Brocade Communications Systems RFS7000 Network Router User Manual

Open as PDF

of 839

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 243

53-1001931-01

Global Configuration commands

1. Configuration required on controller 1:

a. Create an extended ACL. This is used to define the tunnel used by the traffic.

RFController(config)#access-list 150 permit ip 12.1.1.0/24 13.1.1.0/24

rule-precedence

b. Create and configure ISAKMP parameters.

RFController(config)#crypto isakmp keepalive 10

RFController(config)#crypto isakmp key ADBROCADE address 15.1.1.20

RFController(config)#crypto ipsec security-association lifetime

kilobytes 4608000

c. Create and configure ISAKMP policy.

RFController(config)#crypto isakmp policy 199

RFController(config-crypto-isakmp)#encryption aes

RFController(config-crypto-isakmp)#hash sha

RFController(config-crypto-isakmp)#authentication pre-share

RFController(config-crypto-isakmp)#group 5

RFController(config-crypto-isakmp)#lifetime 9496

d. Create and configure an IPSec transform set.

RFController(config)#crypto ipsec transform-set TFSET ah-sha-hmac esp-aes

RFController(config-crypto-ipsec)#mode tunnel

e. Create and configure a crypto map.

RFController(config)#crypto map THIRDMAP 435 isakmp

RFController(config-crypto-map)#set peer 15.1.1.20

RFController(config-crypto-map)#match address 150

RFController(config-crypto-map)#set transformset TFSET

RFController(config-crypto-map)#set security-association lifetime seconds 3600

f. Associate the crypto map with a VLAN interface.

RFController(config)#interface vlan1

RFController(config-if)#ip address 11.1.1.10/24

RFController(config-if)#crypto map THIRDMAP

RFController(config-if)#interface vlan2100

RFController(config-if)#ip address 12.1.1.10/24

RFController(config-if)#ip route 0.0.0.0/0 11.1.1.2

2. Configuration required on controller 2:

a. Create an extended ACL. This defines the tunnel used by the traffic.

RFController(config)#access-list 155permit ip 13.1.1.0/24 12.1.1.0/24

rule-precedence 1

b. Create and configure the ISAKMP parameters.

RFController(config)#crypto isakmp keepalive 10

RFController(config)#crypto isakmp key ADBROCADE address 11.1.1.10

RFController(config)#crypto ipsec security-association lifetime

kilobytes 4608000

c. Create and configure ISAKMP policy.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Brocade Communications Systems RFS7000 Network Router User Manual