R3166-R3206-HP High-End Firewalls Network Management Command Reference-6PW101
Table Of Contents
- Title Page
- Contents
- Interface management configuration commands
- IP addressing configuration commands
- VLAN configuration commands
- MAC address table configuration commands
- Spanning tree configuration commands
- active region-configuration
- check region-configuration
- display stp
- display stp abnormal-port
- display stp down-port
- display stp history
- display stp region-configuration
- display stp root
- display stp tc
- instance
- region-name
- reset stp
- revision-level
- stp bpdu-protection
- stp bridge-diameter
- stp compliance
- stp config-digest-snooping
- stp cost
- stp edged-port
- stp enable
- stp loop-protection
- stp max-hops
- stp mcheck
- stp mode
- stp no-agreement-check
- stp pathcost-standard
- stp point-to-point
- stp port priority
- stp priority
- stp region-configuration
- stp root primary
- stp root secondary
- stp root-protection
- stp tc-protection
- stp tc-protection threshold
- stp timer forward-delay
- stp timer hello
- stp timer max-age
- stp timer-factor
- stp transmit-limit
- vlan-mapping modulo
- Layer 2 forwarding configuration commands
- DHCP server configuration commands
- bims-server
- bootfile-name
- dhcp enable
- dhcp select server global-pool
- dhcp server detect
- dhcp server forbidden-ip
- dhcp server ip-pool
- dhcp server ping packets
- dhcp server ping timeout
- dhcp server relay information enable
- display dhcp server conflict
- display dhcp server expired
- display dhcp server free-ip
- display dhcp server forbidden-ip
- display dhcp server ip-in-use
- display dhcp server statistics
- display dhcp server tree
- dns-list
- domain-name
- expired
- forbidden-ip
- gateway-list
- nbns-list
- netbios-type
- network
- network ip range
- network mask
- option
- reset dhcp server conflict
- reset dhcp server ip-in-use
- reset dhcp server statistics
- static-bind client-identifier
- static-bind ip-address
- static-bind mac-address
- tftp-server domain-name
- tftp-server ip-address
- voice-config
- DHCP relay agent configuration commands
- dhcp relay address-check enable
- dhcp relay information circuit-id format-type
- dhcp relay information circuit-id string
- dhcp relay information enable
- dhcp relay information format
- dhcp relay information remote-id format-type
- dhcp relay information remote-id string
- dhcp relay information strategy
- dhcp relay release ip
- dhcp relay security static
- dhcp relay security refresh enable
- dhcp relay security tracker
- dhcp relay server-detect
- dhcp relay server-group
- dhcp relay server-select
- dhcp select relay
- display dhcp relay
- display dhcp relay information
- display dhcp relay security
- display dhcp relay security statistics
- display dhcp relay security tracker
- display dhcp relay server-group
- display dhcp relay statistics
- reset dhcp relay statistics
- DHCP client configuration commands
- BOOTP client configuration commands
- IPv4 DNS configuration commands
- DDNS configuration commands
- ARP configuration commands
- Gratuitous ARP configuration commands
- Proxy ARP configuration commands
- QoS policy commands
- Traffic policing commands
- Static routing configuration commands
- RIP configuration commands
- checkzero
- default cost (RIP view)
- default-route
- display rip
- display rip database
- display rip interface
- display rip route
- filter-policy export (RIP view)
- filter-policy import (RIP view)
- host-route
- import-route (RIP view)
- maximum load-balancing (RIP view)
- network
- output-delay
- peer
- preference
- reset rip process
- reset rip statistics
- rip
- rip authentication-mode
- rip default-route
- rip input
- rip metricin
- rip metricout
- rip output
- rip poison-reverse
- rip split-horizon
- rip summary-address
- rip version
- silent-interface (RIP view)
- summary
- timers
- validate-source-address
- version
- OSPF configuration commands
- abr-summary (OSPF area view)
- area (OSPF view)
- asbr-summary
- authentication-mode
- bandwidth-reference (OSPF view)
- default
- default-cost (OSPF area view)
- default-route-advertise (OSPF view)
- description (OSPF/OSPF area view)
- display ospf abr-asbr
- display ospf asbr-summary
- display ospf brief
- display ospf cumulative
- display ospf error
- display ospf interface
- display ospf lsdb
- display ospf nexthop
- display ospf peer
- display ospf peer statistics
- display ospf request-queue
- display ospf retrans-queue
- display ospf routing
- display ospf vlink
- enable link-local-signaling
- enable log
- enable out-of-band-resynchronization
- filter
- filter-policy export (OSPF view)
- filter-policy import (OSPF view)
- host-advertise
- import-route (OSPF view)
- log-peer-change
- lsa-arrival-interval
- lsa-generation-interval
- lsdb-overflow-limit
- maximum load-balancing (OSPF view)
- maximum-routes
- network (OSPF area view)
- nssa
- opaque-capability enable
- ospf
- ospf authentication-mode
- ospf cost
- ospf dr-priority
- ospf mtu-enable
- ospf network-type
- ospf packet-process prioritized-treatment
- ospf timer dead
- ospf timer hello
- ospf timer poll
- ospf timer retransmit
- ospf trans-delay
- peer
- preference
- reset ospf counters
- reset ospf process
- reset ospf redistribution
- rfc1583 compatible
- silent-interface (OSPF view)
- snmp-agent trap enable ospf
- spf-schedule-interval
- stub (OSPF area view)
- stub-router
- transmit-pacing
- vlink-peer (OSPF area view)
- BGP configuration commands
- aggregate
- balance (BGP/BGP-VPN instance view)
- bestroute as-path-neglect (BGP/BGP-VPN instance view)
- bestroute compare-med (BGP/BGP-VPN instance view)
- bestroute med-confederation (BGP/BGP-VPN instance view)
- bgp
- compare-different-as-med (BGP/BGP-VPN instance view)
- confederation id
- confederation nonstandard
- confederation peer-as
- dampening (BGP/BGP-VPN instance view)
- default ipv4-unicast
- default local-preference (BGP/BGP-VPN instance view)
- default med (BGP/BGP-VPN instance view)
- default-route imported (BGP/BGP-VPN instance view)
- display bgp group
- display bgp network
- display bgp paths
- display bgp peer
- display bgp peer received ip-prefix
- display bgp routing-table
- display bgp routing-table as-path-acl
- display bgp routing-table cidr
- display bgp routing-table community
- display bgp routing-table community-list
- display bgp routing-table dampened
- display bgp routing-table dampening parameter
- display bgp routing-table different-origin-as
- display bgp routing-table flap-info
- display bgp routing-table label
- display bgp routing-table peer
- display bgp routing-table regular-expression
- display bgp routing-table statistic
- ebgp-interface-sensitive
- filter-policy export (BGP/BGP-VPN instance view)
- filter-policy import (BGP/BGP-VPN instance view)
- group (BGP/BGP-VPN instance view)
- import-route (BGP/BGP-VPN instance view)
- import-route guard
- log-peer-change
- network (BGP/BGP-VPN instance view)
- network short-cut (BGP/BGP-VPN instance view)
- peer advertise-community (BGP/BGP-VPN instance view)
- peer advertise-ext-community (BGP/BGP-VPN instance view)
- peer allow-as-loop (BGP/BGP-VPN instance view)
- peer as-number (BGP/BGP-VPN instance view)
- peer as-path-acl (BGP/BGP-VPN instance view)
- peer capability-advertise conventional (BGP/BGP-VPN instance view)
- peer capability-advertise orf
- peer capability-advertise orf non-standard
- peer capability-advertise route-refresh
- peer connect-interface (BGP/BGP-VPN instance view)
- peer default-route-advertise (BGP/BGP-VPN instance view)
- peer description (BGP/BGP-VPN instance view)
- peer ebgp-max-hop (BGP/BGP-VPN instance view)
- peer enable (BGP/BGP-VPN instance view)
- peer fake-as (BGP/BGP-VPN instance view)
- peer filter-policy (BGP/BGP-VPN instance view)
- peer group (BGP/BGP-VPN instance view)
- peer ignore (BGP/BGP-VPN instance view)
- peer ip-prefix
- peer keep-all-routes (BGP/BGP-VPN instance view)
- peer log-change (BGP/BGP-VPN instance view)
- peer next-hop-local (BGP/BGP-VPN instance view)
- peer password
- peer preferred-value (BGP/BGP-VPN instance view)
- peer public-as-only (BGP/BGP-VPN instance view)
- peer reflect-client (BGP/BGP-VPN instance view)
- peer route-limit (BGP/BGP-VPN instance view)
- peer route-policy (BGP/BGP-VPN instance view)
- peer route-update-interval (BGP/BGP-VPN instance view)
- peer substitute-as (BGP/BGP-VPN instance view)
- peer timer (BGP/BGP-VPN instance view)
- preference (BGP/BGP-VPN instance view)
- reflect between-clients (BGP view)
- reflector cluster-id (BGP view)
- refresh bgp
- reset bgp
- reset bgp dampening
- reset bgp flap-info
- reset bgp ipv4 all
- router-id
- summary automatic
- synchronization (BGP view)
- timer (BGP/BGP-VPN instance view)
- Basic IP routing configuration commands
- Policy-based routing configuration commands
- apply access-vpn vpn-instance
- apply default output-interface
- apply ip-address default next-hop
- apply ip-address next-hop
- apply ip-precedence
- apply output-interface
- display ip policy-based-route
- display ip policy-based-route setup
- display ip policy-based-route statistics
- display policy-based-route
- if-match acl
- if-match packet-length
- ip local policy-based-route
- ip policy-based-route
- policy-based-route
- reset policy-based-route statistics
- Multicast routing configuration commands
- display multicast boundary
- display multicast forwarding-table
- display multicast routing-table
- display multicast routing-table static
- display multicast rpf-info
- ip rpf-route-static
- mac-address multicast
- mtracert
- multicast boundary
- multicast forwarding on-demand
- multicast forwarding-table downstream-limit
- multicast forwarding-table route-limit
- multicast load-splitting
- multicast longest-match
- multicast routing-enable
- reset multicast forwarding-table
- reset multicast routing-table
- IGMP configuration commands
- display igmp group
- display igmp interface
- display igmp proxying group
- display igmp routing-table
- display igmp ssm-mapping
- display igmp ssm-mapping group
- fast-leave (IGMP view)
- igmp
- igmp enable
- igmp fast-leave
- igmp group-policy
- igmp last-member-query-interval
- igmp max-response-time
- igmp proxying enable
- igmp proxying forwarding
- igmp require-router-alert
- igmp robust-count
- igmp send-router-alert
- igmp ssm-mapping enable
- igmp startup-query-count
- igmp startup-query-interval
- igmp static-group
- igmp timer other-querier-present
- igmp timer query
- igmp version
- last-member-query-interval (IGMP view)
- max-response-time (IGMP view)
- require-router-alert (IGMP view)
- reset igmp group
- reset igmp ssm-mapping group
- robust-count (IGMP view)
- send-router-alert (IGMP view)
- ssm-mapping (IGMP view)
- startup-query-count (IGMP view)
- startup-query-interval (IGMP view)
- timer other-querier-present (IGMP view)
- timer query (IGMP view)
- version (IGMP view)
- PIM configuration commands
- auto-rp enable
- bsr-policy (PIM view)
- c-bsr (PIM view)
- c-bsr admin-scope
- c-bsr global
- c-bsr group
- c-bsr hash-length (PIM view)
- c-bsr holdtime (PIM view)
- c-bsr interval (PIM view)
- c-bsr priority (PIM view)
- c-rp (PIM view)
- c-rp advertisement-interval (PIM view)
- c-rp holdtime (PIM view)
- crp-policy (PIM view)
- display pim bsr-info
- display pim claimed-route
- display pim control-message counters
- display pim grafts
- display pim interface
- display pim join-prune
- display pim neighbor
- display pim routing-table
- display pim rp-info
- hello-option dr-priority (PIM view)
- hello-option holdtime (PIM view)
- hello-option lan-delay (PIM view)
- hello-option neighbor-tracking (PIM view)
- hello-option override-interval (PIM view)
- holdtime assert (PIM view)
- holdtime join-prune (PIM view)
- jp-pkt-size (PIM view)
- jp-queue-size (PIM view)
- pim
- pim bsr-boundary
- pim dm
- pim hello-option dr-priority
- pim hello-option holdtime
- pim hello-option lan-delay
- pim hello-option neighbor-tracking
- pim hello-option override-interval
- pim holdtime assert
- pim holdtime join-prune
- pim neighbor-policy
- pim require-genid
- pim sm
- pim state-refresh-capable
- pim timer graft-retry
- pim timer hello
- pim timer join-prune
- pim triggered-hello-delay
- probe-interval (PIM view)
- prune delay (PIM view)
- register-policy (PIM view)
- register-suppression-timeout (PIM view)
- register-whole-checksum (PIM view)
- reset pim control-message counters
- source-lifetime (PIM view)
- source-policy (PIM view)
- spt-switch-threshold (PIM view)
- ssm-policy (PIM view)
- state-refresh-interval (PIM view)
- state-refresh-rate-limit (PIM view)
- state-refresh-ttl
- static-rp (PIM view)
- timer hello (PIM view)
- timer join-prune (PIM view)
- MSDP configuration commands
- cache-sa-enable
- display msdp brief
- display msdp peer-status
- display msdp sa-cache
- display msdp sa-count
- encap-data-enable
- import-source
- msdp
- originating-rp
- peer connect-interface
- peer description
- peer mesh-group
- peer minimum-ttl
- peer request-sa-enable
- peer sa-cache-maximum
- peer sa-policy
- peer sa-request-policy
- reset msdp peer
- reset msdp sa-cache
- reset msdp statistics
- shutdown (MSDP view)
- static-rpf-peer
- timer retry
- SSL configuration commands
- Support and other resources
- Index
501
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] pki-domain server-domain
# Configure SSL client policy policy1 to use the PKI domain named client-domain.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] pki-domain client-domain
prefer-cipher
Syntax
prefer-cipher { rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha }
undo prefer-cipher
View
SSL client policy view
Default level
2: System level
Parameters
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit AES_CBC, and the MAC algorithm of SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
DES_CBC, and the MAC algorithm of SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit RC4, and the MAC algorithm of MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of SHA.
Description
Use the prefer-cipher command to specify the preferred cipher suite for an SSL client policy.
Use the undo prefer-cipher command to restore the default.
By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.
Related commands: display ssl client-policy.
Examples
# Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha
session
Syntax
session { cachesize size | timeout time } *
undo session { cachesize | timeout } *