Displaying And Maintaining Ike; Main Mode Ike With Pre-Shared Key Authentication Configuration Example; Network Requirements; Configuration Procedure - HPE FlexFabric 7900 Series Security Configuration Manual

Step
2. Enable SNMP
notifications for IKE
globally.
3. Enable SNMP
notifications for the
specified failure type
or event type.

Displaying and maintaining IKE

Execute display commands in any view and reset commands in user view.
Task
Display configuration information about all IKE
proposals.
Display information about the current IKE SAs.
Delete IKE SAs.
Clear IKE statistics.
Main mode IKE with pre-shared key
authentication configuration example

Network requirements

As shown in
Switch B to secure the communication.
Configure Switch A and Switch B to use the default IKE proposal for the IKE negotiation to set up the
IPsec SA. Configure the two switches to use the pre-shared key authentication method.
Figure 32 Network diagram

Configuration procedure

Make sure Switch A and Switch B can reach each other.
Command
snmp-agent trap enable ike global
snmp-agent trap enable ike
[ attr-not-support | auth-failure |
cert-type-unsupport | cert-unavailable |
decrypt-failure | encrypt-failure |
invalid-cert-auth | invalid-cookie |
invalid-id | invalid-proposal |
invalid-protocol | invalid-sign |
no-sa-failure | proposal-add |
proposal–delete | tunnel-start |
tunnel-stop | unsupport-exch-type ] *
Figure 32, configure an IPsec tunnel that uses IKE negotiation between Switch A and
Command
display ike proposal
display ike sa [ verbose [ connection-id
connection-id | remote-address remote-address
[ vpn-instance vpn-name ] ] ]
reset ike sa [ connection-id connection-id ]
reset ike statistics
135
Remarks
By default, SNMP notifications
for IKE are enabled.
By default, SNMP notifications
for all failure types and event
types are enabled.