A SERVICE OF

logo

Open as PDF
next previous
2-68 Command Line Interface Commands Reference
Unprotected Services Configuration Commands
Note: These commands are supported beginning with Firmware Version 8.7.4.
When using an IPSec force-all tunnel, Unprotected Services supports router-generated packets with a source IP
address outside the local member range. It works by applying a source address to an internally-generated
router service, and specifies whether the service should not be routed by default over the force-all IPSec tunnel.
This permits supporting multiple authentication profles with multiple tunnels, as well as supporting
authentication profiles that point to a RADIUS server on the LAN interface. Other applications such as
TACACS+, SNMP, syslog, NTP and heartbeat are not forced over the tunnel.
service interface [ ip_address | cp | ethernet ] [ number ]
show service interface [ cp | ethernet ] [ number ]
no service interface
These commands allow you to specify, show, or disable the application of a source address to an internally
generated router service, such that the service should not be routed by default over a force-all IPSec tunnel.
Applicable internally-generated router services are: RADIUS, TACACS+, SNMP, syslog, NTP and heartbeat.
interface specifies from where the traffic is to be sourced.
For cp or ethernet, the router will look up its interface address, reducing the chance of error.
If you enter an ip_address that is not a local interface address, the service may either fail to function or the
router will override the invalid address. It will then use the interface with a route to the server for the
service.
If no is used with the commands, the value goes back to the default 0.0.0.0 and no.
Note: Only primary Ethernet interfaces are supported; ALANs are not supported.
Examples:
remote-server interface 100.110.112.113
remote-server interface cp 3
remote-server interface ethernet 0
remote-server unprotected yes
Unprotected Services Configuration Commands
service interface [ ip_address | cp | ethernet ] [ number ]
show service interface [ cp | ethernet ] [ number ]
no service interface
service unprotected [ yes | no ]
show service unprotected
no service unprotected