324
Default
The DF bit of original IP headers is copied to the outer IP headers for encapsulated IPsec packets.
Views
System view
Predefined user roles
network-admin
Parameters
clear: Clears the DF bit for outer IP headers. In this case, the encapsulated IPsec packets can be
fragmented.
copy: Copies the DF bit of the original IP headers to the outer IP headers.
set: Sets the DF bit for outer IP headers. In this case, the encapsulated IPsec packets cannot be
fragmented.
Usage guidelines
This command is effective only when the IPsec encapsulation mode is tunnel mode. It is not effective in
transport mode because outer IP headers are not added in transport mode.
This command does not change the DF bit for the original IP headers of encapsulated packets.
Packet fragmentation and reassembly might cause packet forwarding to be delayed. If you set the DF bit
for encapsulated IPsec packets, the packets will not be fragmented. In this case, make sure the MTU on
each interface along the forwarding path is larger than the IPsec packet length. Otherwise, the packets
are discarded. If you cannot make sure of the MTU value, HP recommends that you clear the DF bit.
Examples
# Set the DF bit for outer IP headers of encapsulated IPsec packets on all interfaces.
<Sysname> system-view
[Sysname] ipsec global-df-bit set
Related commands
ipsec df-bit
ipsec { ipv6-policy | policy }
Use ipsec { ipv6-policy | policy } to create an IPsec policy entry, and enter IPsec policy view.
Use undo ipsec { ipv6-policy | policy } to delete the specified IPsec policy.
Syntax
ipsec { ipv6-policy | policy } policy-name seq-number [ isakmp | manual ]
undo ipsec { ipv6-policy | policy } policy-name [ seq-number ]
Default
No IPsec policy is created.
Views
System view
To Next Page
Loading...
Need help?
General
