No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ipsec global config

display ipsec global config

Function

The display ipsec global config command displays IPSec global configurations.

Format

display ipsec global config

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view IPSec global configurations, run the display ipsec global config command. The global configurations include the global SA lifetime and whether the anti-replay function is enabled.

Example

# Display IPSec global configurations.

<AC6605> display ipsec global config
IPSec Global Config:                                                            
--------------------------------------------------------------                  
  IPSec sa global-duration time-based(seconds)        : 3600
  IPSec sa global-duration traffic-based(kbytes)      : 1843200
  IPSec anti-replay                                   : enable
  IPSec df-bit                                        : copy 
  IPSec fragmentation                                 : disable
  IPSec decrypt check                                 : enable
  IPSec invalid-spi-recovery                          : disable
  IPSec netmask source                                : 24
  IPSec netmask destination                           : 24
  IPSec tunnel-index based remote-ip                  : disable
  IPSec remote traffic-identical accept               : disable
--------------------------------------------------------------
Table 20-23  Description of the display ipsec global config command output

Item

Description

IPSec Global Config

 IPSec global configurations.

IPSec sa global-duration time-based(seconds)

Time-based global SA lifetime, in seconds. To set the time-based global SA lifetime, run the ipsec sa global-duration time-based command.

IPSec sa global-duration traffic-based(kbytes)

Traffic-based global SA lifetime, in kilobytes. To set the traffic-based global SA lifetime, run the ipsec sa global-duration traffic-based command.

IPSec anti-replay

Whether the anti-replay function is enabled. To configure the anti-replay function, run the ipsec anti-replay enable command.

IPSec df-bit
IPSec tunnel don't fragment (DF) bit:
  • clear: The DF bit is set to 0, allowing packets to be fragmented.
  • set: The DF bit is set to 1, prohibiting packets from being fragmented.
  • copy: The DF bit is that of original packets.
To set the DF bit, run the ipsec df-bit command.

IPSec fragmentation
IPSec tunnel packet fragmentation mode:
  • enable: Fragmentation before IPSec encryption.
  • disable: Fragmentation after IPSec encryption
To set the fragmentation mode, run the ipsec fragmentation before-encryption command.

IPSec decrypt check
Whether post-IPSec check is enabled:
  • enable
  • disable

To configure this function, run the ipsec decrypt check command.
IPSec invalid-spi-recovery

Whether the invalid SPI recovery function is enabled:

  • enable
  • disable

To configure the invalid SPI recovery function, run the ipsec invalid-spi-recovery enable command.
IPSec netmask source

Source address mask of data flows. To configure the source address mask of data flows, run the ipsec netmask command.

When the source address mask is not configured, the mask length is 0.
IPSec netmask destination

Destination address mask of data flows. To configure the destination address mask of data flows, run the ipsec netmask command.

When the destination address mask is not configured, the mask length is 0.
IPSec tunnel-index based remote-ip
Whether the device keeps IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment:
  • enable: The device keeps IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.
  • disable: The device does not keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.
To configure the device to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment, run the ipsec tunnel-index based remote-ip command.
IPSec remote traffic-identical accept
Whether the branch or the access user is enabled to quickly access the headquarters network:
  • enable
  • disable

To configure this function, run the ipsec remote traffic-identical accept command.
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3200262

Downloads: 595

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :