< Home

ipsec df-bit

Function

The ipsec df-bit command sets the don't fragment (DF) flag bit in an IPSec packet.

By default, the DF flag bit in an IPSec packet is the flag bit of original packets.

The virtual system does not support this command.

Format

ipsec df-bit { clear | set | copy }

Parameters

Parameter

Description

Value

clear

Sets the DF flag bit to 0, indicating that IP packets can be fragmented.

-

set

Sets the DF flag bit to 1, indicating that IP packets cannot be fragmented.

-

copy

Uses the flag bit of original packets.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an original packet is encapsulated, the packet length may exceed the MTU of the device outbound interface. To prevent packet loss, fragment the packets.

Precautions

If you run the ipsec df-bit command multiple times, only the latest configuration takes effect.

Example

# Set the DF flag bit to 0 in an IPSec packet.

<sysname> system-view
[sysname] ipsec df-bit clear
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >