ipsec df-bit clear

Function

The ipsec df-bit clear command sets the Don't Fragment (DF) flag bit in a packet to 0, indicating that IPSec packets can be fragmented in the specified IPSec policy view.

The undo ipsec df-bit clear command cancels the configuration.

By default, the DF flag bit in a packet is not set to 0.

This command is supported only on the NetEngine 8000 F1A.

Format

ipsec df-bit clear

undo ipsec df-bit clear

Parameters

None

Views

IPsec profile view, IPsec policy template view, ISAKMP IPsec policy view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

Usage Scenario

The ipsec fragmentation before-encryption command can be used to allow IPSec packets to be fragmented and then encrypted. If the ipsec fragmentation before-encryption command is run, the ipsec df-bit clear command must also be run to set the DF flag bit to 0 to enable IPSec packet fragmentation. If the ipsec fragmentation before-encryption command is not used together with the ipsec df-bit clear command, the DF flag bit in a packet may be set to 1 (indicating that IPSec packets cannot be fragmented), causing a configuration failure of the ipsec fragmentation before-encryption command.

Configuration Impact

If both the ipsec df-bit clear and ipsec global df-bit clear commands are run, the ipsec global df-bit clear command preferentially takes effect.

After the undo ipsec df-bit clear command is run, the ipsec global df-bit clear command configuration takes effect.

Example

# Configure the IPSec packet fragmentation function in IPSec policy1.
<HUAWEI> system-view
[~HUAWEI] ipsec policy policy1 1 isakmp
[*HUAWEI-ipsec-policy-isakmp-policy1-1] ipsec df-bit clear
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >