WS5100 Series Switch CLI Reference Guide
10-4
When a packet is transmitted on an interface, the crypto map set associated with that
interface is processed. The first crypto map entry that matches the packet is used to secure
the packet. If a suitable SA exists, it is used for transmission. Otherwise, IKE is used to
establish an SA with the peer. If no SA exists (and the crypto map entry is “respond only”),
the packet is discarded.
When a secured packet arrives on an interface, its SPI is used to look up a SA. If a SA does
not exist (or if the packet fails any of the security checks), it is discarded. If all checks pass,
the packet is forwarded normally.
Syntax
match <list name>
Parameters
Usage Guidelines
Crypto map entries do not directly contain the selectors used to determine which data to
secure. Instead, the crypto map entry refers to an access control list. An access control list
(ACL) is assigned to the crypto map using the match address command. If no ACL is
configured for a crypto map, the entry is incomplete and will have no effect on the system.
The entries of the ACL used in a crypto map should be created with respect to traffic sent
by the OS. The source information must be the local OS, and the destination must be the
peer.
Only extended access-lists can be used in crypto maps.
Example
The following shows setting up an ACL (called TestList) and assigning the new list to a
crypto map (called TestMap):
WS5100(config)#ip access-list extended TestList
Configuring New Extended ACL "TestList"
(config-ext-nacl)#exit
WS5100(config)#crypto map TestMap 220 isakmp dynamic
WS5100(config-crypto-map)#
WS5100(config-crypto-map)#match address TestMap
WS5100(config-crypto-map)#
list name
Enter the name of the access list or ACL ID to assign to this
crypto map
Summary of Contents for WS5100 Series
Page 1: ...M WS5100 Series Switch CLI Reference Guide ...
Page 14: ...WS5100 Series Switch CLI Reference Guide xviii ...
Page 28: ...WS5100 Series Switch CLI Reference Guide TOC 14 ...
Page 40: ...WS5100 Series Switch CLI Reference Guide 1 12 ...
Page 132: ...WS5100 Series Switch CLI Reference Guide 3 10 ...
Page 164: ...WS5100 Series Switch CLI Reference Guide 4 32 ...
Page 240: ...WS5100 Series Switch CLI Reference Guide 6 10 ...
Page 258: ...WS5100 Series Switch CLI Reference Guide 9 4 ...
Page 270: ...WS5100 Series Switch CLI Reference Guide 10 12 ...
Page 332: ...WS5100 Series Switch CLI Reference Guide 14 22 ...
Page 344: ...WS5100 Series Switch CLI Reference Guide 15 12 ...
Page 482: ...WS5100 Series Switch CLI Reference Guide 20 64 ...
Page 491: ......