No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ipsec global config

display ipsec global config


The display ipsec global config command displays the global IPSec configuration.


display ipsec global config




All views

Default Level

1: Monitoring level

Usage Guidelines



# Display the global IPSec configuration.

<Huawei> display ipsec global config
IPSec Global Config:                                                            
  IPSec sa global-duration time-based(seconds)   : 3600                         
  IPSec sa global-duration traffic-based(kbytes) : 1843200                      
  IPSec anti-replay                              : enable                       
  IPSec df-bit                                   : copy                         
  IPSec fragmentation                            : disable 
  IPSec invalid-spi-recovery                     : disable 
Table 10-26  Description of the display ipsec global config command output



IPSec sa global-duration time-based

Global time-based SA lifetime, in seconds. To set the global time-based SA lifetime, run the ipsec sa global-duration time-based command.

IPSec sa global-duration traffic-based

Global traffic-based SA lifetime, in Kbytes. To set the global traffic-based SA lifetime, run the ipsec sa global-duration traffic-based command.

IPSec anti-replay

Whether the anti-replay function is enabled. To enable the anti-replay function, run the ipsec anti-replay command.

IPSec df-bit

DF flag bit of the IPSec tunnel:
  • clear: The DF flag bit is set to 0, indicating that IP packets can be fragmented.
  • set: The DF flag bit is set to 1, indicating that IP packets cannot be fragmented.
  • copy: The flag bit of the original packet is used.
To set the DF flag bit, run the ipsec df-bit command.

IPSec fragmentation

IPSec packet fragmentation mode:
  • enable: IPSec packets are fragmented before encryption.
  • disable: IPSec packets are fragmented after encryption.
To configure a fragmentation mode of IPSec packets, run the ipsec fragmentation command.
IPSec invalid-spi-recovery

Whether the invalid SPI recovery function is enabled.

  • enable: The invalid SPI recovery function is enabled.
  • disable: The invalid SPI recovery function is disabled.

To configure invalid SPI recovery, run the ipsec invalid-spi-recovery enable command.

Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 134776

Downloads: 142

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next