Manualshelf

Mellanox MLNX-OS®Command Reference Guide for SX1018HP Ethernet Managed Blade Switch

ManualsBrandsHP ManualsComputer AccessoriesMellanox SX1018HP Ethernet Switch for c-Class BladeSystem
161162163164165166167168169170
Rev 1.6.2
Mellanox Technologies
166
crypto ipsec peer local
crypto ipsec peer <IPv4 or IPv6 address> local <IPv4 or IPv6 address> {enable |
keying {ike [auth {hmac-md5 | hmac-sha1 | hmac-sha256 | null} | dh-group | dis-
able | encrypt | exchange-mode | lifetime | local | mode | peer-identity | pfs-group |
preshared-key | prompt-preshared-key | transform-set] | manual [auth | disable |
encrypt | local-spi | mode | remote-spi]}}
Configures ipsec in the system.
Syntax Description enable Enables IPSec peering.
ike Configures IPSec peering using IKE ISAKMP to man-
age SA keys. It has the following optional parameters:
auth: Configures the authentication algorithm for IPSec
peering
dh-group: Configures the phase1 Diffie-Hellman group
proposed for secure IKE key exchange
disable: Configures this IPSec peering administratively
disabled
encrypt: Configures the encryption algorithm for IPSec
peering
exchange-mode: Configures the IKE key exchange mode
to propose for peering
lifetime: Configures the SA lifetime to propose for this
IPSec peering
local-identity: Configures the ISAKMP payload identifi-
cation value to send as local endpoint's identity
mode: Configures the peering mode for this IPSec peer-
ing
peer-identity: Configures the identification value to
match against the peer's ISAKMP payload identification
pfs-group: Configures the phase2 PFS (Perfect Forward-
ing Secrecy) group to propose for Diffie-Hellman
exchange for this IPSec peering
preshared-key: Configures the IKE pre-shared key for the
IPSec peering
prompt-preshared-key: Prompts for the pre-shared key,
rather than entering it on the command line
transform-set: Configures transform proposal parameters
keying Configures key management for this IPSec peering:
auth: Configures the authentication algorithm for this
IPSec peering
disable: Configures this IPSec peering administratively
disabled
encrypt: Configures the encryption algorithm for this
IPSec peering
local-spi: Configures the local SPI for this manual IPSec
peering
mode: Configures the peering mode for this IPSec peer-
ing
remote-spi: Configures the remote SPI for this manual
IPSec peering
manual Configures IPSec peering using manual keys.