319
Step Command Remarks
1. Enter system view
system-view
N/A
2. Configure IPsec
fragmentation.
ipsec fragmentation
{
after-encryption
|
before-encryption
}
By default, the device fragments
packets before IPsec
encapsulation.
Setting the maximum number of IPsec tunnels
Perform this task to limit the maximum number of IPsec tunnels that can be established.
Set the limit according to the memory usage. If the memory is sufficient, set a large value for better
concurrency performance. If the memory is insufficient, set a small value to save memory resources.
To set the maximum number of IPsec tunnels:
Step Command Remarks
1. Enter system view
system-view
N/A
2. Set the maximum number
of IPsec tunnels that can
be established.
ipsec limit max-tunnel
tunnel-limit
By default, the number of IPsec
tunnels is not limited.
Displaying and maintaining IPsec
Execute display commands in any view and reset commands in user view.
Task Command
Display IPsec policy information.
display
ipsec
{
ipv6-policy
|
policy
} [
policy-name
[ seq-number ] ]
Display IPsec policy template information.
display
ipsec
{
ipv6-policy-template
|
policy-template
} [ template-name [ seq-number ] ]
Display IPsec profile information.
display ipsec profile
[ profile-name ]
Display IPsec transform set information.
display ipsec transform-set
[ transform-set-name ]
Display IPsec SA information.
display
ipsec
sa
[
brief
|
count
|
interface
interface-type
interface-number | {
ipv6-policy
|
policy
} policy-name
[ seq-number ] |
profile
policy-name
|
remote
[
ipv6
]
ip-address ]
Display IPsec statistics.
display ipsec statistics
[
tunnel-id
tunnel-id ]
Display IPsec tunnel information.
display ipsec tunnel
{
brief
|
count
|
tunnel-id
tunnel-id }
Clear IPsec SAs.
reset
ipsec
sa
[ {
ipv6-policy
|
policy
} policy-name
[ seq-number ] |
profile
policy-name
|
remote
{ ipv4-address |
ipv6
ipv6-address }
|
spi
{ ipv4-address |
ipv6
ipv6-address } {
ah
|
esp
} spi-num ]
Clear IPsec statistics.
reset ipsec statistics
[
tunnel-id
tunnel-id ]