Managing public keys, Overview, Displaying and maintaining ike – H3C Technologies H3C S12500-X Series Switches User Manual

Page 173: Network requirements

Advertising
background image

161

information about SNMP notifications, see Network Management and Monitoring Configuration

Guide.
To generate and output SNMP notifications for IKE for a specific failure type or event type, enable SNMP

notifications for IKE globally and for the specified type of failures or events.
To configure SNMP notifications for IKE:

Step Command

Remarks

1.

Enter system view

system-view

N/A

2.

Enable SNMP
notifications for IKE

globally.

snmp-agent trap enable ike global

By default, SNMP notifications
for IKE are enabled.

3.

Enable SNMP

notifications for the
specified failure type or

event type.

snmp-agent trap enable ike [ attr-not-support
| auth-failure | cert-type-unsupport |

cert-unavailable | decrypt-failure |

encrypt-failure | invalid-cert-auth |
invalid-cookie | invalid-id | invalid-proposal

| invalid-protocol | invalid-sign |

no-sa-failure | proposal-add |
proposal–delete | tunnel-start | tunnel-stop

| unsupport-exch-type ] *

By default, SNMP notifications
for all failure types and event

types are enabled.

112B

Displaying and maintaining IKE

Execute display commands in any view and reset commands in user view.

Task Command

Display configuration information about all IKE
proposals.

display ike proposal

Display information about the current IKE SAs.

display ike sa [ verbose [ connection-id connection-id
| remote-address [ ipv6 ] remote-address

[ vpn-instance vpn-name ] ] ]

Delete IKE SAs.

reset ike sa [ connection-id connection-id ]

Clear IKE statistics.

reset ike statistics

113B

Main mode IKE with pre-shared key authentication

configuration example

254B

Network requirements

As shown in

871H

Figure 47

, configure an IPsec tunnel that uses IKE negotiation between Switch A and Switch

B to secure the communication.
Configure Switch A and Switch B to use the default IKE proposal for the IKE negotiation to set up the IPsec
SA. Configure the two switches to use the pre-shared key authentication method.

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C S9800 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals