Brocade FastIron SX, FCX, and ICX Diagnostic Reference User Manual
Page 187
Brocade FastIron SX, FCX, and ICX Diagnostic Reference
175
53-1003076-02
IP security debug commands
7
Debug: Jan 1 02:04:15 IPSEC,IN: Incoming packet matches Policy : input use
'prot=OSPF src=FE80::/10:0 dst=::/0:0' -> SA: ESP in spi=0x190 dst=FE80::
Debug: Jan 1 02:04:26 IPSEC,IN: ESP spi=400 (pkt 'ESP FE80:: -> FE80::')
payloadlength =64
Debug: Jan 1 02:04:26 IPSEC,IN: Incoming packet matches Policy : input use
'prot=OSPF src=FE80::/10:0 dst=::/0:0' -> SA: ESP in spi=0x190 dst=FE80::
Debug: Jan 1 02:04:26 IPSEC,IN: ESP spi=400 (pkt 'ESP FE80:: -> FE80::')
payloadlength =64
Debug: Jan 1 02:04:26 IPSEC,IN: Incoming packet matches Policy : input use
'prot=OSPF src=FE80::/10:0 dst=::/0:0' -> SA: ESP in spi=0x190 dst=FE80::
Debug: Jan 1 02:04:36 IPSEC,IN: ESP spi=400 (pkt 'ESP FE80:: -> FE80::')
payloadlength =64
Debug: Jan 1 02:04:36 IPSEC,IN: Incoming packet matches Policy : input use
'prot=OSPF src=FE80::/10:0 dst=::/0:0' -> SA: ESP in spi=0x190 dst=FE80::
Debug: Jan 1 02:04:36 IPSEC,IN: ESP spi=400 (pkt 'ESP FE80:: -> FE80::')
payloadlength =64
Debug: Jan 1 02:04:36 IPSEC,IN: Incoming packet matches Policy : input use
'prot=OSPF src=FE80::/10:0 dst=::/0:0' -> SA: ESP in spi=0x190 dst=FE80::
debug ipsec out
Syntax: [no] debug ipsec out
This command enables the display of debugging information related to outbound OSPFv3 packets
with IPsec.
Brocade# debug ipsec out
IPSec: out debugging is on
Brocade(config-ospf6-router)# Debug: Jan 1 02:04:55 IPSEC,OUT: Matching Flow:
output use 'prot=OSPF src=FE80::/10:0 dst=::/0:0' -> SA: ESP out spi=0x190 dst=::
Debug: Jan 1 02:04:55 IPSEC,OUT: SA ESP out spi=0x190 dst=:: payloadlength =64
Debug: Jan 1 02:04:56 IPSEC,OUT: OSPF FE80:: -> FE80::, payloadlength =40
Debug: Jan 1 02:04:56 IPSEC,OUT: OSPF FE80:: -> FE80::, payloadlength =40
Debug: Jan 1 02:05:06 IPSEC,OUT: Matching Flow: output use 'prot=OSPF
src=FE80::/10:0 dst=::/0:0' -> SA: ESP out spi=0x190 dst=::
Debug: Jan 1 02:05:06 IPSEC,OUT: SA ESP out spi=0x190 dst=:: payloadlength =64
Debug: Jan 1 02:05:07 IPSEC,OUT: OSPF FE80:: -> FE80::, payloadlength =40
Debug: Jan 1 02:05:07 IPSEC,OUT: OSPF FE80:: -> FE80::, payloadlength =40
Debug: Jan 1 02:05:15 IPSEC,OUT: Matching Flow: output use 'prot=OSPF
src=FE80::/10:0 dst=::/0:0' -> SA: ESP out spi=0x190 dst=::
Debug: Jan 1 02:05:15 IPSEC,OUT: SA ESP out spi=0x190 dst=:: payloadlength =64
Debug: Jan 1 02:05:16 IPSEC,OUT: OSPF FE80:: -> FE80::, payloadlength =40
Debug: Jan 1 02:05:16 IPSEC,OUT: OSPF FE80:: -> FE80::, payloadlength =40
debug ipsec policy
Syntax: [no] debug ipsec policy
This command enables the display of debugging information for IPsec policy.
Brocade# debug ipsec policy
IPSec: policy debugging is on
Brocade(config-ospf6-router)#no area 0 auth ipsec spi 400 esp sha1
abcef12345678901234fedcba098765432109876
Debug: Jan 1 01:57:05 IPSEC,Policy: Removing flow [input use 'prot=OSPF
src=FE80::/10:0 dst=::/0:0' -> SA: ESP in spi=0x190 dst=FE80::] : ok
Brocade(config-ospf6-router)#area 0 auth ipsec spi 400 esp sha1
abcef12345678901234fedcba098765432109876