R3303-HP HSR6800 Routers Security Command Reference
531
Field Description
rule 1 permit ip source 12.1.1.0 0.0.0.255
destination 12.1.1.0 0.0.0.255
Indicates that IPsec protects IP packets whose source and
destination addresses are within subnet 12.1.1.0/24.
rule 0 deny ip source 10.1.1.0 0.0.0.255
destination 10.1.1.0 0.0.0.255
Indicates that IPsec does not protect IP packets whose
source and destination addresses are within subnet
10.1.1.0/24.
display gdoi gm ipsec sa
Use display gdoi gm ipsec sa to display IPsec SA information obtained by GMs.
Syntax
display gdoi gm ipsec sa [ group group-name ] [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
group group-name: Displays IPsec SA information obtained by GMs of a GDOI GM group. The
group-name argument is the GDOI GM group name, a case-sensitive string of 1 to 63 characters. If you
do not specify this option, the command displays IPsec SA information obtained by all GMs.
|: Filters command output by specifying a regular expression. For more information about regular
expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display IPsec SA information obtained by all GMs.
<Sysname> display gdoi gm ipsec sa
SA created for group abc:
Interface GigabitEthernet1/0/1;
Interface GigabitEthernet1/0/2:
IPsec SA:
SPI: 0x9AE5951E(2598737182)
Transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1
SA timing:
remaining key lifetime (sec): 12
Anti-replay detection: Disabled
SA created for group hh:
Interface GigabitEthernet1/0/1;
Interface GigabitEthernet1/0/2: