Filter
Top Products
2134 CHAPTER 140: IPSEC CONFIGURATION COMMANDS
■ An encryption card interface can be bound with multiple IPSec policy groups or
IPSec policies, provided that those policies and policy groups have different
names. An IPSec policy group or IPSec policy can be bound to multiple
encryption cards.
■ An IPSec policy template cannot be bound to an encryption card interface, but
an IPSec policy originating from an IPSec policy template can.
■ You can specify an encryption card as the primary card when binding an IPSec
policy or an IPSec policy group to the card, and you can perform this
configuration repeated to specify any other card as the primary card for the
IPSec policy or policy group. However, only the last one takes effect. When an
IPSec policy or policy group is bound to the current encryption card, the IPSec
policy or IPSec policy group with the same name bound before will be overlaid.
■ An IPSec policy or policy group uses the bound primary card to provide security
services. If there is no primary card, an IPSec policy or policy group prefers the
first encryption card bound to it. Once an IPSec policy or policy group takes a
second encryption card as the primary card, the new primary card begins to
provide security services immediately.
Related command: ipsec policy (system view).
Example # Bind the IPSec policy group named map to interface Encryp1/0.
<Sysname> system-view
[Sysname] interface Encrypt 1/0
[Sysname-Encrypt1/0] ipsec binding policy map
# Bind the IPSec policy with the name of map and sequence number of 10 to
interface Encryp1/0.
[Sysname] interface Encrypt 1/0
[Sysname-Encrypt1/0] ipsec binding policy map1 10
# Bind the IPSec policy group named map to Encryp1/0 interface and specify the
current encryption card as the primary card.
[Sysname] interface Encrypt 1/0
[Sysname-Encrypt1/0] ipsec binding policy map primary
# Bind the IPSec policy group with name of map and sequence number of 10 to
interface Encrypt 1/0 and specify the current encryption card as the primary card.
[Sysname] interface Encrypt 1/0
[Sysname-Encrypt1/0] ipsec binding policy map1 10 primary
ipsec cpu-backup
Syntax ipsec cpu-backup enable
undo ipsec cpu-backup enable
View System view