No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ipsec profile

display ipsec profile

Function

The display ipsec profile command displays IPSec profile information.

Format

display ipsec profile [ brief | name profile-name ]

Parameters

Parameter

Description

Value

brief

Displays brief information about IPSec profiles.

-

name profile-name

Specifies the name of an IPSec profile.

The value is an existing IPSec profile name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display brief information about IPSec profiles.
<Huawei> display ipsec profile brief
 Total number of IPSec profile: 1
 Profile name      Peer name
 --------------------------------- 
 profile1          spub
Table 10-32  Description of the display ipsec profile brief command output

Item

Description

Total number of IPSec profile

Number of IPSec profiles.

Profile name

IPSec profile name. To configure an IPSec profile, run the ipsec profile (system view) command.

Peer name

Name of the IKE peer referenced by the IPSec profile. To reference an IKE peer, run the ike-peer command.

# Display detailed information about the IPSec profile profile1.
<Huawei> display ipsec profile name profile1
===========================================                                      
IPSec profile  : profile1                                                       
Using interface:                                                                
===========================================                                     
 IPSec Profile Name        :profile1                                            
 Peer Name                 :spoke1                                              
 PFS   Group               :0 (0:Disable 1:Group1 2:Group2 5:Group5 14:Group14) 
 SecondsFlag               :0 (0:Global 1:Local)                                
 SA Life Time Seconds      :3600                                                
 KilobytesFlag             :0 (0:Global 1:Local)                                
 SA Life Kilobytes         :1843200                                             
 Anti-replay Window Size   :32                                                  
 Qos Pre-classify          :0 (0:Disable 1:Enable)                              
 Qos group                 :- 
 Number of IPSec Proposals :1                                                   
 IPSec Proposals Name      :pro1 
 IKE Identity Name         :identity1
Table 10-33  Description of the display ipsec profile name profile1 command output

Item

Description

IPSec profile

IPSec profile name. To configure an IPSec profile, run the ipsec profile (system view) command.

Using interface

Interface to which an IPSec profile is applied.

IPSec Profile Name

IPSec profile name. To configure an IPSec profile, run the ipsec profile (system view) command.

PFS Group

Perfect Forward Secrecy (PFS) used in IKE negotiation:
  • 0: PFS is not used during IKE negotiation.
  • 1: 768-bit Diffie-Hellman group is used during IKE negotiation.
  • 2: 1024-bit Diffie-Hellman group is used during IKE negotiation.
  • 5: 1536-bit Diffie-Hellman group is used during IKE negotiation.
  • 14: 2014-bit Diffie-Hellman group is used during IKE negotiation.
To specify an algorithm used to generate a pseudo random number, run the pfs command.

SecondsFlag

Flag bit for the time-based SA:

  • 0: indicates the flag bit for the global time-based SA. To set the global time-based SA, run the ipsec sa global-durationtime-based command.
  • 1: indicates the flag bit for the time-based SA. To set the time-based SA, run the sa duration time-based command.

SA Life Time Seconds

Time-based SA lifetime.

Anti-replay Window Size

IPSec anti-replay window size. This field is available only when the IPSec anti-replay function is enabled. To set the IPSec anti-replay window size, run the ipsec anti-replay window command.

Qos pre-classify

Whether pre-extraction of original IP packets is enabled. To enable pre-extraction of original IP packets, run the qos pre-classify command.

Qos group

QoS group to which IPSec packets belong. To configure the QoS group, run the qos group command.

- indicates that no QoS group is specified for IPSec packets.

KilobytesFlag

Flag bit for the traffic-based SA:

  • 0: indicates the flag bit for the global traffic-based SA. To set the global traffic-based SA, run the ipsec sa global-duration traffic-based command.
  • 1: indicates the flag bit for the traffic-based SA. To set the traffic-based SA, run the sa duration traffic-based command.

SA Life Kilobytes

Traffic-based SA lifetime.

Number of IPSec Proposals

Number of referenced IPSec proposals.

IPSec Proposals Name

Name of the referenced IPSec proposal. To referenced an IPSec proposal, run the proposal command.

IKE Identity Name

Name of the referenced IKE identity. To referenced an IKE identity, run the match ike-identity command.

Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 50437

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next