Security Acl - HPE FlexFabric 7900 Series Security Command Reference

Predefined user roles
network-admin
mdc-admin
Parameters
inbound: Sets a key string for inbound IPsec SAs.
outbound: Sets a key string for outbound IPsec SAs.
ah: Uses AH.
esp: Uses ESP.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
key-value: Specifies a case-sensitive key string. If cipher is specified, it must be a string of 1 to 373
characters. If simple is specified, it must be a string of 1 to 255 characters. Using this key string, the
system automatically generates keys that meet the algorithm requirements. When the protocol is
ESP, the system generates the keys for the authentication algorithm and encryption algorithm
respectively.
Usage guidelines
This command applies to only manual IPsec policies.
You must set a key for both inbound and outbound SAs.
The local inbound SA must use the same key as the remote outbound SA, and the local outbound SA
must use the same key as the remote inbound SA.
If you configure a key in different formats, only the most recent configuration takes effect.
The keys for the IPsec SAs at the two tunnel ends must be input in the same format (either in
hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Configure the inbound and outbound SAs that use AH to use the plaintext keys abcdef and efcdab,
respectively.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa string-key inbound ah simple abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa string-key outbound ah simple efcdab
Related commands
•
display ipsec sa
•
sa hex-key

security acl

Use security acl to reference an ACL for an IPsec policy.
Use undo security acl to remove the ACL referenced by an IPsec policy.
Syntax
security acl { acl-number | name acl-name } [ aggregation | per-host ]
undo security acl
210