Country/Region

MSR810 active-backup SIM card + EAA modifying the configuration of interface tunnel of mGRE

2021-12-02 16:20:06 Published
  • 0 Followed
  • 0Collected ,1557Browsed
Henry_j18222

Network Topology


as above

Problem Description

Configure active-backup mode for the 2 SIM card in MSR810.

The mGRE configuration should be automatically modifying by EAA.

Process Analysis

Irrelevant

Solution

 version 7.1.064, Release 0821P13

 

Configure Track and NQA

#

track 1 interface Eth-channel1/0:0

#

track 2 interface Eth-channel1/1:0

#

track 10 list boolean or          // Track two destination IP address at the same time, trigger when both of them is unreachable.

 object 20

 object 30

#

track 20 nqa entry admin 1 reaction 1

 delay negative 30 positive 30

#

track 30 nqa entry admin 2 reaction 1

 delay negative 30 positive 30

#

 dialer-group 89 rule ip permit

 dialer-group 90 rule ip permit

#

nqa entry admin 1

 type icmp-echo

  destination ip A

  frequency 5000

  probe count 10

  probe timeout 5000

  reaction 1 checked-element probe-fail threshold-type consecutive 10 action-type trigger-only

  source ip B

#

nqa entry admin 2

 type icmp-echo

  destination ip C

  frequency 5000

  probe count 10

  probe timeout 5000

  reaction 1 checked-element probe-fail threshold-type consecutive 10 action-type trigger-only

  source ip B

#

 nqa schedule admin 1 start-time now lifetime forever

 nqa schedule admin 2 start-time now lifetime forever

#

 

 

Configure 4G dialing for two SIM card

#

apn-profile apn-Kcell-profile

 apn static kaspi

 authentication-mode chap user example1 password simple example1_password

#

apn-profile apn-Tele2-profile

 apn static tele2.kaspi.kz

 authentication-mode chap user example2 password simple example2_password

#

controller Cellular1/0

 description TELE2

 eth-channel 0

 rssi lte low 89

 sim backup enable track 10           //  switchover when track 10 is triggered

#

controller Cellular1/1

 description KCELL

 eth-channel 0

 rssi lte low 89

 sim backup enable track 10        //  switchover when track 10 is triggered

#

interface Eth-channel1/0:0

 description TELE2

 dialer circular enable

 dialer-group 89

 dialer timer wait-carrier 10

 dialer timer autodial 5

 dialer number *99# autodial

 ip address cellular-alloc

 tcp mss 1280

 nat outbound

 apn-profile apply apn-Tele2-profile

#

interface Eth-channel1/1:0

 description KCell

 dialer circular enable

 dialer-group 90

 dialer timer wait-carrier 10

 dialer timer autodial 5

 dialer number *99# autodial

 ip address cellular-alloc

 tcp mss 1280

 nat outbound

 apn-profile apply apn-Kcell-profile

#

 

Configure mGRE protected by IPsec.

#

interface Tunnel0 mode mgre

 mtu 1360

 ip address B 255.255.255.0

 ospf timer hello 30

 ospf timer dead 120

 ospf authentication-mode md5 1 cipher $c$3$wdp2vNkCwK3qtTvaZcvL+JRH67Qj+IYAPSAmcFmso0E=

 ospf network-type p2mp

 source Eth-channel1/1:0

 gre key 3xxxxx2

 nhrp network-id 201

 nhrp authentication cipher $c$3$heXN5Kp/DWUbYi31/78BsRNFA7sgSOFCS50n

 nhrp holdtime 300

 nhrp nhs A nbma D

 nhrp nhs C nbma E

 tunnel protection ipsec profile H3C-IPSec

#

 ip route-static D 32 Eth-channel1/0:0

 ip route-static D 32 Eth-channel1/1:0

 ip route-static E 32 Eth-channel1/0:0

 ip route-static E 32 Eth-channel1/1:0

#

 

Set EAA for modifying the interface tunnel configuration when SIM is switchover.

#

rtm cli-policy sim0

 event track 1 state positive

 action 0 cli system-view

 action 1 cli interface Tunnel0 mode mgre

 action 2 cli source E-Ch1/0:0

 user-role network-admin

 user-role network-operator

#

rtm cli-policy sim1

 event track 2 state positive

 action 0 cli system-view

 action 1 cli interface Tunnel0 mode mgre

 action 2 cli source E-Ch1/1:0

 user-role network-admin

 user-role network-operator

#

 

Configure the IPsec IKEv2 for mGRE

#

ipsec transform-set H3C-TRANSFS

 esp encryption-algorithm aes-cbc-256

 esp authentication-algorithm sha256

#

ipsec profile H3C-IPSec isakmp

 transform-set H3C-TRANSFS

 ikev2-profile H3C_prof

#

ikev2 keychain H3C_KEYCH

 peer HQ-53

  address D 255.255.255.255

  pre-shared-key local ciphertext $c$3$VwjmIrmhrWWp1UmRgTDavDjTldN9j0jtwkCmXafc4M0V0aBoc7kodGZwFKTDRsS38O87/63Lg3ncfqnalY8kLiLHz5LAgg==

  pre-shared-key remote ciphertext $c$3$1zCxl9WtCcP1/fqGu3T0QZreMrFrRiLWneqWrWSwAEOp9Sa/bijD3Jd8WsxRSTDkdFmJn4zcunUs94djfjrWYZeQZJ2qgA==

 peer HQ-55

  address E 255.255.255.255

  pre-shared-key local ciphertext $c$3$NViHHImiQkTuEXpMgeBnHDI5MftV9HYTColtlA1tjOTOwd0gA3BLl/N7jiqQidswn4l2M9x/NdFefKFemVagjD85EZK52Q==

  pre-shared-key remote ciphertext $c$3$2oVw/y4Ig+sLmM5FZZrjvrSRvndkRURDk7A1rh5XJomaSHbxJV2Kj1hw+YiAGeigUd9CPPkFQzDZhPzM+JyO329RrYS/9A==

#

ikev2 profile H3C_prof

 authentication-method local pre-share

 authentication-method remote pre-share

 keychain H3C_KEYCH

 match local address Eth-channel1/0:0

 match local address Eth-channel1/1:0

 match remote identity address 10.2.3.192 255.255.255.248

#

ikev2 proposal AES-SHA-256

 encryption aes-cbc-256

 integrity sha256

 dh group14

 prf sha256

#

ikev2 policy POLICY_H3C

 proposal AES-SHA-256

 match local address Eth-channel1/1:0

 match local address Eth-channel1/0:0

#

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted