[x]

RIPng configuration examples > RIPng IPsec profile configuration example

 

 Next

RIPng IPsec profile configuration example

Network requirements

As shown in Figure 27, configure RIPng on the switches, and configure IPsec profiles on the switches to authenticate and encrypt protocol packets.

Figure 27: Network diagram

Configuration procedure

  1. Configure IPv6 addresses for interfaces. (Details not shown.)

  2. Configure RIPng basic functions:

    # Configure Switch A.

    <SwitchA> system-view
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 1 enable
[SwitchA-Vlan-interface100] quit

    # Configure Switch B.

    <SwitchB> system-view
[SwitchB] ripng 1
[SwitchB-ripng-1] quit
[SwitchB] interface vlan-interface 200
[SwitchB-Vlan-interface200] ripng 1 enable
[SwitchB-Vlan-interface200] quit
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ripng 1 enable
[SwitchB-Vlan-interface100] quit

    # Configure Switch C.

    <SwitchC> system-view
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlan-interface 200
[SwitchC-Vlan-interface200] ripng 1 enable
[SwitchC-Vlan-interface200] quit

  3. Configure RIPng IPsec profiles:

    • On Switch A:

      # Create an IPsec transform set named protrf1.

      [SwitchA] ipsec transform-set protrf1

      # Specify the ESP encryption and authentication algorithms.

      [SwitchA-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc
[SwitchA-ipsec-transform-set-protrf1] esp authentication-algorithm md5

      # Specify the encapsulation mode as transport.

      [SwitchA-ipsec-transform-set-protrf1] encapsulation-mode transport
[SwitchA-ipsec-transform-set-protrf1] quit

      # Create a manual IPsec profile named profile001.

      [SwitchA] ipsec profile profile001 manual

      # Reference IPsec transform set protrf1.

      [SwitchA-ipsec-profile-profile001-manual] transform-set protrf1

      # Configure the inbound and outbound SPIs for ESP.

      [SwitchA-ipsec-profile-profile001-manual] sa spi inbound esp 256
[SwitchA-ipsec-profile-profile001-manual] sa spi outbound esp 256

      # Configure the inbound and outbound SA keys for ESP.

      [SwitchA-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc
[SwitchA-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc
[SwitchA-ipsec-profile-profile001-manual] quit

    • On Switch B:

      # Create an IPsec transform set named protrf1.

      [SwitchB] ipsec transform-set protrf1

      # Specify the ESP encryption and authentication algorithms.

      [SwitchB-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc
[SwitchB-ipsec-transform-set-protrf1] esp authentication-algorithm md5

      # Specify the encapsulation mode as transport.

      [SwitchB-ipsec-transform-set-protrf1] encapsulation-mode transport
[SwitchB-ipsec-transform-set-protrf1] quit

      # Create a manual IPsec profile named profile001.

      [SwitchB] ipsec profile profile001 manual

      # Reference IPsec transform set protrf1.

      [SwitchB-ipsec-profile-profile001-manual] transform-set protrf1

      # Configure the inbound and outbound SPIs for ESP.

      [SwitchB-ipsec-profile-profile001-manual] sa spi inbound esp 256
[SwitchB-ipsec-profile-profile001-manual] sa spi outbound esp 256

      # Configure the inbound and outbound SA keys for ESP.

      [SwitchB-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc
[SwitchB-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc
[SwitchB-ipsec-profile-profile001-manual] quit

    • On Switch C:

      # Create an IPsec transform set named protrf1.

      [SwitchC] ipsec transform-set protrf1

      # Specify the ESP encryption and authentication algorithms.

      [SwitchC-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc
[SwitchC-ipsec-transform-set-protrf1] esp authentication-algorithm md5

      # Specify the encapsulation mode as transport.

      [SwitchC-ipsec-transform-set-protrf1] encapsulation-mode transport
[SwitchC-ipsec-transform-set-protrf1] quit

      # Create a manual IPsec profile named profile001.

      [SwitchC] ipsec profile profile001 manual

      # Reference IPsec transform set protrf1.

      [SwitchC-ipsec-profile-profile001-manual] transform-set protrf1

      # Configure the inbound and outbound SPIs for ESP.

      [SwitchC-ipsec-profile-profile001-manual] sa spi inbound esp 256
[SwitchC-ipsec-profile-profile001-manual] sa spi outbound esp 256

      # Configure the inbound and outbound SA keys for ESP.

      [SwitchC-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc
[SwitchC-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc
[SwitchC-ipsec-profile-profile001-manual] quit

  4. Apply the IPsec profiles to the RIPng process:

    # Configure Switch A.

    [SwitchA] ripng 1
[SwitchA-ripng-1] enable ipsec-profile profile001
[SwitchA-ripng-1] quit

    # Configure Switch B.

    [SwitchB] ripng 1
[SwitchB-ripng-1] enable ipsec-profile profile001
[SwitchB-ripng-1] quit

    # Configure Switch C.

    [SwitchC] ripng 1
[SwitchC-ripng-1] enable ipsec-profile profile001
[SwitchC-ripng-1] quit

Verifying the configuration

# Verify that RIPng packets between Switches A, B and C are protected by IPsec. (Details not shown.)

prev

 

up

 next

Configuring RIPng FRR 

home

 Configuring routing policies

© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP