292
information about SNMP notifications, see Network Management and Monitoring Configuration
Guide.
To generate and output SNMP notifications for a specific IKE failure or event type, perform the following
tasks:
1. Enable SNMP notifications for IKE globally.
2. Enable SNMP notifications for the failure or event type.
To configure SNMP notifications for IKE:
Ste
Command
Remarks
1. Enter system view
system-view N/A
2. Enable SNMP
notifications for IKE
globally.
snmp-agent trap enable ike global
By default, SNMP notifications
for IKE are enabled.
3. Enable SNMP
notifications for the
specified failure or
event types.
snmp-agent trap enable ike [ attr-not-support
| auth-failure | cert-type-unsupport |
cert-unavailable | decrypt-failure |
encrypt-failure | invalid-cert-auth |
invalid-cookie | invalid-id | invalid-proposal
| invalid-protocol | invalid-sign |
no-sa-failure | proposal-add |
proposal–delete | tunnel-start | tunnel-stop
| unsupport-exch-type ] *
By default, SNMP notifications
for all failure and event types
are enabled.
Displaying and maintaining IKE
Execute display commands in any view and reset commands in user view.
Task Command
Display configuration information about all IKE
proposals.
display ike proposal
Display information about the current IKE SAs.
display ike sa [ verbose [ connection-id connection-id
| remote-address [ ipv6 ] remote-address ] ]
Delete IKE SAs. reset ike sa [ connection-id connection-id ]
Clear IKE MIB statistics. reset ike statistics
IKE configuration examples
Main mode IKE with pre-shared key authentication
configuration example
Network requirements
As shown in Figure 86, configure an IPsec tunnel that uses IKE negotiation between Switch A and Switch
B to secure the communication.
To Next Page
Loading...
Need help?
General