3com MSR 20-20 참조 매뉴얼
2135
Parameter
None
Description
Use the ipsec cpu-backup enable command to enable the IPSec module
backup function.
backup function.
Use the undo ipsec cpu-backup enable command to disable the IPSec CPU
backup function.
backup function.
By default, the IPSec module backup function is disabled.
Example
# Enable the IPSec module backup function.
<Sysname> system-view
[Sysname] ipsec cpu-backup enable
ipsec policy (interface view)
Syntax
ipsec policy policy-name
undo ipsec policy [ policy-name ]
View
Interface view
Parameter
policy-name: Name of the existing IPSec policy group to be applied to the
interface, a string of 1 to 15 characters.
interface, a string of 1 to 15 characters.
Description
Use the ipsec policy command to apply an IPSec policy group to an interface.
Use the undo ipsec policy command to remove the application of an IPSec
policy group.
policy group.
Note that:
■
Only one IPSec policy group can be applied to an interface. To apply another
IPSec policy group to the interface, you need to remove the original application
and then apply the new one to the interface. An IPSec policy group can be
applied to more than one interface.
IPSec policy group to the interface, you need to remove the original application
and then apply the new one to the interface. An IPSec policy group can be
applied to more than one interface.
■
With an IPSec policy group applied to an interface, the system uses each IPSec
policy in the group to protect certain data flows.
policy in the group to protect certain data flows.
■
For each packet to be sent out an IPSec protected interface, the system checks
the IPSec policies of the IPSec policy group in the ascending order of sequence
numbers. If it finds an IPSec policy whose ACL matches the packet, it uses the
IPSec policy to protect the packet. If it finds no ACL of the IPSec policies
matches the packet, it does not provide IPSec protection for the packet and
sends the packet out directly.
the IPSec policies of the IPSec policy group in the ascending order of sequence
numbers. If it finds an IPSec policy whose ACL matches the packet, it uses the
IPSec policy to protect the packet. If it finds no ACL of the IPSec policies
matches the packet, it does not provide IPSec protection for the packet and
sends the packet out directly.
Related command:
Example
# Apply IPSec policy group pg1 to interface Serial 2/2.