwitchA] interface vlan-interface 200

[SwitchA-Vlan-interface200] ripng 100 enable

[SwitchA-Vlan-interface200] quit

# Enable RIPng 100 and RIPng 200 on Switch B.

<SwitchB> system-view

[SwitchB] ripng 100

[SwitchB-ripng-100] quit

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ripng 100 enable

[SwitchB-Vlan-interface100] quit

[SwitchB] ripng 200

[SwitchB-ripng-200] quit

[SwitchB] interface vlan-interface 300

[SwitchB-Vlan-interface300] ripng 200 enable

[SwitchB-Vlan-interface300] quit

#  Enable RIPng 200 on Switch C.

<SwitchC> system-view

[SwitchC] ripng 200

[SwitchC] interface vlan-interface 300

[SwitchC-Vlan-interface300] ripng 200 enable

[SwitchC-Vlan-interface300] quit

[SwitchC] interface vlan-interface 400

[SwitchC-Vlan-interface400] ripng 200 enable

[SwitchC-Vlan-interface400] quit

# Display the routing table on Switch A.

[SwitchA] display ipv6 routing-table

 

Destinations : 7 Routes : 7

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : Direct

NextHop    : 1::1                                        Preference: 0

Interface  : Vlan100                                     Cost      : 0

 

Destination: 1::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 2::/64                                      Protocol  : Direct

NextHop    : 2::1                                        Preference: 0

Interface  : Vlan200                                     Cost      : 0

 

Destination: 2::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FF00::/8                                    Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0                                       Cost      : 0

3.        Configure RIPng route redistribution:

# Configure route redistribution between the two RIPng processes on Switch B.

[SwitchB] ripng 100

[SwitchB-ripng-100] import-route ripng 200

[SwitchB-ripng-100] quit

[SwitchB] ripng 200

[SwitchB-ripng-200] import-route ripng 100

[SwitchB-ripng-200] quit

# Display the routing table on Switch A.

[SwitchA] display ipv6 routing-table

 

Destinations : 8 Routes : 8

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : Direct

NextHop    : 1::1                                        Preference: 0

Interface  : Vlan100                                     Cost      : 0

 

Destination: 1::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 2::/64                                      Protocol  : Direct

NextHop    : 2::1                                        Preference: 0

Interface  : Vlan200                                     Cost      : 0

 

Destination: 2::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 4::/64                                      Protocol  : RIPng

NextHop    : FE80::200:BFF:FE01:1C02                     Preference: 100

Interface  : Vlan100                                     Cost      : 1

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FF00::/8                                    Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0                                       Cost      : 0

RIPng IPsec profile configuration example

Network requirements

As shown in Figure 3, configure RIPng on the switches, and configure IPsec profiles on the switches to authenticate and encrypt protocol packets.

Figure 3 Network diagram

 

Configuration procedure

1.        Configure IPv6 addresses for interfaces. (Details not shown.)

2.        Configure RIPng basic functions:

# Configure Switch A.

<SwitchA> system-view

[SwitchA] ripng 1

[SwitchA-ripng-1] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ripng 1 enable

[SwitchA-Vlan-interface100] quit

# Configure Switch B.

<SwitchB> system-view

[SwitchB] ripng 1

[SwitchB-ripng-1] quit

[SwitchB] interface vlan-interface 200

[SwitchB-Vlan-interface200] ripng 1 enable

[SwitchB-Vlan-interface200] quit

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ripng 1 enable

[SwitchB-Vlan-interface100] quit

# Configure Switch C.

<SwitchC> system-view

[SwitchC] ripng 1

[SwitchC-ripng-1] quit

[SwitchC] interface vlan-interface 200

[SwitchC-Vlan-interface200] ripng 1 enable

[SwitchC-Vlan-interface200] quit

3.        Configure RIPng IPsec profiles:

¡  On Switch A:

# Create an IPsec transform set named protrf1.

[SwitchA] ipsec transform-set protrf1

# Specify the ESP encryption and authentication algorithms.

[SwitchA-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc

[SwitchA-ipsec-transform-set-protrf1] esp authentication-algorithm md5

# Specify the encapsulation mode as transport.

[SwitchA-ipsec-transform-set-protrf1] encapsulation-mode transport

[SwitchA-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[SwitchA] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[SwitchA-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[SwitchA-ipsec-profile-profile001-manual] sa spi inbound esp 256

[SwitchA-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[SwitchA-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[SwitchA-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[SwitchA-ipsec-profile-profile001-manual] quit

¡  On Switch B:

# Create an IPsec transform set named protrf1.

[SwitchB] ipsec transform-set protrf1

# Specify the ESP encryption and authentication algorithms.

[SwitchB-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc

[SwitchB-ipsec-transform-set-protrf1] esp authentication-algorithm md5

# Specify the encapsulation mode as transport.

[SwitchB-ipsec-transform-set-protrf1] encapsulation-mode transport

[SwitchB-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[SwitchB] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[SwitchB-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[SwitchB-ipsec-profile-profile001-manual] sa spi inbound esp 256

[SwitchB-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[SwitchB-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[SwitchB-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[SwitchB-ipsec-profile-profile001-manual] quit

¡  On Switch C:

# Create an IPsec transform set named protrf1.

[SwitchC] ipsec transform-set protrf1

# Specify the ESP encryption and authentication algorithms.

[SwitchC-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc

[SwitchC-ipsec-transform-set-protrf1] esp authentication-algorithm md5

# Specify the encapsulation mode as transport.

[SwitchC-ipsec-transform-set-protrf1] encapsulation-mode transport

[SwitchC-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[SwitchC] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[SwitchC-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[SwitchC-ipsec-profile-profile001-manual] sa spi inbound esp 256

[SwitchC-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[SwitchC-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[SwitchC-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[SwitchC-ipsec-profile-profile001-manual] quit

4.        Apply the IPsec profiles to the RIPng process:

# Configure Switch A.

[SwitchA] ripng 1

[SwitchA-ripng-1] enable ipsec-profile profile001

[SwitchA-ripng-1] quit

# Configure Switch B.

[SwitchB] ripng 1

[SwitchB-ripng-1] enable ipsec-profile profile001

[SwitchB-ripng-1] quit

# Configure Switch C.

[SwitchC] ripng 1

[SwitchC-ripng-1] enable ipsec-profile profile001

[SwitchC-ripng-1] quit

Verifying the configuration

# Verify that RIPng packets between Switches A, B and C are protected by IPsec. (Details not shown.)

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网