Display Gdoi Gm Acl - H3C MSR Series Command Reference Manual

Comware 7 security

Hide thumbs Also See for MSR Series:

Table of Contents

Remaining key lifetime

display gdoi gm acl

Use display gdoi gm acl to display ACL information for the GM.

display gdoi gm acl [ download | local ] [ group group-name ]

Predefined user roles

network-admin

network-operator

download: Displays the ACL information that the GM downloaded from the KS.

local: Displays the ACL information locally configured on the GM.

group group-name: Specifies a GDOI GM group by its name. A GDOI GM group name is a

case-insensitive string of 1 to 63 characters. If you do not specify a group, this command displays

ACL information for all GM groups.

Usage guidelines

If you do not specify any parameters, this command displays information about all ACLs for all GM

groups, including the downloaded ACLs and the locally configured ACLs. A locally configured ACL

refers to the ACL used by the GDOI IPsec policy.

# Display information about all ACLs for all GM groups.

<Sysname> display gdoi gm acl

Group name: abc

ACL downloaded from KS 12.1.1.100:

rule 0 permit ip

rule 1 permit ip source 12.1.1.0 0.0.0.255 destination 12.1.1.0 0.0.0.255

ACL configured locally:

IPsec policy name: gdoi-group1

ACL identifier: 3001

rule 0 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255

Group Name: 123

ACL downloaded from KS 12.1.1.100:

rule 1 permit ip source 13.1.1.0 0.0.0.255 destination 13.1.2.0 0.0.0.255

TEK information.

SPI of the IPsec SA.

Transform set list.

IPsec SA remaining lifetime in seconds.