R0106-HP MSR Router Series Layer 3 - IP Services Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

411

412

413

414

415

416

417

418

419

420

406

Views

Hub group view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Specifies that IPv4 spoke-to-spoke tunnels can be established between all spokes in different hub

groups.

acl: Specifies that IPv4 spoke-to-spoke tunnels can be established only between spokes permitted by an

IPv4 ACL.

acl-number: Specifies the number of an IPv4 ACL:

• 2000 to 2999 for basic ACLs.

• 3000 to 3999 for advanced ACLs.

name acl-name: Assigns a name to the IPv4 ACL for easy identification. The acl-name argument is a

case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it

cannot be all.

Usage guidelines

The VAM server assigns the configured rules for establishing IPv4 spoke-to-spoke tunnels to an online

hub.

When receiving an IPv4 spoke-to-spoke packet, a hub sends a redirect packet to the spoke that sent the

packet if all is specified or the packet matches an ACL rule. Then, the spoke contacts the VAM server to

obtain the public address of the remote spoke and establishes a direct tunnel to the remote spoke.

After a spoke-spoke tunnel is established, packets are directly forwarded to the remote spoke instead of

being forwarded by the hub.

When you reference an ACL, follow these restrictions and guidelines:

• If the referenced ACL does not exist, the configuration does not take effect. The hub sends no

redirect packet to the spoke.

• If the referenced ACL is an IPv4 basic ACL, this command supports only rules that match source

addresses.

• If the referenced ACL is an IPv4 advanced ACL, this command supports rules that match protocols,

source/destination addresses, and source/destination ports. It does not support rules that exclude

a source/destination port.

• If the referenced ACL contains an unsupported rule, the rule does not take effect.

Examples

# Configure ACL 3000 as a rule for establishing IPv4 spoke-to-spoke tunnels.

<Sysname> system-view

[Sysname] vam server advpn-domain 1

[Sysname-vam-server-domain-1] hub-group 1

[Sysname-vam-server-domain-1-hub-group-1] shortcut interest acl 3000