• All
  • Test
  • Startup
  • Experience Case
  • FAQ
Product line
Search
Cancel
Documents type
Author
Time
Search

MSR810 active-backup SIM card + EAA modifying the configuration of interface tunnel of mGRE

2021-12-02 08:20:06 Published
  • 0Followed
  • -1Collected ,418Browsed
fans:0 follow:0

Network Topology


as above

Problem Description

Configure active-backup mode for the 2 SIM card in MSR810.

The mGRE configuration should be automatically modifying by EAA.

Process Analysis

Irrelevant

Solution

 version 7.1.064, Release 0821P13

 

Configure Track and NQA

#

track 1 interface Eth-channel1/0:0

#

track 2 interface Eth-channel1/1:0

#

track 10 list boolean or          // Track two destination IP address at the same time, trigger when both of them is unreachable.

 object 20

 object 30

#

track 20 nqa entry admin 1 reaction 1

 delay negative 30 positive 30

#

track 30 nqa entry admin 2 reaction 1

 delay negative 30 positive 30

#

 dialer-group 89 rule ip permit

 dialer-group 90 rule ip permit

#

nqa entry admin 1

 type icmp-echo

  destination ip A

  frequency 5000

  probe count 10

  probe timeout 5000

  reaction 1 checked-element probe-fail threshold-type consecutive 10 action-type trigger-only

  source ip B

#

nqa entry admin 2

 type icmp-echo

  destination ip C

  frequency 5000

  probe count 10

  probe timeout 5000

  reaction 1 checked-element probe-fail threshold-type consecutive 10 action-type trigger-only

  source ip B

#

 nqa schedule admin 1 start-time now lifetime forever

 nqa schedule admin 2 start-time now lifetime forever

#

 

 

Configure 4G dialing for two SIM card

#

apn-profile apn-Kcell-profile

 apn static kaspi

 authentication-mode chap user example1 password simple example1_password

#

apn-profile apn-Tele2-profile

 apn static tele2.kaspi.kz

 authentication-mode chap user example2 password simple example2_password

#

controller Cellular1/0

 description TELE2

 eth-channel 0

 rssi lte low 89

 sim backup enable track 10           //  switchover when track 10 is triggered

#

controller Cellular1/1

 description KCELL

 eth-channel 0

 rssi lte low 89

 sim backup enable track 10        //  switchover when track 10 is triggered

#

interface Eth-channel1/0:0

 description TELE2

 dialer circular enable

 dialer-group 89

 dialer timer wait-carrier 10

 dialer timer autodial 5

 dialer number *99# autodial

 ip address cellular-alloc

 tcp mss 1280

 nat outbound

 apn-profile apply apn-Tele2-profile

#

interface Eth-channel1/1:0

 description KCell

 dialer circular enable

 dialer-group 90

 dialer timer wait-carrier 10

 dialer timer autodial 5

 dialer number *99# autodial

 ip address cellular-alloc

 tcp mss 1280

 nat outbound

 apn-profile apply apn-Kcell-profile

#

 

Configure mGRE protected by IPsec.

#

interface Tunnel0 mode mgre

 mtu 1360

 ip address B 255.255.255.0

 ospf timer hello 30

 ospf timer dead 120

 ospf authentication-mode md5 1 cipher $c$3$wdp2vNkCwK3qtTvaZcvL+JRH67Qj+IYAPSAmcFmso0E=

 ospf network-type p2mp

 source Eth-channel1/1:0

 gre key 3xxxxx2

 nhrp network-id 201

 nhrp authentication cipher $c$3$heXN5Kp/DWUbYi31/78BsRNFA7sgSOFCS50n

 nhrp holdtime 300

 nhrp nhs A nbma D

 nhrp nhs C nbma E

 tunnel protection ipsec profile H3C-IPSec

#

 ip route-static D 32 Eth-channel1/0:0

 ip route-static D 32 Eth-channel1/1:0

 ip route-static E 32 Eth-channel1/0:0

 ip route-static E 32 Eth-channel1/1:0

#

 

Set EAA for modifying the interface tunnel configuration when SIM is switchover.

#

rtm cli-policy sim0

 event track 1 state positive

 action 0 cli system-view

 action 1 cli interface Tunnel0 mode mgre

 action 2 cli source E-Ch1/0:0

 user-role network-admin

 user-role network-operator

#

rtm cli-policy sim1

 event track 2 state positive

 action 0 cli system-view

 action 1 cli interface Tunnel0 mode mgre

 action 2 cli source E-Ch1/1:0

 user-role network-admin

 user-role network-operator

#

 

Configure the IPsec IKEv2 for mGRE

#

ipsec transform-set H3C-TRANSFS

 esp encryption-algorithm aes-cbc-256

 esp authentication-algorithm sha256

#

ipsec profile H3C-IPSec isakmp

 transform-set H3C-TRANSFS

 ikev2-profile H3C_prof

#

ikev2 keychain H3C_KEYCH

 peer HQ-53

  address D 255.255.255.255

  pre-shared-key local ciphertext $c$3$VwjmIrmhrWWp1UmRgTDavDjTldN9j0jtwkCmXafc4M0V0aBoc7kodGZwFKTDRsS38O87/63Lg3ncfqnalY8kLiLHz5LAgg==

  pre-shared-key remote ciphertext $c$3$1zCxl9WtCcP1/fqGu3T0QZreMrFrRiLWneqWrWSwAEOp9Sa/bijD3Jd8WsxRSTDkdFmJn4zcunUs94djfjrWYZeQZJ2qgA==

 peer HQ-55

  address E 255.255.255.255

  pre-shared-key local ciphertext $c$3$NViHHImiQkTuEXpMgeBnHDI5MftV9HYTColtlA1tjOTOwd0gA3BLl/N7jiqQidswn4l2M9x/NdFefKFemVagjD85EZK52Q==

  pre-shared-key remote ciphertext $c$3$2oVw/y4Ig+sLmM5FZZrjvrSRvndkRURDk7A1rh5XJomaSHbxJV2Kj1hw+YiAGeigUd9CPPkFQzDZhPzM+JyO329RrYS/9A==

#

ikev2 profile H3C_prof

 authentication-method local pre-share

 authentication-method remote pre-share

 keychain H3C_KEYCH

 match local address Eth-channel1/0:0

 match local address Eth-channel1/1:0

 match remote identity address 10.2.3.192 255.255.255.248

#

ikev2 proposal AES-SHA-256

 encryption aes-cbc-256

 integrity sha256

 dh group14

 prf sha256

#

ikev2 policy POLICY_H3C

 proposal AES-SHA-256

 match local address Eth-channel1/1:0

 match local address Eth-channel1/0:0

#

Please rate this case:   
0 comments

No comments

Add Comments:

举报

×

侵犯我的权益 >
对根叔知了社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔知了社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明

提出建议

    +

Login before you can operate!

login

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作