Verifying IPsec Configuration Configuring IPsec
page 14-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011
Discarding RIPng Packets
RIPng uses the well known address of ff02::9 to advertise routes. The following example shows how IPsec
can be configured to drop all RIPng packets.
Discarding RIPng Packets
Switch A
-> ipsec policy DISCARD_UDPout source fe80::100 destination ff02::9 protocol udp
out discard
-> ipsec policy DISCARD_UDPin source fe80::200 destination ff02::9 protocol udp
in discard
Switch B
-> ipsec policy DISCARD_UDPout source fe80::200 destination ff02::9 protocol udp
out discard
-> ipsec policy DISCARD_UDPin source fe80::100 destination ff02::9 protocol udp
in discard
Verifying IPsec Configuration
To display information such as details about manually configured IPsec Security Associations and other
IPsec parameters configured on the switch, use the show commands listed in the following table::
For more information about the resulting displays form these commands, see the “IPsec Commands” chap-
ter in the OmniSwitch CLI Reference Guide.
Examples of the above commands and their outputs are given in the section “Configuring IPsec on the
OmniSwitch” on page 14-9
show ipsec sa Displays information about manually configured IPsec SAs.
show ipsec key Displays encryption and authentication key values for the manually con-
figured IPsec SA.
show ipsec policy Displays information about IPsec Security Policies configured for the
switch.
show ipsec ipv6 statistics Displays IPsec statistics for IPv6 traffic.
Switch A
Link Local: fe80::200Link Local: fe80::100
Switch B
To Next Page
Loading...
