Home » HP Manuals » Servers » HP Mellanox SX1018 » Manual Viewer

HP Mellanox SX1018 Mellanox MLNX-OS®Command Reference Guide for SX101 - Page 172

Syntax Description, Default, Configuration Mode, History, Example, Enables IPSec peering.

Add to My Manuals
Save this manual to your list of manuals

Page 172 highlights

Rev 1.6.9 Syntax Description enable Enables IPSec peering. ike Configures IPSec peering using IKE ISAKMP to man- age SA keys. It has the following optional parameters: • auth: Configures the authentication algorithm for IPSec peering • dh-group: Configures the phase1 Diffie-Hellman group proposed for secure IKE key exchange • disable: Configures this IPSec peering administratively disabled • encrypt: Configures the encryption algorithm for IPSec peering • exchange-mode: Configures the IKE key exchange mode to propose for peering • lifetime: Configures the SA lifetime to propose for this IPSec peering • local-identity: Configures the ISAKMP payload identification value to send as local endpoint's identity • mode: Configures the peering mode for this IPSec peering • peer-identity: Configures the identification value to match against the peer's ISAKMP payload identification • pfs-group: Configures the phase2 PFS (Perfect Forward- ing Secrecy) group to propose for Diffie-Hellman exchange for this IPSec peering • preshared-key: Configures the IKE pre-shared key for the IPSec peering • prompt-preshared-key: Prompts for the pre-shared key, rather than entering it on the command line • transform-set: Configures transform proposal parameters keying Configures key management for this IPSec peering: • auth: Configures the authentication algorithm for this IPSec peering • disable: Configures this IPSec peering administratively disabled • encrypt: Configures the encryption algorithm for this IPSec peering • local-spi: Configures the local SPI for this manual IPSec peering • mode: Configures the peering mode for this IPSec peering • remote-spi: Configures the remote SPI for this manual IPSec peering manual Configures IPSec peering using manual keys. Default N/A Configuration Mode Config History 3.2.3000 Role admin Example switch (config)# crypto ipsec peer 10.10.10.10 local 10.7.34.139 enable switch (config)# Mellanox Technologies 172 Mellanox® Technologies Confidential

Section	Page
Mellanox MLNX-OS® Command Reference Guide for SX1018HP Ethernet Managed Blade Switch	1
Table of Contents	3
Document Revision History	12
About this Manual	13
1 Using the Command Line Interface	18
1.1 CLI Modes	18
1.2 Syntax Conventions	19
1.3 Getting Help	19
1.4 Prompt and Response Conventions	20
1.5 User Roles (Capabilities)	21
1.6 Using the Negation Form	21
1.7 Parameter Key	23
2 System Management	24
2.1 Management Interfaces	24
2.1.1 Interface	24
interface	24
interface vlan create	25
ip address	26
alias	27
mtu	29
duplex	30
speed	32
dhcp	34
shutdown	35
zeroconf	36
comment	37
ipv6 enable	38
ipv6 address	40
show interface	42
2.1.2 Hostname Resolution	44
hostname	44
ip name-server	45
ip domain-list	46
ip/ipv6 host	47
ip/ipv6 map-hostname	48
show hosts	49
2.1.3 Routing	50
ip/ipv6 route	50
ipv6 default-gateway	51
show ip/ipv6 route	52
show ip/ipv6 default-gateway	53
2.1.4 Network to Media Resolution (ARP & NDP)	54
ip arp	54
ip arp timeout	55
show ip arp	56
ipv6 neighbor	57
clear ipv6 neighbors	58
show ipv6 neighbors	59
2.1.5 DHCP	60
ip dhcp	60
show ip dhcp	61
2.1.6 General IPv6 Commands	62
ipv6 enable	62
2.1.7 IP Diagnostic Tools	63
ping	63
traceroute	64
tcpdump	67
clear counters	68
2.2 License Keys	69
license	69
show licenses	70
2.3 NTP, Clock & Time Zones	71
clock set	71
clock timezone	72
ntp	73
ntpdate	74
show clock	75
show ntp	76
2.4 Software Management	77
image boot	77
boot next	78
image default-chip-fw	79
image delete	80
image fetch	81
image install	82
image move	83
image options	84
show bootvar	85
show images	86
2.5 File Management	87
2.5.1 File System	87
debug generate dump	87
file debug-dump	88
file stats	89
file tcpdump	90
show files debug-dump	91
show files stats	92
show files system	93
show files tcpdump	94
2.5.2 Configuration File	95
configuration audit	95
configuration copy	96
configuration delete	97
configuration fetch	98
configuration jump-start	99
configuration merge	100
configuration move	101
configuration new	102
configuration revert	103
configuration switch-to	104
configuration text fetch	105
configuration text file	106
configuration text generate	107
configuration upload	108
write	109
show configuration	110
show running-config	111
2.6 Local and Remote Logging	112
logging local	112
logging local override	113
logging <syslog IP address>	115
logging receive	117
logging format	118
logging fields	119
logging level	121
logging files delete	122
logging files rotation	123
logging files upload	125
logging monitor	126
show logging	127
show log	128
2.7 Maintenance Tools	130
reload	130
reset factory	131
2.8 mDNS	132
ha dns enable	132
2.9 User Management and AAA	133
2.9.1 User Accounts	133
username	133
show usernames	135
show users	136
show whoami	137
2.9.2 AAA Methods	138
aaa accounting	138
aaa authentication login	139
aaa authentication attempts track enable	140
aaa authentication attempts lockout	141
aaa authentication attempts class-override	144
aaa authentication attempts reset	145
clear aaa authentication attempts	146
aaa authorization	147
show aaa	149
show aaa authentication attempts	150
2.9.3 RADIUS	151
radius-server	151
radius-server host	152
show radius	153
2.9.4 TACACS+	154
tacacs-server	154
tacacs-server host	155
show tacacs	157
2.9.5 LDAP	158
ldap base-dn	158
ldap bind-dn/bind-password	159
ldap group-attribute/group-dn	160
ldap host	161
ldap login-attribute	162
ldap port	163
ldap referrals	164
ldap scope	165
ldap ssl	166
ldap timeout	168
ldap version	169
show ldap	170
2.10 Cryptographic (X.509, IPSec)	171
crypto ipsec peer local	171
crypto certificate ca-list	174
crypto certificate default-cert	175
crypto certificate generation	176
crypto certificate name	177
crypto certificate system-self-signed	179
show crypto certificate	180
show crypto ipsec	182
2.11 CLI Session	183
cli clear-history	183
cli default	184
cli session	186
show cli	188
2.12 Banner	189
banner login	189
banner login-local	190
banner login-remote	191
banner motd	192
show banner	193
2.13 SSH	194
ssh server enable	194
ssh server host-key	195
ssh server listen	197
ssh server min-version	198
ssh server ports	199
ssh server x11-forwarding	200
ssh client global	201
ssh client user	203
slogin	204
show ssh client	205
show ssh server	206
2.14 Remote Login	207
telnet-server enable	207
show telnet-server	208
2.15 XML Gateway	209
xml-gw enable	209
show xml-gw	210
2.16 Web Server	211
web auto-logout	211
web client cert-verify	212
web client ca-list	213
web enable	214
web http	215
web httpd	217
web https	218
web session	220
web proxy auth	221
web proxy host	223
show web	224
2.17 SNMP	225
snmp-server auto-refresh	225
snmp-server community	226
snmp-server contact	227
snmp-server enable	228
snmp-server host	229
snmp-server listen	231
snmp-server location	232
snmp-server notify	233
snmp-server port	234
snmp-server user	235
show snmp	236
show snmp auto-refresh	237
2.18 Scheduled Jobs	238
job	238
command	239
comment	240
enable	241
execute	242
fail-continue	243
name	244
schedule type	245
schedule <recurrence type>	246
show jobs	247
2.19 Event Notification	248
email autosupport	248
email autosupport ssl mode	249
email autosupport ssl cert-verify	250
email autosupport ssl ca-list	251
email dead-letter	252
email domain	253
email mailhub	254
email mailhub-port	255
email notify event	256
email notify recipient	257
email return-addr	258
email return-host	259
email send-test	260
email ssl mode	261
email ssl cert-verify	262
email ssl ca-list	263
show email	264
2.20 Statistics and Alarms	265
stats alarm <alarm-id> clear	265
stats alarm <alarm-id> enable	266
stats alarm <alarm-id> event-repeat	267
stats alarm <alarm-id> {rising \| falling}	268
stats alarm <alarm-id> rate-limit	269
stats chd <chd-id> clear	270
stats chd <chd-id> enable	271
stats chd <chd-id> compute time	272
stats sample <sample-id> clear	274
stats sample <sample-id> enable	275
stats sample <sample-id> interval	276
stats clear-all	277
stats export	278
show stats alarm	279
show stats chd	280
show stats cpu	281
show stats sample	282
2.21 Chassis Management	283
health	283
power enable	284
usb eject	285
system profile	286
show fan	287
show version	288
show inventory	289
show module	290
show memory	291
show asic-version	292
show power	293
show power consumers	294
show temperature	295
show voltage	296
show health-report	297
show resources	298
show system profile	299
show system capabilities	300
show system mac	301
show protocols	302
3 Ethernet Switching	304
3.1 Interface	304
interface ethernet	304
flowcontrol	305
mtu	306
shutdown	307
description	308
speed	309
load-interval	310
clear counters	311
show interfaces ethernet	312
show interfaces ethernet [<inf>] capabilities	313
show interfaces ethernet [<inf>] description	314
show interfaces ethernet [<inf>] status	315
show interfaces ethernet [<inf>] transceiver	316
3.1.1 Brake-Out Cables	317
module-type	317
3.2 Link Aggregation Group (LAG) and LACP	318
interface port-channel	318
lacp	319
lacp system-priority	320
lacp (interface)	321
port-channel load-balance	322
channel-group	323
show lacp system-identifier	324
show lacp counters	325
show lacp interface ethernet	326
show lacp interface neighbor	327
show lacp interfaces port-channel	328
show interfaces port-channel	329
3.3 VLANs	330
vlan	330
name	331
show vlan	332
switchport mode	333
switchport access	334
switchport {hybrid, trunk} allowed vlan	335
show interface switchport	336
3.4 MAC Address Table	337
mac-address-table aging-time	337
mac-address-table static	338
clear mac-address-table dynamic	339
show mac-address-table	340
show mac-address-table aging-time	341
3.5 Spanning Tree	342
spanning-tree	342
spanning-tree (timers)	343
spanning-tree port type (default global)	344
spanning-tree priority	345
spanning-tree port-priority	346
spanning-tree cost	347
spanning-tree port type	348
spanning-tree guard	349
spanning-tree bpdufilter	350
clear spanning-tree counters	351
show spanning-tree	352
3.6 IGMP Snooping	353
ip igmp snooping (admin)	353
ip igmp snooping (config)	354
ip igmp snooping fast-leave	356
ip igmp snooping static-group	357
ip igmp snooping mrouter	358
ip igmp snooping unregistered multicast	359
show ip igmp snooping	360
show ip igmp snooping groups	361
show ip igmp snooping vlan	362
show ip igmp snooping mrouter	363
show ip igmp snooping interfaces	364
show ip igmp snooping statistics	365
3.7 Link Layer Discovery Protocol (LLDP)	366
lldp	366
lldp reinit	367
lldp timer	368
lldp tx-delay	369
lldp tx-hold-multiplier	370
lldp {receive \| transmit}	371
lldp tlv-select	372
show lldp local	373
show lldp interface	374
show lldp interfaces ethernet <inf> remote	375
show lldp timers	376
show lldp statistics global	377
show lldp statistics [interface ethernet <inf>]	378
3.8 Quality of Service	379
3.8.1 Enhanced Transmission Selection (ETS)	379
dcb ets enable	379
dcb ets tc bandwidth	380
vlan map-priority	381
show dcb ets	382
show dcb ets interface	383
3.8.2 Priority Flow Control (PFC)	385
dcb priority-flow-control enable	385
dcb priority-flow-control priority	386
dcb priority-flow-control mode on	387
show dcb priority-flow-control	388
3.9 Access Control List (ACL)	389
ipv4/mac access-list	389
ipv4/mac port access-group	390
deny/permit (MAC ACL rule)	391
deny/permit (IPv4 ACL rule)	392
deny/permit (IPv4 TCP/UDP ACL rule)	393
access-list action	394
vlan-map	395
show access-list action	396
show mac/ipv4 access-lists	397
show mac/ipv4 access-lists summary	398
3.10 Port Mirroring	399
3.10.1 Config	399
monitor session	399
3.10.2 Config Monitor Session	400
destination interface	400
shutdown	401
add source interface	402
header-format	403
truncate	404
congestion	405
3.10.3 Show	406
show monitor session	406
show monitor session summary	407
3.11 sFlow	408
3.11.1 Config	408
protocol sflow	408
sflow enable	409
sflow	410
3.11.2 Config sFlow	411
sampling-rate	411
max-sample-size	412
counter-poll-interval	413
max-datagram-size	414
collector-ip	415
agent-ip	416
clear counters	417
sflow enable	418
3.11.3 Show	419

Match case Limit results 1 per page

Rev 1.6.9

Mellanox Technologies

172

Syntax Description

enable

Enables IPSec peering.

ike

Configures IPSec peering using IKE ISAKMP to man-

age SA keys. It has the following optional parameters:

•

auth: Configures the authentication algorithm for IPSec

peering

•

dh-group: Configures the phase1 Diffie-Hellman group

proposed for secure IKE key exchange

•

disable: Configures this IPSec peering administratively

disabled

•

encrypt: Configures the encryption algorithm for IPSec

peering

•

exchange-mode: Configures the IKE key exchange mode

to propose for peering

•

lifetime: Configures the SA lifetime to propose for this

IPSec peering

•

local-identity: Configures the ISAKMP payload identifi-

cation value to send as local endpoint's identity

•

mode: Configures the peering mode for this IPSec peer-

ing

•

peer-identity: Configures the identification value to

match against the peer's ISAKMP payload identification

•

pfs-group: Configures the phase2 PFS (Perfect Forward-

ing Secrecy) group to propose for Diffie-Hellman

exchange for this IPSec peering

•

preshared-key: Configures the IKE pre-shared key for the

IPSec peering

•

prompt-preshared-key: Prompts for the pre-shared key,

rather than entering it on the command line

•

transform-set: Configures transform proposal parameters

keying

Configures key management for this IPSec peering:

•

auth: Configures the authentication algorithm for this

IPSec peering

•

disable: Configures this IPSec peering administratively

disabled

•

encrypt: Configures the encryption algorithm for this

IPSec peering

•

local-spi: Configures the local SPI for this manual IPSec

peering

•

mode: Configures the peering mode for this IPSec peer-

ing

•

remote-spi: Configures the remote SPI for this manual

IPSec peering

manual

Configures IPSec peering using manual keys.

Default

N/A

Configuration Mode

Config

History

3.2.3000

Role

admin

Example

switch (config)# crypto ipsec peer 10.10.10.10 local 10.7.34.139 enable

switch (config)#

Mellanox® Technologies Confidential

HP Mellanox SX1018 Mellanox MLNX-OS&#174;Command Reference Guide for SX101 - Page 172

Syntax Description, Default, Configuration Mode, History, Example, Enables IPSec peering.

Page 172 highlights

HP Mellanox SX1018 Mellanox MLNX-OS®Command Reference Guide for SX101 - Page 172