7 Security Policy
- Jean-luc KRIKER
Move to Service Policy ( not security policy)
Security Policy is apply at many places:
within the Router (via the inter-node-security property),
within a Service ,
within a Network Interface, and
within an Adjacency
HMAC Cipher: HMAC to authenticate the source IKE-2
Encryption Cipher: AES or Advanced Encryption Standard CBC and GCM
| Configure Security Policies | |
|---|---|
Configuration > Authority ADD Security Policies Name: aes1 HMAC Cipher: sha256-128 Encryption Cipher: aes-cbc-128 Adaptive Encryption: False | |
| VALIDATE and COMMIT | |
| Apply Security Policy | |
Configuration > Authority > Routers: seabo1 > Node: node1 > Device Interface: mpls1 > Network Interface: mpls1 > address: 10.0.128.1 SET Security Policy: aes1 | |
Configuration > Authority > Routers: bosdc1 > Node: node1 > Device Interface: mpls1 > Network Interface: mpls1 > address: 10.0.128.1 SET Security Policy: aes1 | |
| VALIDATE and COMMIT | |
| Configure and Apply a Security Policy to Encrypt your Payload | |
Configuration > Authority ADD Security Policies Name: encryption_only Encryption Cipher: aes-cbc-256 HMAC Mode: disabled | |
| Apply | Configuration > Authority > Service: webserver SET Security Policy: encryption_only |
| VALIDATE and COMMIT |