Configuring IPsec Configuring IPsec on the OmniSwitch
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 18-19
Enabling and Disabling Default Discard Policy
A default discard IPsec policy drops all the inbound traffic that does not match an IPsec policy. This
policy on its own drops all the incoming traffic destined for the switch, hence, it is required to add
appropriate higher priority policies to allow the desired traffic to be received. The default discard policy is
not applied to the forwarded traffic.
To enable an default discard IPsec policy, use the enable keyword:
-> ipsec policy default-discard admin-state enable
To disable an default discard IPsec policy, use the disable keyword:
-> ipsec policy default-discard admin-state disable
The default discard policy on its own drops all the incoming traffic destined for the switch. It is required to
add appropriate higher priority policies to allow the desired traffic to be received. At a minimum, policies
must be added to allow neighbor discovery traffic to be accepted.
For example:
-> ipsec policy ns-in priority 100 source ::/0 destination ::/0 protocol ICMP6
type 135 in none
-> ipsec policy na-in priority 100 source ::/0 destination ::/0 protocol ICMP6
type 136 in none
show ipsec policy indicates whether the default discard policy is enabled or disabled.
To Next Page
Loading...
Need help?
General
