diagnose ipsec interface

Function

The diagnose ipsec interface command diagnoses IPSec negotiation on a specified interface.

Format

diagnose ipsec interface interface-type interface-number [ timeout timeout ]

Parameters

Parameter	Description	Value
interface-type interface-number	Specifies the interface type and number.	-
timeout timeout	Specifies the timeout interval of the diagnosis process.	It is an integer that ranges from 10 to 120, in seconds. The default value is 30.

Views

User view

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

This command is used to diagnose IPSec faults on an interface. For example, when an IPSec tunnel fails to be set up and the configuration of the remote end is normal, the configuration of the local end may be incorrect. You can run this command to diagnose faults on the local interface.

Precautions

This command can only be configured on the initiator.

Example

# Perform an IPSec negotiation diagnosis on interface GigabitEthernet 0/0/1.

<sysname> diagnose ipsec interface GigabitEthernet 0/0/1
IPSec diagnosing.                                                               

(1).Interface Status:Up at the physical layer.Up at the protocol layer.         

(2).The IPsec policy is applied to the interface:Applied.                       

(3).An IPSec sub-policy that can initiate negotiation is configured on the inter
face:Found.                                                                     

(4).Policy Configuration Item:The configuration is complete.                    

(5).Negotiation Result in Phase 1:The negotiation Result is successful.         

(6).Negotiation Result in Phase 2:The negotiation Result is successful.