No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ike peer (User view)

display ike peer (User view)

Function

The display ike peer command displays the IKE peer configuration.

Format

display ike peer [ brief | name peer-name ] ctrl-plane

Parameters

Parameter Description Value
brief Displays brief information about the IKE peer. -
name peer-name Specifies the name of IKE peer. The value is an existing ike peer name.
ctrl-plane Displays the IKE peer on control plane. -

Views

User view

Default Level

1: Monitoring level

Usage Guidelines

The output of the display ike peer command is as follows:

  • Name of the IKE peer
  • Negotiation mode
  • Authentication key
  • IKE proposal
  • Type of the local ID
  • IP address of the peer
  • Name of the peer
  • Whether NAT traversal is enabled

Example

# Display brief configuration of the IKE peer.

<AC6605> display ike peer brief ctrl-plane

Current ike peer number: 3                                                      
                                                                                
---------------------------------------------------------------------------     
Peer name        Version  Exchange-mode   Proposal   Id-type   RemoteAddr       
---------------------------------------------------------------------------     
1                v1v2     main            11         IP                         
peer1            v1v2     main            12         IP                       
huawei           v1v2     main            13         IP
Table 20-11  Description of the display ike peer brief command output

Item

Description
Current ike peer number Current number of IKE peers that have been configured.
Peer name Number of an IKE peer. To configure an IKE peer, run the ike peer command.
Version
IKE version of the IKE peer:
  • v1: IKEv1 is enabled.
  • v2: IKEv2 is enabled.
  • v1v2: Both IKEv1 and IKEv2 are enabled.
To configure an IKE version, run the version command.
Exchange-mode
IKEv1 negotiation mode:
  • main
  • aggressive
  • -: not supported. The value is displayed when the IKE peer uses only IKEv2.
To configure a negotiation mode, run the exchange-mode command.
Proposal

Name of the referenced IKE proposal. To configure an IKE proposal, run the ike-proposal command.
Id-type

Local ID type in IKE negotiation. To set the local ID type, run the local-id-type command.

RemoteAddr

IP address of the remote IKE peer. To configure an IP address of the remote IKE peer, run the remote-address (IKE peer view) command.

# Display configuration of the IKE peer.

<AC6605> display ike peer ctrl-plane

Number of IKE peers: 1
------------------------------------------  
   Peer name                               : 1
   IKE version                             : v1v2
   Remote IP                               : 1.1.1.1
   Remote IP                               : 2.2.2.2
   Authentic IP address                    : -  
   Proposal                                : 1 
   Pre-shared-key                          : %^%#G7(t:%yFw/PVF>Jsva;"zx]oL!sw-8z\C;I}%%RY%^%#              
   Local ID type                           : IP
   Local ID                                : - 
   Remote ID type                          : any
   Remote ID                               : - 
   PKI realm                               : test
   Inband OCSP                             : Enable
   Inband CRL                              : Disable
   cert-request empty-payload              : Enable
   VPN instance bound to the SA            : vpna
   NAT-traversal                           : Enable
   Re-authentication interval(s)           : 333
   DSCP                                    : -  
   Lifetime-notification-message           : Enable
   DPD                                     : Enable
   DPD type                                : on-demand
   DPD retry-limit                         : 3
   DPD retransmit-interval(s)              : 30
   DPD idle-time(s)                        : 60
   DPD message                             : seq-hash-notify
   DPD message learning                    : Enable 
   DPD packet receive if-related           : Enable
   RSA signature-padding                   : PKCS1
   Local ID Certificate Preference         : Enable
   IKEv2 Local ID Reflect                  : Enable 
   IKEv1 phase1-phase2 sa dependent        : Enable
   IKEv2 fragmentation                     : Enable 
   IKEv2 fragmentation MTU                 : 576
   IKEv2 authentication signature-hash     : SHA1
------------------------------------------
Table 20-12  Description of the display ike peer command output

Item

Description
Number of IKE peers Number of IKE peers that have been configured.
Peer name Name of an IKE peer. To configure an IKE peer, run the ike peer command.
IKE version
IKE version of the IKE peer:
  • v1: IKEv1 is enabled.
  • v2: IKEv2 is enabled.
  • v1v2: Both IKEv1 and IKEv2 are enabled.

To configure an IKE version, run the version command.
Remote IP

IP address of the remote IKE peer. To configure an IP address of the remote IKE peer, run the remote-address (IKE peer view) command.

Authentic IP address

IP address used for IKE negotiation authentication before NAT translation. To configure the IP address used for IKE negotiation authentication before NAT translation, run the remote-address (IKE peer view) command.
Proposal

Referenced IKE proposal. This parameter is available only when the IKE proposal has been configured using the ike-proposal command.
Pre-shared-key

Pre-shared key used for authentication. When an IKE proposal referenced by an IKE peer uses pre-shared key authentication, the pre-shared key is used for identity authentication. To configure a pre-shared key, run the pre-shared-key command.
Local ID type

Local ID type in IKE negotiation. To set the local ID type, run the local-id-type command.

Local ID

Local ID used in IKE negotiation. To set the local ID used in IKE negotiation, run the ike local-name or local-id command.
Remote ID type

Remote ID type in IKE negotiation. To set the remote ID type, run the remote-id-type command.

Remote ID

Remote ID used in IKE negotiation. To configure the remote ID used in IKE negotiation, run the remote-id command.
PKI realm

PKI realm bound to the IKE peer. To bind a PKI realm to an IKE peer, run the pki realm command.
Inband OCSP
Whether IKEv2 is used to transmit Online Certificate Status Protocol (OCSP) requests and responses:
  • Enable
  • Disable

To this function, run the inband ocsp command.
Inband CRL
Whether IKEv2 is used to transmit certificate revocation list (CRL) requests and responses:
  • Enable
  • Disable

To this function, run the inband crl command.
cert-request empty-payload
Whether the certificate request payload is empty:
  • Enable
  • Disable

To configure the device to send certificate requests with empty payload, run the certificate-request empty-payload enable command.
VPN instance bound to the SA

Name of the VPN instance bound to the IPSec tunnel.
NAT-traversal
Whether NAT traversal is enabled:
  • Enable
  • Disable
To enable NAT traversal, run the nat traversal command.
Re-authentication interval(s)

IKEv2 re-authentication interval. To configure an IKEv2 re-authentication interval, run the re-authentication interval command.
DSCP

DSCP value of IKE packets of an IKE peer. To configure a DSCP value, run the dscp command.
Lifetime-notification-message
Whether the device is enabled to send notification messages of the IKE SA lifetime:
  • Enable
  • Disable
To enable this function, run the lifetime-notification-message enable command.
DPD
Whether the DPD function is enabled:
  • Enable
  • Disable
DPD type
DPD mode of an IKE peer.
  • on-demand: DPD is performed on demand.
  • periodic: DPD is performed periodically.
To specify a DPD mode, run the dpd type command.
DPD retry-limit

Number of times that an IKE peer can retransmit DPD packets. To specify the number of retransmission times, run the dpd command.
DPD retransmit-interval(s)

Interval at which an IKE peer retransmits DPD packets. To specify a retransmission interval, run the dpd command.
DPD idle-time(s)

DPD idle time of an IKE peer. To configure a DPD idle time, run the dpd command.
DPD message
Sequence of the payload in DPD packets.
  • seq-hash-notify: indicates that in a DPD packet, the hash payload is before the notify payload.
  • seq-notify-hash: indicates that in a DPD packet, the notify payload is before the hash payload.
To configure the sequence of the payload, run the dpd msg command.
DPD message learning
Whether automatic learning of the payload sequence of DPD packets is enabled:
  • Enable
  • Disable

To configure the automatic learning function, run the dpd msg notify-hash-sequence learning command.
DPD packet receive if-related
Whether the function of checking whether the interface that receives DPD packets is the interface that establishes an IPSec SA:
  • Enable
  • Disable

To configure this function, run the dpd packet receive if-related enable command.
RSA signature-padding Padding mode of an RSA signature. To specify the padding mode, run the rsa signature-padding command.
Local ID Certificate Preference
Whether to enable the device to preferentially obtain the local ID from a field in a certificate when IKE uses certificate negotiation:
  • Enable
  • Disable

To enable this function, run the local-id-preference certificate enable command.
IKEv2 Local ID Reflect
Whether the local ID of the responder is used as the remote ID carried in the IKE packets sent by the initiator during IKEv2 negotiation:
  • Enable
  • Disable

To enable this function, run the local-id-reflect enable command.
IKEv1 phase1-phase2 sa dependent

Whether IPSec SA depends on IKE SA during IKEv1 negotiation:

  • Enable
  • Disable

To configure dependency between IPSec SA and IKE SA, run the ikev1 phase1-phase2 sa dependent command.
IKEv2 fragmentation
Whether IKEv2 packet fragmentation is enabled:
  • Enable
  • Disable

To configure IKEv2 packet fragmentation, run the ikev2 fragmentation command.
IKEv2 fragmentation MTU

MTU of an IKEv2 fragment. To configure the MTU, run the ikev2 fragmentation command.
IKEv2 authentication signature-hash

Certificate signature algorithm used by IKEv2. To configure this algorithm, run the ikev2 authentication sign-hash command.
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3211525

Downloads: 603

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :