- Table of Contents
-
- 11-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-Portal commands
- 03-User profile commands
- 04-Password control commands
- 05-Keychain commands
- 06-Public key management commands
- 07-PKI commands
- 08-IPsec commands
- 09-Group domain VPN commands
- 10-SSH commands
- 11-SSL commands
- 12-SSL VPN commands
- 13-ASPF commands
- 14-APR commands
- 15-Session management commands
- 16-Connection limit commands
- 17-Object group commands
- 18-Object policy commands
- 19-Attack detection and prevention commands
- 20-ARP attack protection commands
- 21-ND attack defense commands
- 22-uRPF commands
- 23-Crypto engine commands
- 24-FIPS commands
- 25-SMA commands
- Related Documents
-
Title | Size | Download |
---|---|---|
25-SMA commands | 42.01 KB |
SMA commands
display sma-anti-spoof ipv6 address-prefix
Use display sma-anti-spoof ipv6 address-prefix to display IPv6 prefix information for all ASs.
Syntax
display sma-anti-spoof ipv6 address-prefix
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display IPv6 prefix information for all ASs.
<Sysname> display sma-anti-spoof ipv6 address-prefix
Alliance number: 1 AS number: 10
IPv6 prefix Effecting time
AA:AA::/64 May 1 14:12:49 2009
AA:AA::AA:AB/128 May 1 14:12:49 2009
Alliance number: 1 AS number: 11
IPv6 prefix Effecting time
BB:BB::/64 May 1 14:02:49 2009(i)
Table 1 Command output
Field |
Description |
Alliance number |
Trust alliance ID. |
IPv6 prefix |
IPv6 prefix list of the AS. |
Effecting time |
Time when the IPv6 prefix starts to take effect. Letter i in the round brackets indicates that the prefix takes effect immediately when the AER receives the prefix. |
display sma-anti-spoof ipv6 packet-tag
Use display sma-anti-spoof ipv6 packet-tag to display SMA tag information for all AS pairs.
Syntax
display sma-anti-spoof ipv6 packet-tag
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display SMA tag information for all AS pairs.
<Sysname> display sma-anti-spoof ipv6 packet-tag
Alliance number: 1
Source AS number: 10 Destination AS number: 11
State machine ID: 100 Tag: 0xABCD
Effecting time: May 1 14:12:49 2009(i) Transition interval: 10s
Source AS number: 11 Destination AS number: 10
State machine ID: 101 Tag: 0xCDEF
Effecting time: May 1 14:02:49 2009 Transition interval: 12s
Table 2 Command output
Field |
Description |
Alliance number |
Trust alliance ID. |
Tag |
SMA tag, a binary number of up to 128 bits, displayed in hexadecimal format. For example, 0xABCD. |
Effecting time |
Time when the tag starts to take effect. Letter i in the round brackets indicates that the tag takes effect immediately when the AER receives the tag. |
Transition interval |
Tag aging timer in seconds. The tag ages out after the timer expires. |
sma-anti-spoof ipv6 enable
Use sma-anti-spoof ipv6 enable to enable SMA.
Use undo sma-anti-spoof ipv6 enable to disable SMA.
Syntax
sma-anti-spoof ipv6 enable
undo sma-anti-spoof ipv6 enable
Default
SMA is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
You must enable SMA for all SMA configurations to take effect.
Examples
# Enable SMA.
<Sysname> system-view
[Sysname] sma-anti-spoof ipv6 enable
Related commands
sma-anti-spoof ipv6 server
sma-anti-spoof ipv6 port-type
Use sma-anti-spoof ipv6 port-type to configure an SMA interface type.
Use undo sma-anti-spoof ipv6 port-type to restore the default.
Syntax
sma-anti-spoof ipv6 port-type { ingress | egress }
undo sma-anti-spoof ipv6 port-type
Default
An interface is not an SMA interface and does not perform SMA.
Views
Layer 3 interface view
Predefined user roles
network-admin
network-operator
Parameters
ingress: Configures an interface as an SMA ingress interface.
egress: Configures an interface as an SMA egress interface.
Usage guidelines
To ensure correct packet classification, tag adding, tag checking, and packet forwarding, you must configure the SMA interface type. SMA interfaces include the following types:
· Ingress interface—Connected to an SMA-disabled router in the local AS.
· Egress interface—Connected to an AER in other member AS.
Examples
# Configure GigabitEthernet 1/1/1 as an SMA ingress interface.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/1/1
[Sysname-GigabitEthernet1/1/1] sma-anti-spoof ipv6 port-type ingress
Related commands
sma-anti-spoof ipv6 enable
sma-anti-spoof ipv6 server
Use sma-anti-spoof ipv6 server to configure an SSL link between an AER and its ACS.
Use undo sma-anti-spoof ipv6 server to restore the default.
Syntax
sma-anti-spoof ipv6 server ipv6-address ssl-client-policy policy-name
undo sma-anti-spoof ipv6 server
Default
No SSL link is configured between an AER and its ACS.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ipv6-address: Specifies the ACS IPv6 address.
ssl-client-policy policy-name: Specifies an existing SSL client policy by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
Use the sma-anti-spoof ipv6 enable command to enable SMA before you use this command to configure an SSL link between an AER and its ACS. If you specify a nonexistent SSL client policy, the SSL link between the AER and ACS cannot be established.
Examples
# Configure the AER to establish an SSL link with the ACS at 1::1 by using SSL client policy ssl.
<Sysname> system-view
[Sysname] sma-anti-spoof ipv6 server 1::1 ssl-client-policy ssl
Related commands
sma-anti-spoof ipv6 enable