Enable IPsec on an Interface

Use the following procedure to enable IPsec on an interface. You can configure IPsec on a port, management port, VLAN, or loopback interface.

Note

Note

Management interface does not support IPsec configuration.

Procedure

  1. Enter Interface Configuration mode:

    enable

    configure terminal

    followed by one of the following:

    • interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

    • interface loopback <1–256>

    • interface mgmtEthernet <mgmt | mgmt2>

    • interface vlan <1–4059>

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Enable IPsec on an IPv6 interface:

    ipv6 ipsec enable

    default ipv6 ipsec enable

  3. Enable IPsec on an IPv4 interface:

    ip ipsec enable

    default ip ipsec enable

  4. Optional: Disable IPsec on an IPv6 interface:

    no ipv6 ipsec enable

  5. Optional: Disable IPsec on an IPv4 interface:

    no ip ipsec enable

Example

Enable IPsec for IPv6 on VLAN 100:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface vlan 100
Switch:1(config-if)#ipv6 ipsec enable

Variable Definition

The following table defines parameters for the ip ipsec and ipv6 ipsec commands.

Variable

Value

enable

Enables IPsec on the interface.