Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Motorola Wing 5 Manual. The Motorola manuals for Wireless are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 561

    Page 561 PROFILES 7 - 35 • controller hello-interval adjacency-hold-time Examples rfs7000-37FABE(config-profile-default-RFS7000)#controller group test rfs7000-37FABE(config-profile-default-RFS7000)#controller host 1.2.3.4 pool 2 rfs7000-37FABE(config-profile-default-RFS7000)#show context profile RFS7000 default-RFS7000 no autoinstall configuration no autoinstall firmware crypto isakmp policy default crypto ipsec transform-set default esp-aes-256 esp-sha-hmac interface me1 interface ge1 ip dhcp trust... 
    PROFILES 7 - 35
• controller hello-interval  adjacency-hold-time 
Examples
rfs7000-37FABE(config-profile-default-RFS7000)#controller group test
rfs7000-37FABE(config-profile-default-RFS7000)#controller host 1.2.3.4 pool 2
rfs7000-37FABE(config-profile-default-RFS7000)#show context
profile RFS7000 default-RFS7000
 no autoinstall configuration
 no autoinstall firmware
 crypto isakmp policy default
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 interface me1
 interface ge1
  ip dhcp trust...

    Page 562

    Page 562 7 - 36 WiNG CLI Reference Guide 7.1.13 crypto Creating Profiles Use crypto to define system a level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, ISAKMP Client, or ISAKMP Peer command set. A crypto map entry is a single policy that describes how certain traffic is secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used to sort the ordered list). When a non-secured packet arrives on an interface, the crypto map set... 
    7 - 36 WiNG CLI Reference Guide
7.1.13 crypto
Creating Profiles
Use crypto to define system a level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, ISAKMP Client, or 
ISAKMP Peer command set.
A crypto map entry is a single policy that describes how certain traffic is secured. There are two types of crypto map 
entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used to sort the ordered list).
When a non-secured packet arrives on an interface, the crypto map set...

    Page 563

    Page 563 PROFILES 7 - 37 crypto isakmp keepalive crypto isakmp key [0 |2 |] address crypto isakmp policy ] crypto map [ipsec-isakmp|ipsec-manual] {dynamic} crypto pki import crl URL Parameters • crypto ipsec security-association lifetime [kilobytes | seconds ] • crypto ipsec transform-set [ah-md5-hmac|ah-sha-hmac| esp-md5-hmac|esp-sha-hmac ipsec Configures Internet Protocol Security (IPSec) policy parameters security-association Configures IPSec SAs parameters lifetime [kilobyte |seconds] Defines IPSec SAs... 
    PROFILES 7 - 37
crypto isakmp keepalive 
crypto isakmp key [0 |2 |] address 
crypto isakmp policy ]
crypto map   [ipsec-isakmp|ipsec-manual] {dynamic}
crypto pki import crl  URL 
Parameters
• crypto ipsec security-association lifetime [kilobytes |
seconds ]
• crypto ipsec transform-set  [ah-md5-hmac|ah-sha-hmac|
esp-md5-hmac|esp-sha-hmac
ipsec Configures Internet Protocol Security (IPSec) policy parameters
security-association Configures IPSec SAs parameters
lifetime [kilobyte |seconds] Defines IPSec SAs...

    Page 564

    Page 564 7 - 38 WiNG CLI Reference Guide • crypto ipsec transform-set [aesp-3des|esp-aes| esp-aes-192|esp-aes-256|esp-des] {esp-md5-hmac|esp-sha-hmac} • crypto isakmp aggressive-mode-peer [address |dn | hostname ] key [0 |2 |] ipsec Configures IPSec policy parameters transform-set Defines transform configuration (authentication and encryption) for securing data – Specify the transform set name. Specify the transform set used by the IPSec transport connection to negotiate the transform algorithm. esp-3des... 
    7 - 38 WiNG CLI Reference Guide
• crypto ipsec transform-set  [aesp-3des|esp-aes|
esp-aes-192|esp-aes-256|esp-des] {esp-md5-hmac|esp-sha-hmac}
• crypto isakmp aggressive-mode-peer [address |dn |
hostname ] key [0 |2 |]
ipsec Configures IPSec policy parameters
transform-set 
Defines transform configuration (authentication and encryption) for securing data
  – Specify the transform set name.
Specify the transform set used by the IPSec transport connection to negotiate the 
transform algorithm.
esp-3des...

    Page 565

    Page 565 PROFILES 7 - 39 • crypto isakmp client configuration group default • crypto isakmp keepalive • crypto isakmp key [0 |2 |] address • crypto isakmp policy • crypto map [ipsec-isakmp|ipsec-manual] {dynamic} isakmp Configures ISAKMP policy, also known as IKE policy client Moves to the config-crypto group instance configuration Defines configuration set at the client end group Defines group (currently only one group is supported) default Configures the default group tag isakmp Configures ISAKMP policy,... 
    PROFILES 7 - 39
• crypto isakmp client configuration group default
• crypto isakmp keepalive 
• crypto isakmp key [0 |2 |] address 
• crypto isakmp policy 
• crypto map   [ipsec-isakmp|ipsec-manual] {dynamic}
isakmp Configures ISAKMP policy, also known as IKE policy
client Moves to the config-crypto group instance
configuration Defines configuration set at the client end
group Defines group (currently only one group is supported)
default Configures the default group tag
isakmp Configures ISAKMP policy,...

    Page 566

    Page 566 7 - 40 WiNG CLI Reference Guide • crypto pki import crl Usage Guidelines If no peer IP address is configured, the manual crypto map is not valid and not complete. A peer IP address is required for manual crypto maps. To change the peer IP address, the no set peer command must be issued first, then the new peer IP address can be configured. A peer address can be deleted with a wrong ISAKMP value. Crypto currently matches only the IP address when a no command is issued.... 
    7 - 40 WiNG CLI Reference Guide
• crypto pki import crl   
Usage Guidelines
If no peer IP address is configured, the manual crypto map is not valid and not complete. A peer IP address is required for 
manual crypto maps. To change the peer IP address, the no set peer command must be issued first, then the new peer IP 
address can be configured.
A peer address can be deleted with a wrong ISAKMP value. Crypto currently matches only the IP address when a no 
command is issued....

    Page 567

    Page 567 PROFILES 7 - 41 Examples rfs7000-37FABE(config-profile-default-RFS7000)#crypto ipsec transform-set tpsec-tag1 ah-md5-hmac rfs7000-37FABE(config-profile-default-RFS7000-transform-set-tpsec-tag1)# rfs7000-37FABE(config-profile-default-RFS7000)#crypto map map1 10 ipsec-isakmp d ynamic rfs7000-37FABE(config-profile-default-RFS7000-cryptomap-map1 10)# rfs7000-37FABE(config-profile-default-RFS7000)#crypto isakmp client configuratio n group default rfs7000-37FABE(config-profile-default-RFS7000-crypto-group)#... 
    PROFILES 7 - 41
Examples
rfs7000-37FABE(config-profile-default-RFS7000)#crypto ipsec transform-set tpsec-tag1 
ah-md5-hmac
rfs7000-37FABE(config-profile-default-RFS7000-transform-set-tpsec-tag1)#
rfs7000-37FABE(config-profile-default-RFS7000)#crypto map map1 10 ipsec-isakmp d
ynamic
rfs7000-37FABE(config-profile-default-RFS7000-cryptomap-map1 10)#
rfs7000-37FABE(config-profile-default-RFS7000)#crypto isakmp client configuratio
n group default
rfs7000-37FABE(config-profile-default-RFS7000-crypto-group)#...

    Page 568

    Page 568 7 - 42 WiNG CLI Reference Guide 7.1.14 isakmp-policy Use the (config) instance to configure ISAKMP policy configuration commands. To navigate to the config-isakmp-policy instance, use the following commands: rfs7000-37FABE(config-profile-default-RFS7000)#crypto isakmp policy test rfs7000-37FABE(config-profile-default-RFS7000-isakmp-policy-test)#? Crypto Isakmp Config commands: authentication Set authentication method for protection suite encryption Set encryption algorithm for protection... 
    7 - 42 WiNG CLI Reference Guide
7.1.14 isakmp-policy
Use the (config) instance to configure ISAKMP policy configuration commands. To navigate to the config-isakmp-policy 
instance, use the following commands:
rfs7000-37FABE(config-profile-default-RFS7000)#crypto isakmp policy test
rfs7000-37FABE(config-profile-default-RFS7000-isakmp-policy-test)#?
Crypto Isakmp Config commands:
  authentication  Set authentication method for protection suite
  encryption      Set encryption algorithm for protection...

    Page 569

    Page 569 PROFILES 7 - 43 showDisplays running system informationpage 6-4 writeWrites information to memory or terminalpage 5-42 Table 7.3ISAKMP Policy Commands Command Description Reference 
    PROFILES 7 - 43
showDisplays running system informationpage 6-4
writeWrites information to memory or terminalpage 5-42
Table 7.3ISAKMP Policy Commands
Command Description Reference

    Page 570

    Page 570 7 - 44 WiNG CLI Reference Guide 7.1.14.1 authentication isakmp-policy Sets authentication method for the ISAKMP protection suite Supported in the following platforms: AP300 AP621 AP650 AP6511 AP6521 AP6532 AP71XX RFS4000 RFS6000 RFS7000 NX9000 NX9500 Syntax authentication [pre-share|rsa-sig] Parameters • authentication [pre-share|rsa-sig] Examples rfs7000-37FABE(config-isakmp-policy-test)#authentication rsa-sig rfs7000-37FABE(config-profile-default-RFS7000-isakmp-policy-test)#show context... 
    7 - 44 WiNG CLI Reference Guide
7.1.14.1 authentication
isakmp-policy
Sets authentication method for the ISAKMP protection suite
Supported in the following platforms:
 AP300
 AP621
 AP650
 AP6511
 AP6521
 AP6532
 AP71XX
 RFS4000
 RFS6000
 RFS7000
 NX9000
 NX9500
Syntax
authentication [pre-share|rsa-sig]
Parameters
• authentication [pre-share|rsa-sig]
Examples
rfs7000-37FABE(config-isakmp-policy-test)#authentication rsa-sig
rfs7000-37FABE(config-profile-default-RFS7000-isakmp-policy-test)#show context...
    Start reading Motorola Wing 5 Manual
    All Motorola manuals