HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 261
ipsec df-bit, Syntax, Default, Views, Predefined user roles, Usage guidelines, Examples, Parameters
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 261 highlights
Syntax ipsec logging packet enable undo ipsec logging packet enable Default Logging for IPsec packets is disabled. Views System view Predefined user roles network-admin Usage guidelines After logging for IPsec packets is enabled, the device outputs a log when an IPsec packet is discarded due to, for example, lack of inbound SA, AH/ESP authentication failure, or ESP encryption failure. A log contains the source and destination IP addresses, SPI, and sequence number of the packet, and the reason why it was discarded. Examples # Enable logging for IPsec packets. system-view [Sysname] ipsec logging packet enable ipsec df-bit Use ipsec df-bit to set the DF bit for outer IP headers of encapsulated IPsec packets on an interface. Use undo ipsec df-bit to restore the default. Syntax ipsec df-bit { clear | copy | set } undo ipsec df-bit Default The DF bit is not set for outer IP headers of encapsulated IPsec packets on an interface. The global DF bit is used. Views Interface view Predefined user roles network-admin Parameters clear: Clears the DF bit for outer IP headers. In this case, the encapsulated IPsec packets can be fragmented. copy: Copies the DF bit of the original IP headers to the outer IP headers. set: Sets the DF bit for outer IP headers. In this case, the encapsulated IPsec packets cannot be fragmented. 252