Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Interface CLI Commands

XSR CLI Reference Guide 14-121

Interface CLI Commands

crypto map

Thiscommandappliesapreviouslydefinedcryptomaptoaninterface.Itisgovernedbythe

followingrules:

•AcryptomapmustbeassignedtoaninterfacebeforethatportcanprovideIPSecservices.

•Only1cryptomapcanbeassignedaninterfacealthoughitcanbeattachedtomultipleports.

•A

cryptomapmaynotbeassignedtoaninterfacethatalreadyhascrypto ezipsec enabled.

•CryptomapsmaynotbeassignedtoaVPNinterface(itisinvalidatInterfaceVPNmode).

Syntax

crypto map map-name

Syntax of the “no” Form

Deleteacryptomapfromtheinterfacewiththenoformofthiscommand:

no crypto map [map-name]

Mode

Interfaceconfiguration:XSR(config-if<xx>)#

Next Mode

CryptoMapconfiguration: XSR(config-crypto-m)#

Sample Output

ThisexampleassignscryptomapACMEmaptotheF1interface.WhentrafficpassesthroughF1,it

willbeevaluatedagainstallthecryptomapentriesintheACMEmapset.Whenoutboundtraffic

matchesanaccesslistinoneoftheACMEmapcryptomapentries,aSecurityAssociationwillbe

established

forthatcryptomapentryʹsconfiguration(ifnoSAorconnectionalreadyexists).

XSR(config)#interface fastethernet 1

XSR(config-if<F1>)#crypto map ACMEmap

map-name

CryptomapIDassignedwhenthecryptomapwascreated.

previous next