Manualsbrain.com
  1. 份说明书
  2. 个品牌
  3. Alcatel-Lucent
  4. 6850-48
  5. 网络指南

Alcatel-Lucent 6850-48 网络指南

下载
页码 1162
Configuring IPsec on the OmniSwitch
Configuring IPsec
page 27-14
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Assigning an Action to a Policy
To define what action will be performed on the traffic specified in the security policy, you can use the 
following parameters:
• discard - Discards the IPv6 packets.
• ipsec - Allows IPsec processing of the traffic to which this policy is applied. 
If the action is ipsec, then a rule must be defined before the policy can be enabled. Additionally, SAs and 
SA keys must also be configured to support the rule.
• none - No action is performed.
The above commands could be modified to discard the traffic instead of processing using IPsec. 
-> ipsec policy tcp_in discard 
-> ipsec policy tcp_out discard 
Configuring the Protocol for a Policy
You can define the type of protocol to which the security policy can be applied by using the protocol 
parameter. For example:
-> ipsec policy udp_in source ::/0 destination 3ffe:200:200:4001::99 protocol 
udp in ipsec description "IPsec on all inbound UDP" no shutdown
The following table lists the various protocols that can be specified, refer to the 
 command for 
additional details.
Verifying a Policy
To verify the configured IPsec policy, use the
-> show ipsec policy
Name        Priority Source-> Destination 
Protocol Direction Action State
-----------+--------+-----------------------------+--------+-------+-------+------
tcp_in 500 
3ffe:1:1:1::99->3ffe:1:1:1::1 
TCP 
in 
ipsec 
esp
active
tcp_out 500 
3ffe:1:1:1::1->3ffe:1:1:1::99
TCP 
out 
ipsec 
esp
active
ftp-in-drop  100    ::/0->::/0   
TCP   in 
discard disabled
telnet-in-1  100    2000::/48->::/0
  TCP   in  
ipsec   disabled
The above command provides examples of various configured policies. 
Note. The presence of a ‘+’ sign in the ‘Source->Destination’ or ‘Action’ indicates the values has been 
truncated to fit. View a specific security policy to view additional details. 
You can also verify the configuration of a specific security policy by using the 
command
 
followed by the name of the security policy. For example:
protocol
any icmp6[type 
type]
tcp
udp
ospf
vrrp
number protocol