R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

591

592

593

594

595

596

597

598

599

600

579

rule 1 permit ip source 12.1.1.0 0.0.0.255 destination 12.1.1.0 0.0.0.255

ACL Configured Locally:

IPsec Policy Name: gdoi-group1

ACL Identifier: 3001

rule 0 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255

Group Name: 123

ACL Downloaded From KS 12.1.1.100:

rule 1 permit ip source 13.1.1.0 0.0.0.255 destination 13.1.2.0 0.0.0.255

# Display the ACL information that GMs downloaded from the KS.

<Sysname> display gdoi gm acl download

Group Name: abc

ACL Downloaded From KS 12.1.1.100:

rule 0 permit ip

rule 1 permit ip source 12.1.1.0 0.0.0.255 destination 12.1.1.0 0.0.0.255

# Display the ACL information locally configured on GMs.

<Sysname> display gdoi gm acl local

Group Name: abc

ACL Configured Locally:

IPsec Policy Name: gdoi-group1

ACL Identifier: 3001

rule 0 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255

Table 94 Command output

Field Description

Group Name GDOI GM group name.

rule 0 permit ip Indicates that IPsec protects any IP packets.

rule 1 permit ip source 12.1.1.0 0.0.0.255

destination 12.1.1.0 0.0.0.255

Indicates that IPsec protects IP packets whose source and

destination addresses are within subnet 12.1.1.0/24.

rule 0 deny ip source 10.1.1.0 0.0.0.255

destination 10.1.1.0 0.0.0.255

Indicates that IPsec does not protect IP packets whose

source and destination addresses are within subnet

10.1.1.0/24.

display gdoi gm ipsec sa

Use display gdoi gm ipsec sa to display IPsec SA information obtained by GMs.

Syntax

display gdoi gm ipsec sa [ group group-name ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level