280
Displaying and maintaining IPsec
Execute display commands in any view and reset commands in user view.
Display IPsec policy information.
display
ipsec
{
ipv6-policy
|
policy
} [
policy-name
[ seq-number ] ]
Display IPsec policy template information.
display
ipsec
{
ipv6-policy-template
|
policy-template
} [ template-name [ seq-number ] ]
Display IPsec profile information.
[ profile-name ]
Display IPsec transform set information.
display ipsec transform-set
[ transform-set-name ]
Display IPsec SA information.
display
ipsec
sa
[
brief
|
count
|
interface
interface-type
interface-number | {
ipv6-policy
|
policy
} policy-name
[ seq-number ] |
profile
policy-name
|
remote
[
ipv6
]
ip-address ]
Display IPsec statistics.
display ipsec statistics
[
tunnel-id
tunnel-id ]
Display IPsec tunnel information.
display ipsec tunnel
{
brief
|
count
|
tunnel-id
tunnel-id }
Clear IPsec SAs.
reset
ipsec
sa
[ {
ipv6-policy
|
policy
} policy-name
[ seq-number ] |
profile
policy-name
|
remote
{ ipv4-address |
ipv6
ipv6-address }
|
spi
{ ipv4-address |
ipv6
ipv6-address } {
ah
|
esp
} spi-num ]
Clear IPsec statistics.
reset ipsec statistics
[
tunnel-id
tunnel-id ]
IPsec configuration examples
Configuring a manual mode IPsec tunnel for IPv4 packets
Network requirements
As shown in Figure 86, establish an IPsec tunnel between Switch A and Switch B to protect data
flows between the switches. Configure the tunnel as follows:
• Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption
algorithm as AES-CBC-192, and the authentication algorithm as HMAC-SHA1.
• Manually set up IPsec SAs.
Figure 86 Network diagram
Configuration procedure
1. Configure Switch A:
# Configure an IP address for VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
Internet
Vlan-int1
2.2.2.1/24
Vlan-int1
2.2.3
.1/24
Switch A
Switch B
To Next Page
Loading...
