Configuring password control, Overview, Password setting – H3C Technologies H3C S12500-X Series Switches User Manual
Page 156: Displaying and maintaining ipsec, Ipsec configuration examples
144
Step Command
Remarks
3.
Enable SNMP notifications
for the specified failure
type or event type.
snmp-agent trap enable ipsec
[ auth-failure | decrypt-failure |
encrypt-failure | invalid-sa-failure |
no-sa-failure | policy-add |
policy-attach | policy-delete |
policy-detach | tunnel-start |
tunnel-stop ] *
By default, SNMP notifications for
all failure types and event types
are enabled.
97B
Displaying and maintaining IPsec
Execute display commands in any view and reset commands in user view.
Task Command
Display IPsec policy information.
display ipsec { ipv6-policy | policy } [ policy-name
[ seq-number ] ]
Display IPsec transform set information.
display ipsec transform-set [ transform-set-name ]
Display IPsec SA information.
display ipsec sa [ brief | count | interface interface-type
interface-number | { ipv6-policy | policy } policy-name
[ seq-number ] | profile policy-name | remote [ ipv6 ]
ip-address ]
Display IPsec statistics.
display ipsec statistics [ tunnel-id tunnel-id ]
Display IPsec tunnel information.
display ipsec tunnel { brief | count | tunnel-id tunnel-id }
Clear IPsec SAs.
reset ipsec sa [ { ipv6-policy | policy } policy-name
[ seq-number ] | profile policy-name | remote
{ ipv4-address | ipv6 ipv6-address } | spi { ipv4-address |
ipv6 ipv6-address } { ah | esp } spi-num ]
Clear IPsec statistics.
reset ipsec statistics [ tunnel-id tunnel-id ]
98B
IPsec configuration examples
249B
Configuring a manual mode IPsec tunnel for IPv4 packets
As shown in
856H
Figure 43
, establish an IPsec tunnel between Switch A and Switch B to protect data flows
between the switches. Configure the tunnel as follows:
•
Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption algorithm as
AES-CBC-192, and the authentication algorithm as HMAC-SHA1.
•
Manually set up IPsec SAs.