EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #179 background imageLoading...
Page #179 background image
166
Step Command
1. Enter system view.
system-view
2. Enter interface view.
interface
interface-type interface-number
3. Apply an IPsec policy group to the interface.
ipsec
policy
policy-name
Binding an IPsec policy, IPsec policy group, or IPsec profile
to an encryption card
The following matrix shows the feature and hardware compatibility:
Hardware Feature compatibility
MSR900 No
MSR93X No
MSR20-1X No
MSR20 No
MSR30
Yes
MIM encryption module required
MSR50
Yes (except the MSR50-06)
FIC encryption module required
MSR1000 No
You can bind an IPsec policy, IPsec policy group, or IPsec profile to one or more encryption cards to
implement data authentication, encryption, and decryption.
To provide redundancy and resiliency, bind one IPsec policy, IPsec policy group, or IPsec profile to
multiple encryption cards. If one card fails, another card takes over.
You can specify an encryption card as the primary card for an IPsec policy, policy group, or IPsec
profile and you can specify the primary card for an IPsec policy, policy group, or IPsec profile multiple
times. However, only the most recent configuration takes effect.
When an IPsec policy, policy group, or IPsec profile has already been bound to an encryption card, if
you bind an IPsec policy, policy group, or IPsec profile with the same name to the card again, the
new IPsec policy, IPsec policy group, or IPsec profile overwrites the former.
An IPsec policy, policy group, or IPsec profile uses the bound primary card to provide security
services. If no primary card is specified, an IPsec policy, policy group or IPsec profile prefers the first
available encryption card that is bound to it. Once an IPsec policy, policy group, or IPsec profile takes
a second encryption card as the primary card, the new primary card begins to provide security
services immediately.
If you remove the binding of an IPsec policy, policy group, or IPsec profile to an encryption card, the
matching packets will no longer be serviced by the card.
For more information about IPsec profile, see "Configuring an IPsec profile."
To bind an IPsec policy, policy group, or IPsec profile to an encryption card:
Step Command Remarks
1. Enter system view.
system-view
N/A

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals