Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

371

372

373

374

375

376

377

378

379

380

-unload

Causes the SP to be unloaded from the SPD. This parameter is optional, and is used with the

sp -delete command. Unless you specify the -force parameter, you are prompted for

confirmation for this command.

-force

Causes the command to run without confirmation.

-obeyform

Displays the security policy configuration in the format of add command(s).

ERROR MESSAGES

For sp -add:

Please give the correct options.

For sp -delete:

Please give the correct options. (The incorrect option is displayed).

The security policy for the matched options is not found.

For sp -start:

SP configuration not found.

For sp -info:

Please give the correct options. (The incorrect option is displayed.)

There are no security policies with the matched options.

For sp -stop:

SP configuration(s) not unloaded from the SPD.

CONSIDERATIONS

For sp -add:

The parameters protocol, mode and level are required and valid if and only if the parameter

specified for policy is ipsec.

For sp -stop:

The src-ip, dst-ip and upperspec are optional parameters. If src-ip and dst-ip pair

is provided, all SPs that match the src-ip and dst-ip are unloaded from the SPD. If no

option is provided, all the SPs currently loaded in the kernel are unloaded.

Unless you specify -force you are prompted for confirmation to unload the SP(s) from the

SPD.

You must add the SP configurations separately for different IPSec protocols ESP and AH.

However, in the file, the configuration is represented as a single configuration instead of two

separate configurations. For example:

spdadd 1.2.3.4 4.3.2.1 any -P in ipsec

ah/transport//require

esp/transport//require;

When you add the SP configuration for the second, different protocol and specify the -load

option, the IPSec tool unloads the previous old SP configuration (AH or ESP protocol) from the

SPD and loads the new SP configuration (both AH and ESP protocols) into the SPD.

If you do not use the -load option, for example, if you do not load the SP configuration for

the second protocol added, you must unload the old SP configuration manually (climconfig

sp -stop <...> command) and then load the new SP configuration manually (climconfig

sp -start <...> command).

NOTE: If you try to load the new SP configuration without unloading the old SP configuration,

the new SP configuration is not loaded into the SPD.

374