Manualsbrain.com
  1. マニュアル
  2. ブランド
  3. Alcatel-Lucent
  4. 6850-48
  5. ネットワークガイド

Alcatel-Lucent 6850-48 ネットワークガイド

ダウンロード
ページ / 1162
Configuring IPsec
Configuring IPsec on the OmniSwitch
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 27-11
Configuring IPsec on the OmniSwitch
Before configuring IPsec the following security best practices should be followed:
• Set the Master Security Key - This is used to encrypt SA keys when stored.
• Use SSH, HTTPS, or SNMPv3 to prevent sensitive information such as SA keys from being sent in the 
clear.
• Restrict IPsec commands to authorized users only. This is described in 
Configuring IPsec for securing IPv6 traffic on a switch requires several steps which are explained below
• Configure the master security key for the switch which is used to encrypt and decrypt the configured 
SA keys. This is described in 
• Configure an IPsec Security Policy on the switch. This is described in 
.
• Set an IPsec rule for the configured IPsec Security Policy on the switch. This is described in 
.
• Enable the Security Policy. This is described in 
• Configure the authentication and encryption keys required for manually configured IPsec Security 
associations (SA). This is described in 
• Configure an IPsec Security Association on the switch by setting parameters such as Security Associa-
tion type, encryption and authentication for SA. This is described in 
Configuring IPsec for discarding IPv6 traffic on a switch requires a single step:
• Configure the IPsec Discard policy on the switch which is used to discard or filter the IPv6 packets. 
This is described in 
.
Configuring an IPsec Master Key
The master security key is used to encrypt and decrypt the configured SA keys that are saved to perma-
nent storage (e.g., boot.cfg file). To set a master security key the first time, simply enter th
command along with a new key value. For example:
-> ipsec security-key new_master_key_1 
or 
-> ipsec security-key 0x12345678123456781234567812345678
Note. The key value can be specified either in hexadecimal format (16 bytes in length) or as a string (16 
characters in length). A warning message is logged if SA keys are set without the Master Key being set.
To change the master security key specify the old and new key values.
-> ipsec security-key new_master_key_1 new_master_key_2