Filter
Top Products
Adding Layer 2 Ethernet Policies
EncrypTight User Guide 189
4Click Save when complete.
Table 47 Layer 2 Mesh policy entries
Field Description
Name Enter a unique name to identify the policy. Names can be 1 - 40 characters in
length. Alphanumeric characters and spaces are valid. The special characters
<, >, &, ,“ *, ?, /, \, : and | cannot be used in the policy name. Names are not
case sensitive.
Priority Specifies the order in which policies are processed in the PEPs. Enter the
priority for this policy from 1 to 65000. PEPs enforce policies in descending
priority order with the highest priority number processed first.
Renew Keys/
Refresh
Lifetime
Specifies the lifetime of the keys and policies, and the frequency at which the
keys are regenerated and policies’ lifetimes are updated on the PEPs.
Regenerate keys and update policies either at a specified interval in hours or
daily at a specified time. Click either Hours or Daily.
•Hours - enter the re-key interval in hours between 0 and 65535 hours. 0
hours causes keys and policies to never expire and never update. Use 0
hours for drop and clear policy types.
•Daily - enter the re-key time using the 24 hour system clock set to the
required local time of the ETPM workstation. The re-key time will translate to
the local times of the ETKMSs and PEPs that might be located in other time
zones.
Type Specifies the action applied to frames that match the protocol and networks
included in this policy.
•Drop - drops all frames matching this policy.
•Bypass - passes all frames matching this policy in the clear.
•Encrypt - encrypts or decrypts all frames matching this policy.
Protecting
Policy
Enforcement
Points
Lists the PEPs where the policies and keys are distributed. Click the PEPs tab
in the EncrypTight components view and drag the appropriate Layer 2 PEP to
the PEPs list on the Policy editor.
• You can also edit a PEP from this editor. Right-click the desired PEP and
click Edit.
• To remove a PEP from this list, right-click the desired PEP and click
Remove Element. The PEP is removed only from this policy.
VLAN ID
Ranges
(optional)
Specifies a VLAN ID tag range for a policy. The policy affects only frames with
a VLAN ID tag within the specified range. Traffic that does not match the VLAN
ID tag (or range of tags) specified in the policy is dropped.
If no range is
specified, the policy applies to all frames.
ETEP PEPs accept only single VLAN ID tags in policies.
Click the VLAN Ranges tab in the EncrypTight Components view and drag the
appropriate VLAN range to the VLAN Ranges list on the Policy editor.
• You can also edit a VLAN Range from this editor. Right-click the desired
VLAN Range and click Edit.
• To remove a VLAN Range from this list, right-click the desired VLAN Range
and click Remove Element. The VLAN range is removed only from this
policy.
Key Generation
and
Distribution
Select the desired Key Management System from the ETKMS list.