For feedback, use the following:
ipd_online_feedback@alcatel-lucent.com
Table of Contents Previous Next Index PDF

IP Tunnel Command Reference
Hardware Commands
ISA Commands
IPSec Commands
Service Configuration Commands
Interface Tunnel Commands
Show Commands
Debug Commands
Configuration Commands
 
Hardware Commands
 
config
card slot-number
mda mda-slot
mda-type isa-tunnel
no mda-type
 
 
ISA Commands
config
isa
tunnel-group tunnel-group-id [create]
no tunnel-group tunnel-group-id
active-mda-number [1..16]
no active-mda-number
backup mda-id
no backup
description description-string
no description
[no] ipsec-responder-only
mda mda-id
[no] mda
multi-active
primary mda-id
no primary
reassembly [wait-msecs]
no reassembly
[no] shutdown
IPSec Commands
config
ipsec
ike-policy ike-policy-id [create]
no ike-policy ike-policy-id
auth-algorithm auth-algorithm
no auth-algorithm
auth-method {psk | plain-psk-xauth | cert-auth | psk-radius | cert-radius | eap}
no auth-method
description description-string
no description
dh-group {1 2 | 5 | 14 | 15}
no dh-group
dpd [interval interval] [max-retries max-retries] [reply-only]
no dpd
encryption-algorithm {des | 3des | aes128 | aes192 | aes256}
no encryption-algorithm
ike-mode {main | aggressive}
no ike-mode
ike-version [1..2]
ipsec-lifetime ipsec-lifetime
no ipsec-lifetime
isakmp-lifetime isakmp-lifetime
no isakmp-lifetime
[no] match-peer-id-to-cert
nat-traversal [force] [keep-alive-interval keep-alive-interval] [force-keep-alive]
no nat-traversal
own-auth-method {psk | cert | eap-only}
no own-auth-method
pfs [dh-group {1 | 2 | 5}]
no pfs
config
ipsec
ipsec-transform transform-id [create]
no ipsec-transform transform-id
esp-auth-algorithm {null | md5 | sha1| sha256 | sha384 | sha512}
no esp-auth-algorithm
esp-encryption-algorithm {null | des | 3des | aes128 | aes192 | aes256}
no esp-encryption-algorithm
 
config
ipsec
[no] static-sa sa-name
authentication auth-algorithm ascii-key ascii-string
authentication auth-algorithm hex-key hex-string [hash|hash2]
no authentication
description description-string
no description
direction ipsec-direction
no direction
protocol ipsec-protocol
no protocol
spi spi
no spi
 
config
ipsec
tunnel-template ipsec template identifier [create]
no tunnel-templateipsec template identifier
description description-string
no description
replay-window {32 | 64 | 128 | 256 | 512}
no replay-window
[no] sp-reverse-route
transform transform-id [transform-id...(up to 4 max)]
no transform
 
 
Service Configuration Commands
config
service
vprn service-id [customer customer-id]
no vprn service-id
ipsec
security-policy security-policy-id [create]
no security-policy security-policy-id
entry entry-id [create]
no entry entry-id
local-ip {ip-prefix/prefix-length | ip-prefix netmask | any}
remote-ip {ip-prefix/prefix-length | ip-prefix netmask | any}
 
Interface Tunnel Commands
config
service
ies service-id [customer customer-id] [vpn vpn-id]
[no] interface ip-int-name [tunnel]
dynamic-tunnel-redundant-next-hop ip-address
no dynamic-tunnel-redundant-next-hop
static-tunnel-redundant-next-hop ip-address
no static-tunnel-redundant-next-hop
[no] sap sap-id [create]
ip-tunnel ip-tunnel-name [create]
backup-remote-ip ip-address
no backup-remote-ip
[no] clear-df-bit
delivery-service {service-id | svc-name}
no delivery-service
description description-string
no description
dscp dscp-name
no dscp
[no] dest-ip ip-address
[no] gre-header
ip-mtu octets
no ip-mtu
reassembly [wait-msecs]
no reassembly
remote-ip ip-address
no remote-ip
[no] shutdown
source ip-address
no source
[no] ipsec-gw
cert
cert filename
no cert
key filename
no key
trust-anchor ca-profile-name
no trust-anchor
default-secure-service service-id ipsec-interface ip-int-name
no default-secure-service
default-tunnel-template ipsec template identifier
no default-tunnel-template
ike-policy ike-policy-id
no ike-policy
local-gateway-address ip-address
no local-gateway-address
local-id {ipv4 | fqdn} [value [255 chars max]]
no local-id
[no] shutdown
vprn service-id [customer customer-id]
no vprn service-id
[no] interface ip-int-name [create] [tunnel]
dynamic-tunnel-redundant-next-hop ip-address
no dynamic-tunnel-redundant-next-hop
static-tunnel-redundant-next-hop ip-address
no static-tunnel-redundant-next-hop
[no] sap sap-id [create]
ip-tunnel ip-tunnel-name [create]
backup-remote-ip ip-address
no backup-remote-ip
[no] clear-df-bit
delivery-service {service-id | svc-name}
no delivery-service
description description-string
no description
dscp dscp-name
no dscp
dest-ip ip-address
[no] gre-header
ip-mtu octets
no ip-mtu
reassembly [wait-msecs]
no reassembly
remote-ip ip-address
no remote-ip
[no] shutdown
source ip-address
no source
[no] ipsec-gw
cert
cert filename
no cert
key filename
no key
trust-anchor ca-profile-name
no trust-anchor
default-secure-service service-id ipsec-interface ip-int-name
no default-secure-service
default-tunnel-template ipsec template identifier
no default-tunnel-template
ike-policy ike-policy-id
no ike-policy
local-gateway-address ip-address
no local-gateway-address
local-id {ipv4 | fqdn} [value [255 chars max]]
no local-id
[no] shutdown
ipsec-tunnel ipsec-tunnel-name [create]
no ipsec-tunnel ipsec-tunnel-name
[no] bfd-designate
bfd-enable service service-id interface interface-name dst-ip ip-address
[no] clear-df-bit
description description-string
no description
[no] dynamic-keying
[no] auto-establish
cert
cert filename
no cert
key filename
no key
status-verify
default-result {revoked|good}
no default-result
primary {ocsp|crl}
no primary
secondary {ocsp|crl}
no secondary
trust-anchor ca-profile-name
no trust-anchor
ike-policy ike-policy-id
no ike-policy
local-id {ipv4 | fqdn} [value [255 chars max]]
no local-id
pre-shared-key key
no pre-shared-key
transform transform-id [transform-id...(up to 4 max)]
no transform
ip-mtu octets
no ip-mtu
local-gateway-address ip-address peer ip-address delivery-service service-id
no local-gateway-address
[no] manual-keying
security-association security-entry-id authentication-key authentication-key encryption-key encryption-key spi spi transform transform-id direction {inbound|outbound}
no security-association security-entry-id direction {inbound|outbound}
replay-window replay-window-size
no replay-window
security-policy security-policy-id
no security-policy
 
 
IPSec Mastership Election Commands
configure
redundancy
multi-chassis
peer ip-address [create]
no peer ip-address
[no] mc-ipsec
[no] bfd-enable
discovery-interval interval-secs [boot interval-secs]
no discovery-interval
hold-on-neighbor-failure multiplier
no hold-on-neighbor-failure
keep-alive-interval interval
no keep-alive-interval
tunnel-group tunnel-group-id [create]
no tunnel-group tunnel-group-id
peer-group tunnel-group-id
no peer-group
priority priority
no priority
[no] shutdown
 
Related Commands
config
router
policy-options
policy-statement
entry
from
protocol protocol [all | instance instance]
no protocol
state state
no state
config
redundancy
multi-chassis
peer
sync
[no] ipsec
tunnel-group tunnel-group-id sync-tag tag-name [create]
no tunnel-group tunnel-group-id
 
Show Commands
show
ipsec
gateway name name
gateway [service service-id]
gateway tunnel [ip-address:port]
gateway name name tunnel ip-address:port
gateway name name tunnel
gateway tunnel count
gre
tunnel [gre-tunnel-name]
ike-policy ike-policy-id
ike-policy
security-policy service-id [security-policy-id]
security-policy
static-sa
static-sa name sa-name
static-sa spi spi
transform [transform-id]
tunnel ipsec-tunnel-name
tunnel
tunnel-template [ipsec template identifier]
tunnel-group
redundancy
multi-chassis
mc-ipsec peer ip-address tunnel-group tunnel-group-id
mc-ipsec peer ip-address
 
 
Debug Commands
debug
ipsec
[no] gateway name name tunnel ip-address[:port]
tunnel ipsec-tunnel-name [detail]
no tunnel ipsec-tunnel-name
 
 
Tools Commands
tools
perform
redundancy
multi-chassis
mc-ipsec
force-switchover tunnel-group local-group-id [now][to {master|standby}]