Ipsec Df-Bit - HP 6125XLG Command Reference Manual
Blade switch security command reference
Hide thumbs
Also See for 6125XLG:
- Layer 3 - ip routing configuration manual (492 pages) ,
- Command reference manual (466 pages) ,
- Configuration manual (414 pages)
Table of Contents
Advertisement
Syntax
ipsec logging packet enable
undo ipsec logging packet enable
Default
Logging for IPsec packets is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
After logging for IPsec packets is enabled, the device outputs a log when an IPsec packet is discarded
due to, for example, lack of inbound SA, AH/ESP authentication failure, or ESP encryption failure. A log
contains the source and destination IP addresses, SPI, and sequence number of the packet, and the
reason why it was discarded.
Examples
# Enable logging for IPsec packets.
<Sysname> system-view
[Sysname] ipsec logging packet enable
ipsec df-bit
Use ipsec df-bit to set the DF bit for outer IP headers of encapsulated IPsec packets on an interface.
Use undo ipsec df-bit to restore the default.
Syntax
ipsec df-bit { clear | copy | set }
undo ipsec df-bit
Default
The DF bit is not set for outer IP headers of encapsulated IPsec packets on an interface. The global DF bit
is used.
Views
Interface view
Predefined user roles
network-admin
Parameters
clear: Clears the DF bit for outer IP headers. In this case, the encapsulated IPsec packets can be
fragmented.
copy: Copies the DF bit of the original IP headers to the outer IP headers.
set: Sets the DF bit for outer IP headers. In this case, the encapsulated IPsec packets cannot be
fragmented.
252
- Quick Links:
- Local User Commands
- Local-User
- Password
Hide quick links:
Advertisement
Table of Contents
