R3166-R3206-HP High-End Firewalls Network Management Command Reference-6PW101
Table Of Contents
- Title Page
- Contents
- Interface management configuration commands
- IP addressing configuration commands
- VLAN configuration commands
- MAC address table configuration commands
- Spanning tree configuration commands
- active region-configuration
- check region-configuration
- display stp
- display stp abnormal-port
- display stp down-port
- display stp history
- display stp region-configuration
- display stp root
- display stp tc
- instance
- region-name
- reset stp
- revision-level
- stp bpdu-protection
- stp bridge-diameter
- stp compliance
- stp config-digest-snooping
- stp cost
- stp edged-port
- stp enable
- stp loop-protection
- stp max-hops
- stp mcheck
- stp mode
- stp no-agreement-check
- stp pathcost-standard
- stp point-to-point
- stp port priority
- stp priority
- stp region-configuration
- stp root primary
- stp root secondary
- stp root-protection
- stp tc-protection
- stp tc-protection threshold
- stp timer forward-delay
- stp timer hello
- stp timer max-age
- stp timer-factor
- stp transmit-limit
- vlan-mapping modulo
- Layer 2 forwarding configuration commands
- DHCP server configuration commands
- bims-server
- bootfile-name
- dhcp enable
- dhcp select server global-pool
- dhcp server detect
- dhcp server forbidden-ip
- dhcp server ip-pool
- dhcp server ping packets
- dhcp server ping timeout
- dhcp server relay information enable
- display dhcp server conflict
- display dhcp server expired
- display dhcp server free-ip
- display dhcp server forbidden-ip
- display dhcp server ip-in-use
- display dhcp server statistics
- display dhcp server tree
- dns-list
- domain-name
- expired
- forbidden-ip
- gateway-list
- nbns-list
- netbios-type
- network
- network ip range
- network mask
- option
- reset dhcp server conflict
- reset dhcp server ip-in-use
- reset dhcp server statistics
- static-bind client-identifier
- static-bind ip-address
- static-bind mac-address
- tftp-server domain-name
- tftp-server ip-address
- voice-config
- DHCP relay agent configuration commands
- dhcp relay address-check enable
- dhcp relay information circuit-id format-type
- dhcp relay information circuit-id string
- dhcp relay information enable
- dhcp relay information format
- dhcp relay information remote-id format-type
- dhcp relay information remote-id string
- dhcp relay information strategy
- dhcp relay release ip
- dhcp relay security static
- dhcp relay security refresh enable
- dhcp relay security tracker
- dhcp relay server-detect
- dhcp relay server-group
- dhcp relay server-select
- dhcp select relay
- display dhcp relay
- display dhcp relay information
- display dhcp relay security
- display dhcp relay security statistics
- display dhcp relay security tracker
- display dhcp relay server-group
- display dhcp relay statistics
- reset dhcp relay statistics
- DHCP client configuration commands
- BOOTP client configuration commands
- IPv4 DNS configuration commands
- DDNS configuration commands
- ARP configuration commands
- Gratuitous ARP configuration commands
- Proxy ARP configuration commands
- QoS policy commands
- Traffic policing commands
- Static routing configuration commands
- RIP configuration commands
- checkzero
- default cost (RIP view)
- default-route
- display rip
- display rip database
- display rip interface
- display rip route
- filter-policy export (RIP view)
- filter-policy import (RIP view)
- host-route
- import-route (RIP view)
- maximum load-balancing (RIP view)
- network
- output-delay
- peer
- preference
- reset rip process
- reset rip statistics
- rip
- rip authentication-mode
- rip default-route
- rip input
- rip metricin
- rip metricout
- rip output
- rip poison-reverse
- rip split-horizon
- rip summary-address
- rip version
- silent-interface (RIP view)
- summary
- timers
- validate-source-address
- version
- OSPF configuration commands
- abr-summary (OSPF area view)
- area (OSPF view)
- asbr-summary
- authentication-mode
- bandwidth-reference (OSPF view)
- default
- default-cost (OSPF area view)
- default-route-advertise (OSPF view)
- description (OSPF/OSPF area view)
- display ospf abr-asbr
- display ospf asbr-summary
- display ospf brief
- display ospf cumulative
- display ospf error
- display ospf interface
- display ospf lsdb
- display ospf nexthop
- display ospf peer
- display ospf peer statistics
- display ospf request-queue
- display ospf retrans-queue
- display ospf routing
- display ospf vlink
- enable link-local-signaling
- enable log
- enable out-of-band-resynchronization
- filter
- filter-policy export (OSPF view)
- filter-policy import (OSPF view)
- host-advertise
- import-route (OSPF view)
- log-peer-change
- lsa-arrival-interval
- lsa-generation-interval
- lsdb-overflow-limit
- maximum load-balancing (OSPF view)
- maximum-routes
- network (OSPF area view)
- nssa
- opaque-capability enable
- ospf
- ospf authentication-mode
- ospf cost
- ospf dr-priority
- ospf mtu-enable
- ospf network-type
- ospf packet-process prioritized-treatment
- ospf timer dead
- ospf timer hello
- ospf timer poll
- ospf timer retransmit
- ospf trans-delay
- peer
- preference
- reset ospf counters
- reset ospf process
- reset ospf redistribution
- rfc1583 compatible
- silent-interface (OSPF view)
- snmp-agent trap enable ospf
- spf-schedule-interval
- stub (OSPF area view)
- stub-router
- transmit-pacing
- vlink-peer (OSPF area view)
- BGP configuration commands
- aggregate
- balance (BGP/BGP-VPN instance view)
- bestroute as-path-neglect (BGP/BGP-VPN instance view)
- bestroute compare-med (BGP/BGP-VPN instance view)
- bestroute med-confederation (BGP/BGP-VPN instance view)
- bgp
- compare-different-as-med (BGP/BGP-VPN instance view)
- confederation id
- confederation nonstandard
- confederation peer-as
- dampening (BGP/BGP-VPN instance view)
- default ipv4-unicast
- default local-preference (BGP/BGP-VPN instance view)
- default med (BGP/BGP-VPN instance view)
- default-route imported (BGP/BGP-VPN instance view)
- display bgp group
- display bgp network
- display bgp paths
- display bgp peer
- display bgp peer received ip-prefix
- display bgp routing-table
- display bgp routing-table as-path-acl
- display bgp routing-table cidr
- display bgp routing-table community
- display bgp routing-table community-list
- display bgp routing-table dampened
- display bgp routing-table dampening parameter
- display bgp routing-table different-origin-as
- display bgp routing-table flap-info
- display bgp routing-table label
- display bgp routing-table peer
- display bgp routing-table regular-expression
- display bgp routing-table statistic
- ebgp-interface-sensitive
- filter-policy export (BGP/BGP-VPN instance view)
- filter-policy import (BGP/BGP-VPN instance view)
- group (BGP/BGP-VPN instance view)
- import-route (BGP/BGP-VPN instance view)
- import-route guard
- log-peer-change
- network (BGP/BGP-VPN instance view)
- network short-cut (BGP/BGP-VPN instance view)
- peer advertise-community (BGP/BGP-VPN instance view)
- peer advertise-ext-community (BGP/BGP-VPN instance view)
- peer allow-as-loop (BGP/BGP-VPN instance view)
- peer as-number (BGP/BGP-VPN instance view)
- peer as-path-acl (BGP/BGP-VPN instance view)
- peer capability-advertise conventional (BGP/BGP-VPN instance view)
- peer capability-advertise orf
- peer capability-advertise orf non-standard
- peer capability-advertise route-refresh
- peer connect-interface (BGP/BGP-VPN instance view)
- peer default-route-advertise (BGP/BGP-VPN instance view)
- peer description (BGP/BGP-VPN instance view)
- peer ebgp-max-hop (BGP/BGP-VPN instance view)
- peer enable (BGP/BGP-VPN instance view)
- peer fake-as (BGP/BGP-VPN instance view)
- peer filter-policy (BGP/BGP-VPN instance view)
- peer group (BGP/BGP-VPN instance view)
- peer ignore (BGP/BGP-VPN instance view)
- peer ip-prefix
- peer keep-all-routes (BGP/BGP-VPN instance view)
- peer log-change (BGP/BGP-VPN instance view)
- peer next-hop-local (BGP/BGP-VPN instance view)
- peer password
- peer preferred-value (BGP/BGP-VPN instance view)
- peer public-as-only (BGP/BGP-VPN instance view)
- peer reflect-client (BGP/BGP-VPN instance view)
- peer route-limit (BGP/BGP-VPN instance view)
- peer route-policy (BGP/BGP-VPN instance view)
- peer route-update-interval (BGP/BGP-VPN instance view)
- peer substitute-as (BGP/BGP-VPN instance view)
- peer timer (BGP/BGP-VPN instance view)
- preference (BGP/BGP-VPN instance view)
- reflect between-clients (BGP view)
- reflector cluster-id (BGP view)
- refresh bgp
- reset bgp
- reset bgp dampening
- reset bgp flap-info
- reset bgp ipv4 all
- router-id
- summary automatic
- synchronization (BGP view)
- timer (BGP/BGP-VPN instance view)
- Basic IP routing configuration commands
- Policy-based routing configuration commands
- apply access-vpn vpn-instance
- apply default output-interface
- apply ip-address default next-hop
- apply ip-address next-hop
- apply ip-precedence
- apply output-interface
- display ip policy-based-route
- display ip policy-based-route setup
- display ip policy-based-route statistics
- display policy-based-route
- if-match acl
- if-match packet-length
- ip local policy-based-route
- ip policy-based-route
- policy-based-route
- reset policy-based-route statistics
- Multicast routing configuration commands
- display multicast boundary
- display multicast forwarding-table
- display multicast routing-table
- display multicast routing-table static
- display multicast rpf-info
- ip rpf-route-static
- mac-address multicast
- mtracert
- multicast boundary
- multicast forwarding on-demand
- multicast forwarding-table downstream-limit
- multicast forwarding-table route-limit
- multicast load-splitting
- multicast longest-match
- multicast routing-enable
- reset multicast forwarding-table
- reset multicast routing-table
- IGMP configuration commands
- display igmp group
- display igmp interface
- display igmp proxying group
- display igmp routing-table
- display igmp ssm-mapping
- display igmp ssm-mapping group
- fast-leave (IGMP view)
- igmp
- igmp enable
- igmp fast-leave
- igmp group-policy
- igmp last-member-query-interval
- igmp max-response-time
- igmp proxying enable
- igmp proxying forwarding
- igmp require-router-alert
- igmp robust-count
- igmp send-router-alert
- igmp ssm-mapping enable
- igmp startup-query-count
- igmp startup-query-interval
- igmp static-group
- igmp timer other-querier-present
- igmp timer query
- igmp version
- last-member-query-interval (IGMP view)
- max-response-time (IGMP view)
- require-router-alert (IGMP view)
- reset igmp group
- reset igmp ssm-mapping group
- robust-count (IGMP view)
- send-router-alert (IGMP view)
- ssm-mapping (IGMP view)
- startup-query-count (IGMP view)
- startup-query-interval (IGMP view)
- timer other-querier-present (IGMP view)
- timer query (IGMP view)
- version (IGMP view)
- PIM configuration commands
- auto-rp enable
- bsr-policy (PIM view)
- c-bsr (PIM view)
- c-bsr admin-scope
- c-bsr global
- c-bsr group
- c-bsr hash-length (PIM view)
- c-bsr holdtime (PIM view)
- c-bsr interval (PIM view)
- c-bsr priority (PIM view)
- c-rp (PIM view)
- c-rp advertisement-interval (PIM view)
- c-rp holdtime (PIM view)
- crp-policy (PIM view)
- display pim bsr-info
- display pim claimed-route
- display pim control-message counters
- display pim grafts
- display pim interface
- display pim join-prune
- display pim neighbor
- display pim routing-table
- display pim rp-info
- hello-option dr-priority (PIM view)
- hello-option holdtime (PIM view)
- hello-option lan-delay (PIM view)
- hello-option neighbor-tracking (PIM view)
- hello-option override-interval (PIM view)
- holdtime assert (PIM view)
- holdtime join-prune (PIM view)
- jp-pkt-size (PIM view)
- jp-queue-size (PIM view)
- pim
- pim bsr-boundary
- pim dm
- pim hello-option dr-priority
- pim hello-option holdtime
- pim hello-option lan-delay
- pim hello-option neighbor-tracking
- pim hello-option override-interval
- pim holdtime assert
- pim holdtime join-prune
- pim neighbor-policy
- pim require-genid
- pim sm
- pim state-refresh-capable
- pim timer graft-retry
- pim timer hello
- pim timer join-prune
- pim triggered-hello-delay
- probe-interval (PIM view)
- prune delay (PIM view)
- register-policy (PIM view)
- register-suppression-timeout (PIM view)
- register-whole-checksum (PIM view)
- reset pim control-message counters
- source-lifetime (PIM view)
- source-policy (PIM view)
- spt-switch-threshold (PIM view)
- ssm-policy (PIM view)
- state-refresh-interval (PIM view)
- state-refresh-rate-limit (PIM view)
- state-refresh-ttl
- static-rp (PIM view)
- timer hello (PIM view)
- timer join-prune (PIM view)
- MSDP configuration commands
- cache-sa-enable
- display msdp brief
- display msdp peer-status
- display msdp sa-cache
- display msdp sa-count
- encap-data-enable
- import-source
- msdp
- originating-rp
- peer connect-interface
- peer description
- peer mesh-group
- peer minimum-ttl
- peer request-sa-enable
- peer sa-cache-maximum
- peer sa-policy
- peer sa-request-policy
- reset msdp peer
- reset msdp sa-cache
- reset msdp statistics
- shutdown (MSDP view)
- static-rpf-peer
- timer retry
- SSL configuration commands
- Support and other resources
- Index
496
SSL configuration commands
ciphersuite
Syntax
ciphersuite [ rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha ] *
View
SSL server policy view
Default level
2: System level
Parameters
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit AES_CBC, and the MAC algorithm of SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
DES_CBC, and the MAC algorithm of SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit RC4, and the MAC algorithm of MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of SHA.
Description
Use the ciphersuite command to specify the cipher suites for an SSL server policy to support.
By default, an SSL server policy supports all cipher suites.
With no keyword specified, the command configures an SSL server policy to support all cipher suites.
If you execute the command repeatedly, the last one takes effect.
Related commands: display ssl server-policy.
Examples
# Configure SSL server policy policy1 to support cipher suites rsa_rc4_128_md5 and rsa_rc4_128_sha.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite rsa_rc4_128_md5 rsa_rc4_128_sha
client-verify enable
Syntax
client-verify enable
undo client-verify enable
View
SSL server policy view