Client Transform-Sets; Display Gdoi Gm - H3C MSR Series Command Reference Manual

client transform-sets

Use client transform-sets to specify IPsec transform sets supported by a GM.
Use undo client transform-sets to restore the default.
Syntax
client transform-sets transform-set-name&<1-6>
undo client transform-sets
Default
A GM supports the IPsec transform set configured with the following security parameters:
•
The ESP security protocol.
•
The tunnel or transport encapsulation mode.
•
The DES-CBC, 3DES-CBC, AES-CBC-128, AES-CBC-192, or AES-CBC-256 encryption
algorithm.
•
The MD5 or SHA1 authentication algorithm.
Views
GDOI GM group view
Predefined user roles
network-admin
Parameters
transform-set-name&<1-6>: Specifies a space-separated list of up to six IPsec transform sets by
their names. An IPsec transform set name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
This command specifies the IPsec transform sets supported in registration and rekey processes.
•
During GM registration, a GM terminates the negotiation with the KS if the IPsec transform set
sent by the KS is not supported, and the registration fails.
•
During rekey, the GM discards rekey messages received from the KS if the IPsec transform set
sent by the KS is not supported.
GMs support only the ESP security protocol. For a successful registration, do not specify an IPsec
transform set that uses the AH security protocol for GMs.
Examples
# Specify the supported IPsec transform set as gdoi-esp-aes for the GDOI GM group abc.
<Sysname> system-view
[Sysname] gdoi gm group abc
[Sysname-gdoi-gm-group-abc] client transform-sets gdoi-esp-aes
Related commands
gdoi gm group

display gdoi gm

Use display gdoi gm to display GDOI GM group information, including GDOI configuration
parameters, negotiation parameters, and the IPsec information obtained after successful
registrations.
656