The pim hello ipsec sa command specifies an IPSec SA used for encrypting and authenticating PIM Hello messages sent and received on an interface.
The undo pim hello ipsec sa command deletes the IPSec SA used for encrypting and authenticating PIM Hello messages sent and received on an interface.
By default, no IPSec SA is specified for encrypting and authenticating PIM Hello messages on an interface.
| Parameter | Description | Value |
|---|---|---|
| sa-name | Specifies the name of the SA used on an interface. | The value is an existing SA name. |
GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, GE sub-interface view, XGE sub-interface view, MultiGE sub-interface view, 25GE sub-interface view, 40GE sub-interface view, 100GE sub-interface view, Eth-Trunk sub-interface view, VLANIF interface view, loopback interface view, tunnel interface view
Usage Scenario
When a Huawei device connects to a non-Huawei device that can only encrypt and authenticate PIM Hello messages, run this command to configure the Huawei device to encrypt and authenticate only PIM Hello messages.
Prerequisites
IP multicast routing has been enabled using the multicast routing-enable command.
Precautions
If you run both this command and the pim ipsec sa command on an interface, the last configured one takes effect.
This command has the same function as the hello ipsec sa (IPv4) command used in the PIM view, except for the effective scope. The configuration in the interface view takes precedence over the configuration in the PIM view. If SAs are specified in both the interface view and PIM view, the specified interface uses the SA configured in the interface view. If no SA is specified on an interface, the interface uses the SA specified in the PIM view.
# Configure the device to encrypt and authenticate PIM Hello messages sent and received on VLANIF100 using the PIM IPSec SA named sa1. (This SA has been created.)
<HUAWEI> system-view [HUAWEI] multicast routing-enable [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] pim hello ipsec sa sa1
# Configure the device to encrypt and authenticate PIM Hello messages sent and received on GE0/0/1 using the PIM IPSec SA named sa1. (This SA has been created.)
<HUAWEI> system-view [HUAWEI] multicast routing-enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] undo portswitch [HUAWEI-GigabitEthernet0/0/1] pim hello ipsec sa sa1