352
Ste
Command
Remarks
2. Enter IPsec policy view.
ipsec policy policy-name
seq-number [ isakmp | manual ]
Configure either command.
3. Enable packet information
pre-extraction.
qos pre-classify Disabled by default.
Displaying and maintaining IPsec
To do… Use the command… Remarks
Display IPsec policy information
display ipsec policy [ brief | name
policy-name [ seq-number ] ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Display IPsec proposal
information
display ipsec proposal [ proposal-name ]
[ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display IPsec SA information
display ipsec sa [ brief | policy
policy-name [ seq-number ] | remote
ip-address ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display IPsec session information
display ipsec session [ tunnel-id integer ]
[ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display IPsec packet statistics
display ipsec statistics [ tunnel-id
integer ] [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display IPsec tunnel information
display ipsec tunnel [ | { begin | exclude
| include } regular-expression ]
Available in any view.
Clear SAs
reset ipsec sa [ parameters dest-address
protocol spi | policy policy-name
[ seq-number ] | remote ip-address ]
Available in user view.
Clear IPsec sessions reset ipsec session [ tunnel-id integer ] Available in user view.
Clear IPsec statistics reset ipsec statistics Available in user view.
IPsec configuration examples
IKE-based IPsec tunnel for IPv4 packets configuration example
Network requirements
As shown in Figure 123, configure an IPsec tunnel between Switch A and Switch B to protect data flows
between Switch A and Switch B. Configure the tunnel to use the security protocol ESP, the encryption
algorithm AES-CBC-128, and the authentication algorithm HMAC-SHA1-96.
To Next Page
Loading...
