IP Security Options Commands



Similar documents
Configuring Timeout, Retransmission, and Key Values Per RADIUS Server

Supported Platforms. Supported Standards, MIBs, and RFCs. Prerequisites. Related Features and Technologies. Related Documents. Improved Server Access

Terminal Server Configuration and Reference Errata

DHCP Server Port-Based Address Allocation

AutoQoS. Prerequisites for AutoQoS CHAPTER

Network Address Translation Commands

NetFlow Subinterface Support

Using Debug Commands

Network Data Encryption Commands

HA Proxy DNS Configuration Mode Commands

Traffic Mirroring Commands on the Cisco IOS XR Software

IPSec Network Security Commands

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Configuring Health Monitoring

Configuring DHCP Snooping

Packet-over-SONET Interface Commands on the Cisco IOS XR Software

DSX Master Communications

Configuring QoS. Understanding QoS CHAPTER

Lab Analyzing Network Traffic

Enabling Remote Access to the ACE

Configuring System Message Logging

GLBP - Gateway Load Balancing Protocol

Configuring LLDP, LLDP-MED, and Location Service

Lab 5.5 Configuring Logging

Configuring Primary and Backup Proxy Servers for Standalone Content Engines

Configuring the Firewall Management Interface

Lab Configure Intrusion Prevention on the PIX Security Appliance

Adding an Extended Access List

Using Debug Commands

Configuring Class Maps and Policy Maps

You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource

OCS Training Workshop LAB14. Setup

RADIUS Server Load Balancing

Basic Configuration of the Cisco Series Internet Router

Lab Characterizing Network Applications

Embedded Event Manager Commands

ROM Monitor. Entering the ROM Monitor APPENDIX

Cisco Router Configuration Tutorial

Configuring SSL Termination

Configuring the Content Routing Software

Sampled NetFlow. Feature Overview. Benefits

Backing Up and Restoring Data

IP Application Services Commands show vrrp. This command was introduced. If no group is specified, the status for all groups is displayed.

IOS Server Load Balancing

Channelized E1 and Channelized T1 Setup Commands

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Special ISDN Signaling Commands

ISDN Commands. interface bri number

RADIUS Authentication and Accounting

Router Recovery with ROM Monitor

Using Debug Commands

RADIUS Server Load Balancing

Configuring Basic Settings

PA-MC-T3 Multi-Channel T3 Synchronous Serial Port Adapter Enhancement

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Enhanced Password Security - Phase I

Using the Cisco IOS Command Line Interface

Firewall Stateful Inspection of ICMP

Router Security Audit Logs

FIREWALLS & CBAC. philip.heimer@hh.se

Configuring the Switch IP Address and Default Gateway

Flow-Based per Port-Channel Load Balancing

Traffic Mirroring Commands on the Cisco ASR 9000 Series Router

Cisco IOS Flexible NetFlow Command Reference

Chapter 3 Configuring Basic IPv6 Connectivity

Chapter 4 Rate Limiting

Configuring IKEv2 Load Balancer

NAT TCP SIP ALG Support

Configuring SIP Support for SRTP

- Advanced IOS Functions -

MatriXay Database Vulnerability Scanner V3.0

Configuring a Load-Balancing Scheme

Emulex OneConnect NIC Teaming and Multiple VLAN Driver and Application Release Notes

CCNA 2 Chapter 5. Managing Cisco IOS Software

How To Lower Data Rate On A Network On A 2Ghz Network On An Ipnet 2 (Net 2) On A Pnet 2 On A Router On A Gbnet 2.5 (Net 1) On An Uniden Network On

L2TP Dial-Out Load Balancing and Redundancy

Configuring Stickiness

Image Verification. Finding Feature Information. Restrictions for Image Verification

Embedded Event Manager Debug Commands on Cisco IOS XR Software

Configuring NetFlow-lite

crypto key generate rsa

Connecting to the Firewall Services Module and Managing the Configuration

MPLS VPN Route Target Rewrite

IOS Server Load Balancing

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Configuring Basic Settings

HTTP 1.1 Web Server and Client

Remote Access Server - Dial-Out User s Guide

NetFlow Policy Routing

Configuring QoS in a Wireless Environment

Lab Configure Basic AP Security through IOS CLI

How To Install Cisco Asr 9000 Series Router Software On A Mini Mini Mini (Cisco Ios) Router

Configuring DHCP and DNS Services

WhatsUpGold. v15.0. Flow Monitor User Guide

Configuring EtherChannels

Cisco CallManager 4.1 SIP Trunk Configuration Guide

Configuring Access Service Security

Transcription:

IP Security Options Commands This chapter describes the function and displays the syntax for IP security options commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Security Command Reference. dnsix-dmdp retries To set the retransmit count used by the Department of Defense Intelligence Information System Network Security for Information Exchange (DNSIX) Message Delivery Protocol (DMDP), use the dnsix-dmdp retries global configuration command. Use the no form of this command to restore the default number of retries. dnsix-dmdp retries count no dnsix-dmdp retries count count Number of times DMDP will retransmit a message. It can be an integer from 0 to 200. The default is 4 retries, or until acknowledged. dnsix-nat authorized-redirection To specify the address of a collection center that is authorized to change the primary and secondary addresses of the host to receive audit messages, use the dnsix-nat authorized-redirection global configuration command. Use the no form of this command to delete an address. dnsix-nat authorized-redirection no dnsix-nat authorized-redirection IP address of the host from which redirection requests are permitted. IP Security Options Commands 681

dnsix-nat primary dnsix-nat primary To specify the IP address of the host to which DNSIX audit messages are sent, use the dnsix-nat primary global configuration command. Use the no form of this command to delete an entry. dnsix-nat primary no dnsix-nat primary IP address for the primary collection center. dnsix-nat secondary To specify an alternate IP address for the host to which DNSIX audit messages are sent, use the dnsix-nat secondary global configuration command. Use the no form of this command to delete an entry. dnsix-nat secondary no dnsix-nat secondary IP address for the secondary collection center. dnsix-nat To start the audit-writing module and to define audit trail address, use the dnsix-nat global configuration command. Use the no form of this command to disable the DNSIX audit trail writing module. dnsix-nat no dnsix-nat Source IP address for DNSIX audit messages. dnsix-nat transmit-count To have the audit writing module collect multiple audit messages in the buffer before sending the messages to a collection center, use the dnsix-nat transmit-count global configuration command. Use the no form of this command to revert to the default audit message count. dnsix-nat transmit-count count no dnsix-nat transmit-count count count Number of audit messages to buffer before transmitting to the server. It can be an integer from 1 to 200. 682 Cisco IOS Software Command Summary

ip security add ip security add To add a basic security option to all outgoing packets, use the ip security add interface configuration command. Use the no form of this command to disable the adding of a basic security option to all outgoing packets. ip security add no ip security add ip security aeso To attach Auxiliary Extended Security Options (AESOs) to an interface, use the ip security aeso interface configuration command. Use the no form of this command to disable AESO on an interface. ip security aeso compartment-bits no ip security aeso compartment-bits compartment-bits Extended Security Option (ESO). This can be an integer from 0 to 255. Compartment bits in hexadecimal. ip security dedicated To set the level of classification and authority on the interface, use the ip security dedicated interface configuration command. Use the no form of this command to reset the interface to the default classification and authorities. ip security dedicated level authority [authority...] no ip security dedicated level authority [authority...] level authority Degree of sensitivity of information. See list of keywords. (Optional) Organization that defines the set of security levels that will be used in a network. See list of keywords. ip security eso-info To configure system-wide defaults for extended IP Security Option (IPSO) information, use the ip security eso-info global configuration command. Use the no form of this command to return to the default settings. ip security eso-info compartment-size default-bit no ip security eso-info compartment-size default-bit Hexadecimal or decimal value representing the extended IPSO. This is an integer from 0 to 255. IP Security Options Commands 683

ip security eso-max compartment-size default-bit Maximum number of bytes of compartment information allowed for a particular extended IPSO. This is an integer from 1 to 16. Default bit value for any unsent compartment bits. ip security eso-max To specify the maximum sensitivity level for an interface, use the ip security eso-max interface configuration command. Use the no form of this command to return to the default. ip security eso-max compartment-bits no ip security eso-max compartment-bits compartment-bits Extended Security Option (ESO). This is an integer from 1 to 255. Compartment bits in hexadecimal. ip security eso-min To configure the minimum sensitivity for an interface, use the ip security eso-min interface configuration command. Use the no form of this command to return to the default. ip security eso-min compartment-bits no ip security eso-min compartment-bits compartment-bits Extended Security Option (ESO). This is an integer from 1 to 255. Compartment bits in hexadecimal. ip security extended-allowed To accept packets on an interface that has an extended security option present, use the ip security extended-allowed interface configuration command. Use the no form of this command to restore the default. ip security extended-allowed no ip security extended-allowed ip security first To prioritize the presence of security options on a packet, use the ip security first interface configuration command. Use the no form of this command to not move packets that include security options to the front of the options field. ip security first no ip security first 684 Cisco IOS Software Command Summary

ip security ignore-authorities ip security ignore-authorities To have the Cisco IOS software ignore the authorities field of all incoming packets, use the ip security ignore-authorities interface configuration command. Use the no form of this command to disable this function. ip security ignore-authorities no ip security ignore-authorities ip security implicit-labelling To force the Cisco IOS software to accept packets on the interface, even if they do not include a security option, use the ip security implicit-labelling interface configuration command. Use the no form of this command to require security options. ip security implicit-labelling [level authority [authority...]] no ip security implicit-labelling [level authority [authority...]] level authority (Optional) Degree of sensitivity of information. If your interface has multilevel security set, you must specify this argument. (See the level keywords in the ip security dedicated command section.) (Optional) Organization that defines the set of security levels that will be used in a network. If your interface has multilevel security set, you must specify this argument. You can specify more than one. (See the authority keywords in the ip security dedicated command section.) ip security multilevel To set the range of classifications and authorities on an interface, use the ip security multilevel interface configuration command. Use the no form of this command to remove security classifications and authorities. ip security multilevel level1 [authority1...] to level2 authority2 [authority2...] no ip security multilevel level1 authority1 to Degree of sensitivity of information. The classification level of incoming packets must be equal to or greater than this value for processing to occur. (See the level keywords in the ip security dedicated command section.) (Optional) Organization that defines the set of security levels that will be used in a network. The authority bits must be a superset of this value. (See the authority keywords listed in the ip security dedicated command section.) Separates the range of classifications and authorities. IP Security Options Commands 685

ip security reserved-allowed level2 authority2 Degree of sensitivity of information. The classification level of incoming packets must be equal to or less than this value for processing to occur. (See the level keywords found in the ip security dedicated command section.) Organization that defines the set of security levels that will be used in a network. The authority bits must be a proper subset of this value. (See the authority keywords listed in the ip security dedicated command section.) ip security reserved-allowed To treat as valid any packets that have Reserved1 through Reserved4 security levels, use the ip security reserved-allowed interface configuration command. Use the no form of this command to not allow packets that have security levels of Reserved3 and Reserved2. ip security reserved-allowed no ip security reserved-allowed ip security strip To remove any basic security option on outgoing packets on an interface, use the ip security strip interface configuration command. Use the no form of this command to restore security options. ip security strip no ip security strip show dnsix To display state information and the current configuration of the DNSIX audit writing module, use the show dnsix privileged EXEC command. show dnsix 686 Cisco IOS Software Command Summary

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information