H3C LSW1FC4P0 Interface Card for S5820X-28C Ethernet Switches Command Line Interface Guide Firmware Version 9.0.7

Command Reference

Ipsec Association

172 59272-00 C

delete [association]

Deletes the specified association given by [association] from the Security

Association database. You must enter the Ipsec Save command afterwards to

save your changes.

edit [association]

Opens an edit session in which to change the configuration of an existing

association given by [association]. If the connection is not secure (SSH is

disabled), the AuthenticationKey and EncryptionKey values are masked.

Protocol IP security protocol to be used to process data. The

protocol can be one of the following:

 Encapsulated Security Payload–RFC 2406 (esp)

 Encapsulated Security Payload–RFC 1827

(esp-old)

 Authentication Header– RFC 2402 (ah)

 Authentication Header–RFC 1826 (ah-old)

SPI Security parameters index number

Authentication Algorithm to use to authenticate the source or desti-

nation. The authentication algorithm can be one of

the following:

 HMAC-MD5

 HMAC-SHA1

 HMAC-SHA256

 AES-XCBC-MAC

AuthenticationKey Key string to use for authentication.

Encryption Algorithm that encrypts outbound data or decrypt

inbound data. The encryption algorithm can be one

of the following:

 DES-CBC

 3DES-CBC

EncryptionKey Key string to use in encrypting or decrypting data.

Table 7. Association Configuration Parameters (Continued)

Parameter Description