ipsec apply

Use ipsec apply to apply an IPsec policy to an interface.

Use undo ipsec apply to remove an IPsec policy application from an interface.


ipsec apply { ipv6-policy | policy } policy-name

undo ipsec apply { ipv6-policy | policy }


No IPsec policy is applied to an interface.


Interface view

Predefined user roles




ipv6-policy: Specifies an IPv6 IPsec policy.

policy: Specifies an IPv4 IPsec policy.

policy-name: Specifies an IPsec policy name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

On an interface, you can apply a maximum of two IPsec policies: one IPv4 IPsec policy and one IPv6 IPsec policy.

An IKE-based IPsec policy can be applied to multiple interfaces. As a best practice, apply an IKE-based IPsec policy to only one interface. A manual IPsec policy can be applied to only one interface.


# Apply IPsec policy policy1 to VLAN-interface 100.

<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname–Vlan-interface100] ipsec apply policy policy1

Related commands

display ipsec { ipv6-policy | policy }

ipsec { ipv6-policy | policy }