3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

161

162

163

164

165

166

167

168

169

170

Displaying and Debugging IPsec 165

If a packet re-triggers IKE negotiation after an SA set up through IKE negotiation is

deleted, IKE will reestablish an SA through negotiation.

If an SA set up manually is deleted, the system will automatically set up a new SA

according to the parameter manually set up.

The keyword parameters will take effect only after the spi of the outbound SA is

defined. Because SAs appear in pairs, the inbound SA will also be deleted after the

outbound SA is deleted.

Displaying and

Debugging Encryption

Card Information

Displaying and debugging IPsec information on encryption cards

You can view the IPsec configurations, including SA information, statistics, log,

interface information and IPsec module backup function, on the encryption card

using display commands.

Execute the debugging command in user view for the debugging of IPsec

configuration.

Clearing statistics on encryption card

Use this command to clear statistics of the encryption cards.

Perform the following configuration in the user view.

Tab le 159 Delete SA

Operation Command

Delete SA

reset ipsec sa [ remote ip-address | policy

policy-name [ seq-number ] | parameters

ip-address protocol spi-number ]

Tab le 160 Display and debug encryption card configuration

Operation Command

Display interface information on the

encryption card

display interface encrypt slot-id

Display information about the fast forwarding

cache for the encryption cards

display encrypt-card fast-switch

Enable to information, packet, SA, command,

error and other message debugging on the

encryption card

debugging encrypt-card { {all | command |

error | misc | packet | sa} [slot-id ]

Disable to information, packet, SA, command,

error and other message debugging on the

encryption card

undo debugging encrypt-card {{all |

command | error | misc | packet | sa} slot-id

Enable Comware test software debugging on

the encryption card

debugging encrypt-card host { all | packet

| sa | command | error | misc }

Disable Comware test software debugging on

the encryption card

undo debugging encrypt-card host { all |

packet | sa | command | error | misc }

Tab le 161 Clear statistics on encryption card(s)

Operation Command

Clear statistics on encryption card reset counters interface encrypt slot-id