Interface Configuration Guide 7705 SAR Interfaces
Edition: 01 3HE 11011 AAAC TQZZA 365
The no form of this command restores the default.
See also dot1q-etype and qinq-etype for information on tagging and encapsulation.
Default null
Parameters dot1q — ingress frames carry 802.1Q tags, where each tag signifies a different service
null — ingress frames will not use any tags to delineate a service. As a result, only one
service can be configured on a port with a null encapsulation type.
qinq — ingress frames carry two stacked tags, where the outer tag is the service
provider tag and the inner tag is the customer service tag as defined in 802.1ad
group-encryption
Syntax [no] group-encryption
Context config>port>ethernet
Description This command enables network group encryption (NGE) on the Ethernet port. When NGE is
enabled on the port, all received Layer 2 IS-IS and LLDP packets are considered to be NGE
packets and must be encrypted using a valid set of keys from any preconfigured key group
on the system.
The no form of the command disables NGE on the Ethernet port. NGE cannot be disabled
unless all key groups and IP exception filters are removed.
Default no group-encryption
encryption-keygroup
Syntax encryption-keygroup keygroup-id direction {inbound | outbound}
no encryption-keygroup direction {inbound | outbound}
Context config>port>ethernet>group-encryption
Description This command is used to bind a key group to an Ethernet port for inbound or outbound packet
processing. When configured in the outbound direction, packets egressing the router use the
active-outbound-sa associated with the configured key group. When configured in the
inbound direction, received packets must be encrypted using one of the valid security
associations configured for the key group.
The no form of the command removes the key group from the Ethernet port in the specified
direction.
Default no encryption-keygroup direction inbound
no encryption-keygroup direction outbound
To Next Page
Loading...
