H3C S6550X-HI Series Command Reference Manual page 2248

esn enable
Use
esn enable
Use
undo esn enable
Syntax
esn enable [ both ]
undo esn enable
Default
The ESN feature is disabled.
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
: Specifies IPsec to support both extended sequence number and traditional sequence number.
both
If you do not specify this keyword, IPsec only supports extended sequence number.
Usage guidelines
The ESN feature extends the sequence number length from 32 bits to 64 bits. This feature prevents
the sequence number space from being exhausted when large volumes of data are transmitted at
high speeds over an IPsec SA. If the sequence number space is not exhausted, the IPsec SA does
not need to be renegotiated.
This feature must be enabled at both the initiator and the responder.
Examples
# Enable the ESN feature in IPsec transform set tran1.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esn enable
Related commands
display ipsec transform-set
esp authentication-algorithm
Use
esp authentication-algorithm
Use
undo esp authentication-algorithm
Syntax
esp authentication-algorithm { aes-xcbc-mac | md5 | sha1 | sha256 | sha384
| sha512 } *
undo esp authentication-algorithm
Default
ESP does not use any authentication algorithms.
to enable the Extended Sequence Number (ESN) feature.
to disable the ESN feature.
to specify authentication algorithms for ESP.
to restore the default.
23