No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Clearing IPSec Statistics

Clearing IPSec Statistics

Context

Statistics cannot be restored after being cleared. Exercise caution when you run the reset commands.

When the number of IPSec tunnels is larger than 50% of the maximum limit, high CPU usage alarms may be generated in a short period of time after the reset ipsec sa or reset ike sa command is run. After all the SAs are cleared, the CPU usage restores to the normal range.

Procedure

  • Run the reset ipsec sa [ remote ipv4-address | policy policy-name [ seq-number ] | parameters ipv4-address { ah | esp } spi | profile profile-name ] command in the user view to clear established SAs.
  • After confirming information to be cleared, run the reset ipsec p2mp-sa command in the user view to clear IPSec P2MP SA.

    NOTE:
    V300R003C10 and later versions support this command.

  • Run the reset ipsec statistics command in the user view to clear statistics about IPSec packets.
  • After confirming information to be cleared, run the reset ipsec p2mp-sa-statistics command in the user view to clear statistics on IPSec P2MP SA packets.

    NOTE:
    V300R003C10 and later versions support this command.

  • Run the reset ike error-info command in the user view to clear information about IPSec tunnel negotiation failures using IKE.
  • Run the reset ike offline-info command in the user view to clear information about deleted IPSec tunnels established through IKE negotiation.
  • Run the reset ike sa [ conn-id conn-id | remote [ ipv4-address ] ] command in the user view to clear the SA established using IKE.
  • Run the reset ike statistics command in the user view to clear statistics about IKE packets.
  • Run the reset ipsec history record command in the user view to clear history information about IPSec tunnels.
  • Run the reset ipsec statistics route command in the user view to clear IPSec route injection statistics.
Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31296

Downloads: 43

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next