464
Step Command Remarks
4. Reference an ACL for the
GDOI IPsec policy entry.
security acl
acl-number
Optional.
By default, no ACL is referenced.
Typically, there is no need to
reference an ACL unless you
need to filter traffic.
You can reference only one ACL
for a GDOI IPsec policy entry.
Use the permit rules of the ACL
with caution because packets
matching a permit rule are
discarded.
For more information about this
command, see HPE FlexNetwork
MSR Router Series Comware 5
Security Command Reference.
Applying a GDOI IPsec policy to an interface
After you apply a GDOI IPsec policy to an interface, the interface uses the group ID and KS
addresses in the GDOI GM group referenced by the policy to perform registration, and uses the local
ACL and the downloaded ACL for packet filtering and encryption.
To apply a GDOI IPsec policy to an interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type interface-number N/A
3. Apply a GDOI IPsec
policy to the
interface.
ipsec policy
policy-name
By default, no GDOI IPsec policy
is applied to an interface.
You can apply only one GDOI
IPsec policy to an interface. A
GDOI IPsec policy can be applied
to multiple interfaces.
For more information about this
command, see HPE FlexNetwork
MSR Router Series Comware 5
Security Command Reference.
Displaying and maintaining GDOI GM
Execute display commands in any view and reset commands in user view.
Task Command
Display the GDOI GM group
information.
display gdoi gm
[
group
group-name ] [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Display information about IPsec
SAs obtained by the GM.
display gdoi gm
ipsec sa
[
group
group-name ]
[
|
{
begin
|
exclude
|
include
} regular-expression ]
Display brief information about
the GM.
display gdoi
gm members
[
group
group-name ]
[
|
{
begin
|
exclude
|
include
} regular-expression ]
To Next Page
Loading...
Need help?
General
