Alcatel-Lucent OmniSwitch 6860 Series

To Next Page

To Previous Page

Configuring IPsec Quick Steps for Configuring an IPsec Discard Policy

OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 18-4

Quick Steps for Configuring an IPsec Discard

Policy

IPsec can be used for discarding IPv6 traffic as well as configuring encryption and authentication. For

discard policies, no rules, SAs or keys need to be defined.

1 Define the policy. The commands below use similar policy information as in the previous example but

the action has been changed to discard:

-> ipsec policy Discard_ALLoutMD5 source 664:1:1:1::199/64 destination

664:1:1:1::1/64 protocol any out discard admin-state enable

-> ipsec policy Discard_ALLinMD5 source 664:1:1:1::1/64 destination

664:1:1:1::199/64 protocol any in discard admin-state enable

2 Use the following show commands to verify the IPsec configuration:

-> show ipsec policy

-> show ipsec ipv6 statistics

Main Page

Default Chapter3
- Table of Contents3
About this Guide29
- Supported Platforms29
- When Should I Read this Manual29
- Who Should Read this Manual29
- How Is the Information Organized30
- What Is in this Manual30
- What Is Not in this Manual30
- Documentation Roadmap31
- Related Documentation33
- Technical Support34
Chapter 1 Configuring Ethernet Ports36
- Ethernet Port Defaults36
- Ethernet Ports Overview37
- Configuring Ethernet Port Parameters37
- Using TDR Cable Diagnostics47
- Interfaces Violation Recovery49
- Clearing Ethernet Port Violations53
- Link Monitoring54
- Link Fault Propagation58
- IEEE 1588 Precision Time Protocol (PTP)61
  - Enabling/Disabling PTP Time Stamping61
- MAC Security Overview62
- How It Works62
  - Enabling/Disabling Macsec on an Interface64
Chapter 2 Configuring UDLD66
- UDLD Defaults66
- Quick Steps for Configuring UDLD67
- UDLD Overview68
  - UDLD Operational Mode68
  - Mechanisms to Detect Unidirectional Links69
- Configuring UDLD69
- Verifying the UDLD Configuration72
- In this Chapter73
Chapter 3 Managing Source Learning74
- Source Learning Defaults74
- MAC Address Table Overview75
- Using Static MAC Addresses75
  - Configuring Static MAC Addresses76
- Using Static Multicast MAC Addresses77
  - Configuring Static Multicast MAC Addresses77
  - Static Multicast Mac Addresses on Link Aggregate Ports78
- Configuring MAC Address Table Aging Time79
- Configuring the Source Learning Status80
- Increasing the MAC Address Table Size81
- Displaying Source Learning Information82
Chapter 4 Configuring Vlans83
- VLAN Defaults84
- Sample VLAN Configuration85
- VLAN Management Overview86
- Creating/Modifying Vlans86
- Assigning Ports to Vlans88
  - Changing the Default VLAN Assignment for a Port88
  - Using 802.1Q Tagging89
- Enabling/Disabling Spanning Tree for a VLAN91
- Enabling/Disabling Source Learning91
- Configuring VLAN IP Interfaces92
- Bridging Vlans Across Multiple Switches93
- Verifying the VLAN Configuration95
  - Understanding Port Output Display95
Configuring Vlans83
- In this Chapter83
Chapter 34 Diagnosing Switch Problems95
- Using Private Vlans97
Chapter 5 Configuring High Availability Vlans108
- In this Chapter108
- High Availability Default Values109
- Quick Steps for Creating High Availability Vlans110
- High Availability VLAN Overview111
  - High Availability VLAN Operational Mode111
  - Traffic Flows in High Availability VLAN112
- Configuring High Availability Vlans on a Switch113
- Application Examples116
- Displaying High Availability VLAN Status123
Chapter 6 Configuring Spanning Tree Parameters124
- In this Chapter125
- Spanning Tree Bridge Parameter Defaults126
- Spanning Tree Port Parameter Defaults126
- Multiple Spanning Tree (MST) Region Defaults127
- Spanning Tree Overview128
  - How the Spanning Tree Topology Is Calculated128
  - Topology Examples133
- MST General Overview135
- Spanning Tree Operating Modes143
- Using Spanning Tree Configuration Commands149
- Configuring STP Bridge Parameters149
- Configuring STP Port Parameters156
- Sample Spanning Tree Configuration166
  - Example Network Overview166
  - Example Network Configuration Steps167
- Sample MST Region Configuration169
- Sample MSTI Configuration171
- Verifying the Spanning Tree Configuration174
Configuring Loopback Detection175
- In this Chapter175
- LBD Defaults176
Chapter 7 Configuring Loopback Detection176
- Quick Steps for Configuring LBD177
- LBD Overview178
  - Transmission Timer178
- Remote-Origin LBD Overview178
- Interaction with Other Features180
  - Spanning Tree Protocol180
  - Link Aggregation180
- Configuring LBD181
- LBD for Service Access Interface182
- Verifying the LBD Configuration186
Chapter 8 Configuring Static Link Aggregation187
Configuring Static Link Aggregation188
- Static Link Aggregation Default Values188
- Quick Steps for Configuring Static Link Aggregation189
- Static Link Aggregation Overview191
  - Static Link Aggregation Operation191
  - Relationship to Other Features192
- Configuring Static Link Aggregation Groups192
- Modifying Static Aggregation Group Parameters195
  - Modifying the Static Aggregate Group Name195
  - Modifying the Static Aggregate Group Administrative State195
- Application Example196
- Displaying Static Link Aggregation Configuration and Statistics197
Chapter 9 Configuring Dynamic Link Aggregation198
Configuring Dynamic Link Aggregation199
- Dynamic Link Aggregation Default Values199
- Quick Steps for Configuring Dynamic Link Aggregation200
- Dynamic Link Aggregation Overview202
  - Dynamic Link Aggregation Operation202
  - Relationship to Other Features204
- Configuring Dynamic Link Aggregate Groups204
- Modifying Dynamic Link Aggregate Group Parameters208
- Application Examples222
- Displaying Dynamic Link Aggregation Configuration and Statistics225
Configuring Dual-Home Links227
- In this Chapter227
- Dual-Home Link Active-Active Defaults228
Chapter 10 Configuring Dual-Home Links228
- Dual-Home Link Active-Active229
- Displaying the Dual-Home Link Configuration238
Chapter 11 Configuring ERP239
- ERP Defaults240
- ERP Overview241
- Interaction with Other Features247
- Quick Steps for Configuring ERP with Standard Vlans248
- Quick Steps for Configuring ERP with VLAN Stacking249
- ERP Configuration Overview and Guidelines250
- Configuring an ERP Ring251
- Erpv2 Configuration Overview and Guidelines255
  - Major and Sub Ring Management255
  - Sample Switch Configuration256
- Sample Ethernet Ring Protection Configuration259
  - Example ERP Overview259
  - Example ERP Configuration Steps260
- Sample Erpv2 Ring Configuration261
- Verifying the ERP Configuration264
11 Configuring ERP239
- In this Chapter239
Chapter 12 Configuring MVRP265
- MVRP Defaults266
- Quick Steps for Configuring MVRP267
- MRP Overview268
- MVRP Overview268
  - How MVRP Works268
  - Interaction with Other Features270
- Configuring MVRP271
- Verifying the MVRP Configuration277
12 Configuring MVRP265
- In this Chapter265
Chapter 13 Configuring 802.1AB278
- 802.1AB Defaults Table279
- Quick Steps for Configuring 802.1AB280
- 802.1AB Overview281
- Configuring 802.1AB285
- Verifying 802.1AB Configuration292
13 Configuring 802.1AB278
- In this Chapter278
Chapter 14 14 Configuring SIP Snooping293
- In this Chapter293
- SIP Snooping Defaults294
- Parameter Description and Values295
- Quick Steps for Configuring SIP Snooping296
- SIP Snooping Overview297
- Using SIP Snooping298
  - Interoperability299
- SIP Snooping Configuration Guidelines300
- SIP Snooping Use Case304
- SIP Snooping Limitations307
- Verifying the SIP Snooping Configuration308
Chapter 15 Configuring IP309
- In this Chapter309
- IP Defaults311
- Quick Steps for Configuring IP Forwarding311
- IP Overview312
  - IP Protocols312
- IP Forwarding314
- Distributed ARP324
- IP Configuration327
- Managing IP340
- Verifying the IP Configuration347
- VRF Route Leak348
  - Configuring VRF Route Leak349
  - Verifying VRF Route Leak Configuration350
Chapter 16 Configuring Multiple VRF351
- VRF Defaults352
- Quick Steps for Configuring Multiple VRF353
- Multiple VRF Overview356
  - VRF Profiles358
  - ASCII-File-Only Syntax359
- VRF Interaction with Other Features361
- Configuring VRF Instances365
  - Selecting a VRF Instance366
  - Assigning IP Interfaces to a VRF Instance367
- Verifying the VRF Configuration368
Chapter 17 Configuring Ipv6369
- Ipv6 Address Notation374
- Ipv6 Address Prefix Notation374
- Autoconfiguration of Ipv6 Addresses375
- Globally Unique Local Ipv6 Unicast Addresses376
- Configured Tunnels379
- Configuring the Route Preference of a Router387
Configuring Ipv6388
- Configuring Route Map Redistribution388
- Configuring Local Proxy Neighbor Discovery393
- Configuring Neighbor Cache Limit393
- Configuring Neighbor Unreachability Detection394
- Configuring Router Advertisement Filtering395
- Reply or Ignore Echo Requests396
- Icmpv6 Error Message Rate Limiting396
- Ipv6 EMP Interface397
  - Configure Ipv6 EMP Interface397
- Verifying the Ipv6 Configuration399
Chapter 18 Configuring Ipsec400
- In this Chapter400
- Ipsec Defaults401
- Quick Steps for Configuring an Ipsec AH Policy402
- Quick Steps for Configuring an Ipsec Discard Policy403
- Ipsec Overview404
- Configuring Ipsec on the Omniswitch409
- Additional Examples419
  - Configuring ESP419
  - Discarding Ripng Packets421
- Verifying Ipsec Configuration422
Chapter 19 Configuring RIP423
- In this Chapter423
- RIP Defaults424
- Quick Steps for Configuring RIP Routing425
- RIP Overview426
  - RIP Version 2427
- RIP Routing428
- RIP Options431
- Configuring Redistribution434
- RIP Security440
  - Configuring Authentication Type440
  - Configuring Passwords440
- Verifying the RIP Configuration441
Chapter 20 Configuring BFD442
- In this Chapter442
- BFD Defaults443
- Quick Steps for Configuring BFD445
  - Quick Steps for Configuring BFD Support for Layer 3 Protocols447
  - Configuring Bfd Support for Vrrp Track Policies450
- BFD Overview451
- Configuring BFD455
- BFD Application Example474
  - Example Network Overview474
- Verifying the BFD Configuration480
Chapter 21 Configuring DHCP Relay481
- In this Chapter481
- DHCP Relay Defaults482
- Quick Steps for Setting up DHCP Relay483
- DHCP Relay Overview484
- DHCP Relay Implementation488
- Using Automatic IP Configuration491
  - Enabling Automatic IP Configuration491
- Configuring UDP Port Relay492
- Quick Steps for Configuring Dhcpv6 Relay503
- Dhcpv6 Relay Overview503
  - Dhcpv6 Relay Interface503
  - Dhcpv6 Relay Messages504
- Dhcpv6 Relay Configuration Overview504
- Verifying the DHCP Relay Configuration506
Chapter 22 Configuring an Internal DHCP Server507
- In this Chapter507
- DHCP Server Default Values508
- Quick Steps to Configure Internal DHCP Server508
- DHCP Server Overview510
- Interaction with Other Features511
- Configuring DHCP Server on Omniswitch512
- DHCP Server Application Example517
- Verifying the DHCP Server Configuration519
- Configuration File Parameters and Syntax520
- Policy File Parameters and Syntax531
Chapter 23 Configuring VRRP535
- In this Chapter535
- VRRP Defaults536
- Quick Steps for Creating a Virtual Router537
- VRRP Overview538
- Interaction with Other Features541
  - VRRP Tracking with BFD541
- VRRP Configuration Overview542
- Creating VRRP Tracking Policies551
  - Associating a Tracking Policy with a Virtual Router551
- Verifying the VRRP Configuration553
- Vrrpv2 Application Example554
  - Vrrpv2 Tracking Example555
- Vrrpv3 Application Example557
  - Vrrpv3 Tracking Example558
Chapter 24 Configuring Server Load Balancing560
- In this Chapter560
- Server Load Balancing Default Values561
- Quick Steps for Configuring Server Load Balancing562
  - Quick Steps for Configuring a Qos Policy Condition Cluster563
- Server Load Balancing Overview565
- Configuring Server Load Balancing on a Switch569
- Modifying Optional Parameters573
- Taking Clusters and Servers On/Off Line575
  - Taking a Cluster On/Off Line575
  - Taking a Server On/Off Line575
- Configuring SLB Probes576
- Displaying Server Load Balancing Status and Statistics580
Chapter 25 Configuring IP Multicast Switching582
- In this Chapter582
- IPMS Default Values583
- Ipmsv6 Default Values584
- IPMS Overview585
- Interaction with Other Features588
  - IPMS for Shortest Path Bridging588
  - VLAN and Service Domains588
- Configuring IPMS on a Switch590
- Modifying IPMS Parameters596
- Ipmsv6 Overview606
- Configuring Ipmsv6 on a Switch608
- Modifying Ipmsv6 Parameters614
- IPMS Application Example623
- Ipmsv6 Application Example625
- Displaying IPMS Configurations and Statistics627
- Displaying Ipmsv6 Configurations and Statistics628
Chapter 26 Configuring Qos629
- In this Chapter630
- Qos General Overview631
- Classification633
- Congestion Management637
- Omniswitcongestion Avoidance647
  - WRED Profiles647
- Traffic Policing and Shaping650
- Qos Policy Overview656
- Qos Defaults661
- Configuring Global Qos Parameters666
- Creating Policies670
- Using Condition Groups in Policies681
- Using Map Groups688
  - How Map Groups Work689
  - Verifying Map Group Configuration690
- Using Access Control Lists691
- Applying the Configuration699
  - Interaction with LDAP Policies700
  - Verifying the Applied Policy Configuration701
- Policy Applications702
Chapter 27 Managing Policy Servers712
- Policy Server Overview713
- Modifying Policy Servers714
Chapter 28 Configuring Access Guardian720
- Access Guardian Defaults720
- Quick Steps for Configuring Access Guardian727
- Access Guardian Overview729
- Configuring Port-Based Network Access Control748
- Omniaccess Stellar AP Integration786
  - Configuration Guidelines787
  - Quick Steps for Configuring Omniswitch AP Discovery789
- Using Captive Portal Authentication793
- Using Guest Tunneling800
- Using Quarantine Manager and Remediation810
- Access Guardian Application Examples812
- Verifying Access Guardian Users826
  - Logging Users out of the Network829
- Verifying the Access Guardian Configuration831
- Bring Your Own Devices (BYOD) Overview832
- BYOD Application Examples859
Chapter 29 Configuring Application Monitoring and Enforcement877
- In this Chapter878
- Appmon Defaults879
- Application Monitoring and Enforcement Overview880
  - Application Enforcement881
  - Quick Steps for Configuring Appmon883
- Application Signature File/Kit884
  - Application Flow Database885
- Configuring Appmon886
- Verifying Appmon Configuration896
- In this Chapter897
Chapter 30 Configuring Application Fingerprinting898
- Quick Steps for Configuring AFP900
- AFP Overview901
- Configuring AFP906
- Verifying the AFP Configuration914
- In this Chapter915
Chapter 31 Managing Authentication Servers916
- Server Defaults916
- Quick Steps for Configuring Authentication Servers918
- Server Overview919
- RADIUS Servers921
- TACACS+ Server927
  - Configuring the TACACS+ Client928
- LDAP Servers929
- Verifying the Authentication Server Configuration941
Chapter 32 Configuring Port Mapping943
- Quick Steps for Configuring Port Mapping944
- Creating/Deleting a Port Mapping Session945
- Enabling/Disabling a Port Mapping Session946
- Sample Port Mapping Configuration947
  - Example Port Mapping Configuration Steps948
Chapter 33 Configuring Learned Port Security949
- Learned Port Security Defaults950
- Sample Learned Port Security Configuration951
- Learned Port Security Overview953
Configuring Learned Port Security958
- Configuring the LPS Learning Window960
- Configuring the Number of Bridged MAC Addresses Allowed963
- Configuring the Number of Filtered MAC Addresses Allowed964
- Selecting the Security Violation Mode965
- Displaying Learned Port Security Information967
- In this Chapter968
- Port Mirroring Overview970
- Port Monitoring Overview971
- Sflow Overview972
- Remote Monitoring (RMON) Overview974
- Switch Health Overview975
- Port Mirroring976
- Port Monitoring985
- Sflow990
- Remote Monitoring (RMON)995
- Monitoring Switch Health1002
Chapter 35 Configuring VLAN Stacking1008
- VLAN Stacking Defaults1009
- VLAN Stacking Overview1010
- Quick Steps for Configuring VLAN Stacking1015
- Configuring VLAN Stacking Services1017
- VLAN Stacking Application Example1029
  - VLAN Stacking Configuration Example1030
- Verifying the VLAN Stacking Configuration1033
Chapter 36 Using Switch Logging1034
- Switch Logging Defaults1035
- Switch Logging Overview1036
- Switch Logging Commands Overview1037
Chapter 37 Configuring Ethernet OAM1042
- Ethernet OAM Defaults1043
- Ethernet OAM Overview1044
Chapter 38 Configuring Service Assurance Agent1047
- Quick Steps for Configuring Ethernet OAM1049
Configuring Ethernet OAM1050
- Configuring a Maintenance Association1051
- Configuring a Maintenance End Point1052
- Configuring Loopback1053
- Verifying the Ethernet OAM Configuration1055
- In this Chapter1056
- SAA Defaults1057
- Quick Steps for Configuring SAA1058
- Service Assurance Agent Overview1059
- Verifying the SAA Configuration1064
Appendix A Software License and Copyright Statements1065
- ALE USA, Inc. License Agreement1065
- Third Party Licenses and Notices1068

Table of Contents

Related product manuals