3com MSR 20-20 참조 매뉴얼

None

Use the ipsec cpu-backup enable command to enable the IPSec module 
backup function.

Use the undo ipsec cpu-backup enable command to disable the IPSec CPU 
backup function.

By default, the IPSec module backup function is disabled.

# Enable the IPSec module backup function.

<Sysname> system-view

[Sysname] ipsec cpu-backup enable 

ipsec policy policy-name

undo ipsec policy [ policy-name ]

Interface view

policy-name: Name of the existing IPSec policy group to be applied to the 
interface, a string of 1 to 15 characters.

Use the ipsec policy command to apply an IPSec policy group to an interface.

Use the undo ipsec policy command to remove the application of an IPSec 
policy group.

Note that:

■

Only one IPSec policy group can be applied to an interface. To apply another 
IPSec policy group to the interface, you need to remove the original application 
and then apply the new one to the interface. An IPSec policy group can be 
applied to more than one interface.

■

With an IPSec policy group applied to an interface, the system uses each IPSec 
policy in the group to protect certain data flows.

■

For each packet to be sent out an IPSec protected interface, the system checks 
the IPSec policies of the IPSec policy group in the ascending order of sequence 
numbers. If it finds an IPSec policy whose ACL matches the packet, it uses the 
IPSec policy to protect the packet. If it finds no ACL of the IPSec policies 
matches the packet, it does not provide IPSec protection for the packet and 
sends the packet out directly.

ipsec policy (system view).

# Apply IPSec policy group pg1 to interface Serial 2/2.