Managing public keys, Overview, Displaying and maintaining ike – H3C Technologies H3C S12500-X Series Switches User Manual
Page 173: Network requirements
161
information about SNMP notifications, see Network Management and Monitoring Configuration
Guide.
To generate and output SNMP notifications for IKE for a specific failure type or event type, enable SNMP
notifications for IKE globally and for the specified type of failures or events.
To configure SNMP notifications for IKE:
Step Command
Remarks
1.
Enter system view
system-view
N/A
2.
Enable SNMP
notifications for IKE
globally.
snmp-agent trap enable ike global
By default, SNMP notifications
for IKE are enabled.
3.
Enable SNMP
notifications for the
specified failure type or
event type.
snmp-agent trap enable ike [ attr-not-support
| auth-failure | cert-type-unsupport |
cert-unavailable | decrypt-failure |
encrypt-failure | invalid-cert-auth |
invalid-cookie | invalid-id | invalid-proposal
| invalid-protocol | invalid-sign |
no-sa-failure | proposal-add |
proposal–delete | tunnel-start | tunnel-stop
| unsupport-exch-type ] *
By default, SNMP notifications
for all failure types and event
types are enabled.
112B
Displaying and maintaining IKE
Execute display commands in any view and reset commands in user view.
Task Command
Display configuration information about all IKE
proposals.
display ike proposal
Display information about the current IKE SAs.
display ike sa [ verbose [ connection-id connection-id
| remote-address [ ipv6 ] remote-address
[ vpn-instance vpn-name ] ] ]
Delete IKE SAs.
reset ike sa [ connection-id connection-id ]
Clear IKE statistics.
reset ike statistics
113B
Main mode IKE with pre-shared key authentication
configuration example
254B
Network requirements
As shown in
871H
Figure 47
, configure an IPsec tunnel that uses IKE negotiation between Switch A and Switch
B to secure the communication.
Configure Switch A and Switch B to use the default IKE proposal for the IKE negotiation to set up the IPsec
SA. Configure the two switches to use the pre-shared key authentication method.
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches