Showing ipsec security association information, Showing ipsec policy – Brocade Virtual ADX Switch and Router Guide (Supporting ADX v03.1.00) User Manual

Page 189

Advertising
background image

Brocade Virtual ADX Switch and Router Guide

175

53-1003246-01

Enabling OSPFv3

7

Showing IPsec security association information

The show ipsec sa command displays the IPSec security association databases, as follows.

Virtual ADX#show ipsec sa

IPSEC Security Association Database(Entries:8)

SPDID(vrf:if) Dir Encap SPI Destination AuthAlg EncryptAlg

1:ALL in ESP 512 2001:db8:35:1:1::1 sha1 Null

1:e1/1 out ESP 302 :: sha1 Null

1:e1/1 in ESP 302 fe80:: sha1 Null

1:e1/1 out ESP 512 2001:db8:10:1:1::2 sha1 Null

2:ALL in ESP 512 2001:db8:35:1:1::1 sha1 Null

2:e1/2 out ESP 302 :: sha1 Null

2:e1/2 in ESP 302 fe80:: sha1 Null

2:e1/2 out ESP 512 2001:db8:10:1:1::2 sha1 Nul

Syntax: show ipsec sa

Showing IPsec policy

The show ipsec policy command displays the database for the IPSec security policies. The fields for
this show command output appear in the screen output example that follows. However, you should
understand the layout and column headings for the display before trying to interpret the
information in the example screen.

Each policy entry consists of two categories of information:

The policy information

The SA used by the policy

The policy information line in the screen begins with the heading PType and also has the headings
Dir, Proto, Source (Prefix:TCP/UDP Port), and Destination (Prefix: TCP/UDP Port). The SA line
contains the SPDID, direction, encapsulation (always ESP in the current release), the user-specified
SPI, and the destination. For readability, the policy information is described in

Table 19

, and

SA-specific information is in

Table 20

.

Syntax: show ipsec policy

This command takes no parameters.

Virtual ADX#show ipsec policy

IPSEC Security Policy Database(Entries:8)

PType Dir Proto Source(Prefix:TCP/UDP Port) Destination(Prefix:TCP/UDPPort)

SA: SPDID(vrf:if) Dir Encap SPI Destination

use in OSPF fe80::/10:any ::/0:any

SA: 2:e1 in ESP 302 fe80::

use out OSPF fe80::/10:any ::/0:any

SA: 2:e1 out ESP 302 ::

use in OSPF fe80::/10:any ::/0:any

SA: 1:e1 in ESP 302 fe80::

use out OSPF fe80::/10:any ::/0:any

SA: 1:e1 out ESP 302 ::

use in OSPF 2001:db8:35:1:1::1/128:any 10:1:1::2/128:any

SA: 1:ALL in ESP 512 2001:db8:10:1:1::2

use out OSPF 2001:db8:10:1:1::2/128:any 2001:db8:35:1:1::1/128:any

SA: 1:e1 out ESP 512 2001:db8:35:1:1::1

use in OSPF 2001:db8:35:1:1::1/128:any 2001:db8:10:1:1::2/128:any

SA: 2:ALL in ESP 512 2001:db8:10:1:1::2

use out OSPF 2001:db8:10:1:1::2/128:any 2001:db8:35:1:1::1/128:any

Advertising
Popular Brands
Popular manuals