xfrm

interfaces xfrm <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Xfrm interface for IPSec tunnel

Values:

  • xfrmN – Xfrm interface name

Instances:

Multiple

interfaces xfrm <txt> description <id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Description

Values:

  • id – “Interface description is too long (limit 256 characters)” (1-256)

interfaces xfrm <txt> disable
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Disable interface

interfaces xfrm <txt> disable advisor <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Advisor to enable or disable the interface

Reference:

system advisor <txt>

interfaces xfrm <txt> disable-offload
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Disable offload engine in this interface

interfaces xfrm <txt> flow
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Active netflow on interface

interfaces xfrm <txt> flow egress
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Active output traffic

interfaces xfrm <txt> flow egress selector <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic selector

Reference:

traffic selector <txt>

interfaces xfrm <txt> flow ingress
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Active input traffic

interfaces xfrm <txt> flow ingress selector <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic selector

Reference:

traffic selector <txt>

interfaces xfrm <txt> local-interface <ifc>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • ifc – Underlying device, used for outgoing traffic

interfaces xfrm <txt> mtu <u32>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Maximum Transmission Unit (MTU)

Values:

  • u32 – Maximum Transmission Unit (MTU) (68-9000)

interfaces xfrm <txt> tcp-mss <u32>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • u32 – Change tcp-mss value

interfaces xfrm <txt> traffic
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic processing options

interfaces xfrm <txt> traffic control
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic control for interface

interfaces xfrm <txt> traffic control in <id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Ingress traffic control for interface

Reference:

traffic control <id>

interfaces xfrm <txt> traffic control out <id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Egress traffic control for interface

Reference:

traffic control <id>

interfaces xfrm <txt> traffic nat
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Network Address Translation (NAT) parameters

interfaces xfrm <txt> traffic nat destination
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Destination NAT settings

interfaces xfrm <txt> traffic nat destination rule <u32>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Rule number for NAT

Values:

  • u32 – Number for this NAT rule (1-9999)

Instances:

Multiple

interfaces xfrm <txt> traffic nat destination rule <u32> address <ipv4|ipv4net|ipv4range|id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

IP address, subnet, range or redirect

Values:

  • ipv4 – NAT to the specified IP address

  • ipv4net – NAT to the specified network address

  • ipv4range – NAT to the specified IP range

  • redirect – NAT to the interface address

interfaces xfrm <txt> traffic nat destination rule <u32> description <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • txt – Rule description

interfaces xfrm <txt> traffic nat destination rule <u32> log
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Log packets to which this rule has been applied

interfaces xfrm <txt> traffic nat destination rule <u32> log level <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Loggin level

Values:

  • emerg – Emergency messages

  • alert – Urgent messages

  • crit – Critical messages

  • err – Error messages

  • warn – Warning messages

  • notice – Messages for further investigation

  • info – Informational messages

  • debug – Debug messages

interfaces xfrm <txt> traffic nat destination rule <u32> log prefix <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • txt – Log message prefix text, up to 29 characters

interfaces xfrm <txt> traffic nat destination rule <u32> network <ipv4net>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

IP prefix to use in translation (host part is kept)

Values:

  • ipv4net – NAT to the specified network address, host part of the address will remain unchanged

interfaces xfrm <txt> traffic nat destination rule <u32> port <u32|id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

NAT port

Values:

  • u32 – Port to use in PAT (1-65535)

  • range – Port range (pool, for example, 1001-1005)

interfaces xfrm <txt> traffic nat destination rule <u32> protocol <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • txt – NAT transport protocol

interfaces xfrm <txt> traffic nat destination rule <u32> selector <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic selector

Reference:

traffic selector <txt>

interfaces xfrm <txt> traffic nat source
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Source NAT settings

interfaces xfrm <txt> traffic nat source rule <u32>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Rule number for NAT

Values:

  • u32 – Number for this NAT rule (1-9999)

Instances:

Multiple

interfaces xfrm <txt> traffic nat source rule <u32> address <ipv4|ipv4net|ipv4range|id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

IP address, subnet, range or masquerade

Values:

  • ipv4 – NAT to the specified IP address

  • ipv4net – NAT to the specified network address

  • ipv4range – NAT to the specified IP range

  • masquerade – NAT to the interface address

interfaces xfrm <txt> traffic nat source rule <u32> description <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • txt – Rule description

interfaces xfrm <txt> traffic nat source rule <u32> log
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Log packets to which this rule has been applied

interfaces xfrm <txt> traffic nat source rule <u32> log level <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Loggin level

Values:

  • emerg – Emergency messages

  • alert – Urgent messages

  • crit – Critical messages

  • err – Error messages

  • warn – Warning messages

  • notice – Messages for further investigation

  • info – Informational messages

  • debug – Debug messages

interfaces xfrm <txt> traffic nat source rule <u32> log prefix <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • txt – Log message prefix text, up to 29 characters

interfaces xfrm <txt> traffic nat source rule <u32> network <ipv4net>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

IP prefix to use in translation (host part is kept)

Values:

  • ipv4net – NAT to the specified network address, host part of the address will remain unchanged

interfaces xfrm <txt> traffic nat source rule <u32> port <u32|id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

NAT port

Values:

  • u32 – Port to use in PAT (1-65535)

  • range – Port range (pool, for example, 1001-1005)

interfaces xfrm <txt> traffic nat source rule <u32> protocol <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE
Values:

  • txt – NAT transport protocol

interfaces xfrm <txt> traffic nat source rule <u32> selector <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic selector

Reference:

traffic selector <txt>

interfaces xfrm <txt> traffic policy
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic policy rulesets for interface

interfaces xfrm <txt> traffic policy in <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Input traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces xfrm <txt> traffic policy in <txt> priority <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Priority order for traffic policy

Values:

  • very-high – First policy executed before NAT

  • high – Second policy executed before NAT

  • low – First policy executed after NAT

  • very-low – Second policy executed after NAT

interfaces xfrm <txt> traffic policy local-in <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Local input traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces xfrm <txt> traffic policy local-in <txt> priority <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Priority order for traffic policy

Values:

  • very-high – First policy executed

  • high – Second policy executed

  • low – Third policy executed

  • very-low – Fourth policy executed

interfaces xfrm <txt> traffic policy local-out <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Local output traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces xfrm <txt> traffic policy local-out <txt> priority <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Priority order for traffic policy

Values:

  • very-high – First policy executed

  • high – Second policy executed

  • low – Third policy executed

  • very-low – Fourth policy executed

interfaces xfrm <txt> traffic policy out <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Output traffic policy ruleset for interface

Reference:

traffic policy <txt>

Instances:

Multiple

interfaces xfrm <txt> traffic policy out <txt> priority <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Priority order for traffic policy

Values:

  • very-high – First policy executed before NAT

  • high – Second policy executed before NAT

  • low – First policy executed after NAT

  • very-low – Second policy executed after NAT

interfaces xfrm <txt> traffic zone <txt>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Traffic zone associated with this interface

Reference:

traffic zone <txt>

interfaces xfrm <txt> vrf <id>
AresC640 Atlas840 M10-Smart M2 M20 RS420 RXL15000 SDE

Virtual Routing and Forwarding domain name

Reference:

system vrf <id>