R2511-HP MSR Router Series Security Command Reference(V5)
204
Default command level
2: System level
Parameters
width: Specifies the size of the anti-replay window. It can be 32, 64, 128, 256, 512, or 1024.
Usage guidelines
Your configuration affects only IPsec SAs negotiated later.
Examples
# Set the size of the anti-replay window to 64.
<Sysname> system-view
[Sysname] ipsec anti-replay window 64
ipsec binding policy
Use ipsec binding policy to bind an IPsec policy, IPsec policy group or IPsec profile to the encryption card
interface.
Use undo ipsec binding policy to remove the binding.
Syntax
ipsec binding policy policy-name [ seq-number ] [ primary ]
undo ipsec binding policy policy-name [ seq-number ] [ primary ]
Default
An encryption card interface is bound with no IPsec policy, IPsec policy group, or IPsec profile.
Views
Encryption card interface view
Default command level
2: System level
Parameters
policy-name: Specifies the name of the IPsec policy group or IPsec profile, a case-insensitive string of 1
to 15 characters. Valid characters are English letters and numbers. No minus sign (-) can be included.
seq-number: Specifies the sequence number of the IPsec policy, in the range of 1 to 65535. A smaller
value represents a higher priority.
primary: Specifies the current encryption card as the primary card of the IPsec policy, IPsec policy group,
or IPsec profile.
Usage guidelines
An IPsec policy group can be bound to an encryption card either before or after it is applied to an
interface, as long as you create it first. After binding an IPsec policy group to an encryption card, you
must apply it to at least one interface so that the flows matching the policy are to be processed with the
encryption card.
An encryption card interface can be bound with multiple IPsec policies, IPsec policy groups, or IPsec
profiles, provided that those IPsec policies, IPsec policy groups, or IPsec profiles have different names. An
IPsec policy, IPsec policy group or IPsec profile can be bound to multiple encryption cards.