3-32 Command Line Interface Commands Reference
cp
{
name
|
index
}
ipsec
suite
encapsulation
{
esp
|
ah
|
esp+ah
}
[
encryption
{
des
|
3des
|
null
} ]
[
authentication
esp
{
md5
|
hmac-md5-96
|
sha1
|
hmac-sha1-96
} ]
[
authentication
ah
{
md5
|
hmac-md5-96
|
sha1
|
hmac-sha1-96
} ]
[
compression
lzs
]
show
cp
{
name
|
index
}
ipsec
suite
Note:
This is an extended version of an existing CLI command. The existing command is modified to add an
encapsulation clause and to allow for one or two authentication clauses. See
“IPSec/IKE” on page 3-26
for
more information.
These commands set or display the IPSec encapsulation, encr yption, authentication, and compression
parameters for the specified connection profile.
Note:
The authentication clause may appear either one or two times; if it appears twice, one occurrence must
specify ah and the other must specify esp.
The keywords
md5
and
hmac-md5-96
are synonyms, although the latter keyword is preferred, the former being
retained only for backwards compatibility. The keywords
sha1
and
hmac-sha1-96
are synonyms, although the
latter keyword is preferred, the former being retained only for backwards compatibility.
cp
{
name
|
index
}
ipsec
ip
[
remote
[
members
{a.b.c.d | a.b.c.d/n | a.b.c.d e.f.g.h | a.b.c.d-e.f.g.h}]
[
tep
a.b.c.d] ]
[
local
[
members
{a.b.c.d | a.b.c.d/n | a.b.c.d e.f.g.h | a.b.c.d-e.f.g.h}]
[
tep
a.b.c.d] ]
[
via
a.b.c.d]
show
cp
{
name
|
index
}
ipsec
ip
Note:
This is an extended version of an existing CLI command. The existing command is modified to allow a
members specification to appear in the local clause and to allow for a host address or an IP address range
(rather than a network address and subnet mask) in the remote and local members clauses. See
“IPSec/IKE”
on page 3-26
for more information.
This command sets the per tinent IP values for the IPSec tunnel, and may contain zero or one instances of each
of three possible clauses:
remote
,
local
, and
via
. The
remote
clause, if specified, may include a members
specification or a tunnel endpoint (“tep”) specification, or both. The
local
clause, if specified, may contain a
members specification or a tunnel endpoint specification, or both. The optional
via
clause sets the next hop
gateway. The keyword
sg
(shor t for “security-gateway”) is an acceptable synonym for the keyword
tep
.
cp
{
name
|
index
}
ipsec
sa
lifetime
{
seconds
|
kbytes
} {
non-negative-integer
|
none
}
show
cp
{
name
|
index
}
ipsec
sa
lifetime
[ {
seconds
|
kbytes
} ]
no
cp
{
name
|
index
}
ipsec
sa
lifetime
[ {
seconds
|
kbytes
} ]
These commands set, display, or disable one or both of the two IKE Phase 2 SA lifetimes (in seconds and/or
kbytes protected) for the specified IPSec protocol for the specified connection profile. Specifying neither the
keyword
seconds
nor the keyword
kbytes
with the show variant of this command displays both lifetime values.
The keyword
none
is equivalent to the value zero, and indicates that there is no lifetime of the specified type.
Содержание CLI 874
Страница 1: ...Command Line Interface Commands Reference Firmware Version 8 7 4 Motorola Netopia ENT Series Routers...
Страница 6: ...6 Command Line Interface Commands Reference...
Страница 12: ...1 6 Command Line Interface Commands Reference...
Страница 143: ...Motorola Netopia Router CLI Commands 2 131 Current Restrictions None...
Страница 144: ...2 132 Command Line Interface Commands Reference...
