Chapter7IPSecIPv6NetworkSecurityCommands
use
Takeseffectimmediately
<sp-index>
IndexassociatingtheSPpolicy,ifthereis
noinput,itnumbersautomatically.Usethe
showspdcommandtoviewnumbering
information.Therangeis4~2147483647
Instructions�Theplatformversion4.6.02andupgradeversionssupportthis
command.
�Whenthespdaddcommandisusedtoaddthesecuritypolicy,
theIPSECsecurityprotectioncanbeconductedfortheBGP4+,
OSPFV3andRIPngroutingprotocols.FortheBGP4+routing
protocol,thesourceanddestinationportscanbespeciedre-
spectively.Thesourceanddestinationports,however ,cannot
adopttheanywildcardatthesametime.
�Inaddition,thelocalindexofthesecuritypolicycanbespeci-
edintheconguration.Thelocalindexofthesecuritypolicy
isusedtobindthesecurityassociationwiththesecuritypol-
icywhenthesecurityassociationiscongured.Ifthespecied
securitypolicyindexisnotdisplayed,thesystemwillinternally
numberautomatically.Usetheshowspdcommandtoview
theresultoftheautomaticnumbering.
ExampleItissupposedthattheOSPFv3protocolneedstheIPSec
HMAC-MD5authenticationprotectionbetweentherouter3ffe::01
(link-localaddress:fe80::2d0:d0ff:fec0:680)andtherouter
3ffe::02(link-localaddress:fe80::2d0:d0ff:fec4:ff40).Inthis
example,someoutgoingsecuritypolicyandsecurityassociation
ontherouter3ffe::01isconguredasfollows(notethatpartof
OSPFV3alternativelyadoptsthelink-localaddressandmulticast
address).
ZXR10(config)#ipsec
ZXR10(config-ipsec)#spdaddfe80::2d0:d0ff:fec0:680/64
ff02::5/64ospfoutipsecahtransportuse10
ZXR10(config-ipsec)#sadaddfe80::2d0:d0ff:fec0:680ff02::5
ah7000trans12345612345010hmac-md5123456789abcdef08
Related
Commands
ipsec
sadadd
sadclear
saddelete
saddelall
sadflush
spddelete
spdflush
showsad
showspd
spddelete
PurposeUsethiscommandtodeletetheIPSecsecuritypolicy.
CondentialandProprietaryInformationofZTECORPORATION91
To Next Page
Loading...
