No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ipsec policy-template (User view)

display ipsec policy-template (User view)

Function

The display ipsec policy-template command displays information about the IPSec policy template.

Format

display ipsec policy-template [ brief | name policy-template-name [ seq-number ] ] ctrl-plane

Parameters

Parameter Description Value
brief Displays brief information about all the IPSec policy templates. -
name policy-template-name Specifies the name of an IPSec policy template.

The value is an existing IPSec policy template name.
seq-number Specifies the sequence number of an IPSec policy template.

The value is an existing IPSec policy template number.
ctrl-plane Display the IPSec policy template on control plane. -

Views

User view

Default Level

1: Monitoring level

Usage Guidelines

If the no parameter is not specified, detailed information about all IPSec policy templates is displayed.

If brief is specified, you can view the following brief information about the IPSec policy template. In this case, the information is displayed in brief format.

  • Template name and sequence number
  • ACL number
  • IKE Peer

If name is specified, the command displays detailed information about the IPSec policy template.

Example

# Display information about all the IPSec policy template.

<AC6605> display ipsec policy-template brief ctrl-plane
Number of templates group : 1                                                    
Number of templates       : 1                                                    
                                                                                 
Policy template name     ACL           Peer name                                 
------------------------------------------------------                           
temp1-10                 3001/IPv4     rut3
Table 20-32  Description of the display ipsec policy-template brief command output

Item

Description

Number of templates group

Number of IPSec policy template groups. An IPSec policy template is identified by its name and sequence number. Multiple IPSec policy templates with the same IPSec policy template name constitute an IPSec policy template group.

Number of templates

Number of IPSec policy templates.

Policy template name

 Name and sequence number of an IPSec policy template. To configure an IPSec policy template, run the ipsec policy-template command.

ACL

 ACL referenced in the IPSec policy template. To reference an ACL in an IPSec policy template, run the security acl command.

Peer name

Name of the IKE peer referenced in the IPSec policy template. To reference an IKE peer, run the ike-peer command.

# Display information about a specified IPSec policy template.

<AC6605> display ipsec policy-template name tem3 ctrl-plane
                                                                                
===============================================                                 
IPSec policy template group: "tem3"                                             
===============================================                                 
                                                                                
    Sequence number: 1                                                          
    Policy Alias: tem3-1                                                        
    Security data flow: 3001/IPv4
    Peer name    :  zc3                                                         
    Perfect forward secrecy: DH group 14
    Proposal name:  3                                                           
    IPSec SA local duration(time based): 3600 seconds                           
    IPSec SA local duration(traffic based): 1843200 kilobytes
    Anti-replay window size: 1024                                               
    Fragment before-encryption: Disable
    Route inject state: -
    Route inject nexthop: -                       
    Route inject preference: -  
    Policy state: Enable
    Tunnel remote  : Vlanif20
    Sa keep-holding-to hard-duration : Disable
Table 20-33  Description of the display ipsec policy-template name command output

Item

Description

IPSec policy template group

Name of an IPSec policy template. To configure an IPSec policy template, run the ipsec policy-template command.

Sequence number

Sequence number of an IPSec policy template. To configure an IPSec policy template, run the ipsec policy-template command.

Policy Alias

Alias of an IPSec policy template. To configure an alias, run the alias command.

Security data flow

ACL referenced in the IPSec policy template. To reference an ACL referenced in an IPSec policy template, run the security acl command.

Peer name

Name of the IKE peer referenced in the IPSec policy template. To reference an IKE peer, run the ike-peer command.

Perfect forward secrecy
Perfect Forward Secrecy (PFS) used in IKE negotiation:
  • DH group 1: 768-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 2: 1024-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 5: 1536-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 14: 2048-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 15: 3072-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 16: 4096-bit Diffie-Hellman group is used during IKE negotiation.
  • DH group 19: 256-bit ECP Diffie-Hellman group is used during IKE negotiation.
  • DH group 20: 384-bit ECP Diffie-Hellman group is used during IKE negotiation.
  • DH group 21: 521-bit ECP Diffie-Hellman group is used during IKE negotiation.

To specify an algorithm used to generate a pseudo random number, run the pfs command.

Proposal name

Name of an IPSec proposal referenced in the IPSec policy template. To reference an IPSec proposal, run the proposal command.

IPSec SA local duration(time based)

Time-based lifetime of the local SA. To set the time-based lifetime of the local SA, run the sa duration time-based command.

IPSec SA local duration(traffic based)

Traffic-based lifetime of the local SA. To set the traffic-based lifetime of the local SA, run the sa duration traffic-based command.

Anti-replay window size

IPSec anti-replay window size. This field is available only when the IPSec anti-replay function is enabled. To set the IPSec anti-replay window size, run the ipsec anti-replay window command.

Fragment before-encryption
Packet fragmentation mode for an IPSec tunnel:
  • Enable: IPSec packets are fragmented before encryption.
  • Disable: IPSec packets are fragmented after encryption.

To configure a packet fragmentation mode for an IPSec tunnel, run the ipsec fragmentation before-encryption command.

Route inject state

Route injection status. Dynamic: Dynamic route injection is enabled

To configure route injection, run the route inject command.
Route inject nexthop

Next hop of a generated route. To configure route injection, run the route inject command.
Route inject preference

Priority of a generated route. To configure route injection, run the route inject command.

Policy state
Status of the IPSec policy that references the IPSec policy template:
  • Enable: The IPSec policy is enabled.
  • Disable: The IPSec policy is disabled.
To set an IPSec policy to the state, run the policy enable command.
Tunnel remote

Outbound interface on an IPSec tunnel for IKE negotiation packets. To configure the outbound interface, run the tunnel remote (ISAKMP IPSec policy view, IPSec policy template view, IPSec profile view) command.
Sa keep-holding-to hard-duration

Whether the device deletes the original IPSec SA after the hard lifetime expires during IPSec SA re-negotiation.

  • Enable: The device will delete the original IPSec SA after the hard lifetime expires.
  • Disable: The device deletes the original IPSec SA immediately.

To configure the device to delete the original IPSec SA after the hard lifetime expires, run the sa keep-holding-to hard-duration command.
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3186239

Downloads: 595

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :