Manualshelf

User's Manual

ManualsBrandsAvaya ManualsCordless Telephone1220
111112113114115116117118119120
308625-14.00 Rev 00
3-1
Chapter 3
Configuring RIPSO on an IP Interface
This chapter describes RIPSO and provides instructions for configuring RIPSO on
an IP interface.
RIPSO Concepts and Terminology
IP routers support the Department of Defense (DoD) Revised IP Security Option
(RIPSO), as defined in RFC 1108, on a per-interface basis. RFC 1108 specifies
both “basic” and “extended” security options; the Nortel Networks
implementation supports only the basic option.
RIPSO allows end systems and intermediate systems (routers) to add labels to or
process security labels in IP datagrams that they transmit or receive on an IP
network. The labels specify security classifications (for example, Top Secret,
Secret, Confidential, and Unclassified, in descending order), which can limit the
devices that can access these labeled IP datagrams.
As a labeled IP datagram traverses an IP network, only those systems that have the
proper clearance (that is, whose security classification range covers the
classification specified by the datagram) should accept and forward the datagram.
Any system whose security classification range does not cover the classification
specified by the security label should drop the datagram.
Note:
RIPSO does not include any method of preventing a system that does
not support RIPSO from simply accepting and forwarding labeled datagrams.
Thus, in order for RIPSO to be effective, all systems in a network must support
RIPSO and process IP datagrams as described.