Verifying the configuration – H3C Technologies H3C S6300 Series Switches User Manual

246

# Apply the IPsec profile to RIPng process 1.

[SwitchC] ripng 1

[SwitchC-ripng-1] enable ipsec-profile profile001

[SwitchC-ripng-1] quit

Verifying the configuration

After the previous configurations, Switch A, Switch B, and Switch C learn IPv6 routing information
through RIPng. IPsec SAs are set up successfully on the switches to protect RIPng packets. The following

example uses Switch A to illustrate how to view the IPsec-related information.
# Use the display ripng command to display the RIPng configuration. The output shows that the IPsec

profile profile001 has been applied to RIPng process 1.

[SwitchA] display ripng 1

RIPng process : 1

Preference : 100

Checkzero : Enabled

Default Cost : 0

Maximum number of balanced paths : 8

Update time : 30 sec(s) Timeout time : 180 sec(s)

Suppress time : 120 sec(s) Garbage-Collect time : 120 sec(s)

Number of periodic updates sent : 186

Number of trigger updates sent : 1

IPsec profile name: profile001

# Use the display ipsec sa command to display the established IPsec SAs.

[SwitchA] display ipsec sa

-------------------------------

Global IPsec SA

-------------------------------

-----------------------------

IPsec profile: profile001

Mode: manual

-----------------------------

Encapsulation mode: transport

[Inbound ESP SA]

SPI: 123456 (0x3039)

Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1

No duration limit for this SA

[Outbound ESP SA]

SPI: 123456 (0x3039)

Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1

No duration limit for this SA