To Next Page

To Previous Page

IPsec examples

This section contains examples of IPsec conguration and the output from the IPsec-specic show commands. In addition, IPsec-related

information appears in general show command output for interfaces and areas.

The show commands that are specic to IPsec are:

• show ipsec sa

• show ipsec policy

• show ipsec statistics

The other show commands with IPsec-related information are:

• show ipv6 ospf area

• show ipv6 ospf interface

• show ipv6 ospf vrf

Showing IPsec security association information

The show ipsec sa command displays the IPSec security association databases, as follows.

device# show ipsec sa

IPSEC Security Association Database(Entries:8)

SPDID(vrf:if) Dir Encap SPI Destination AuthAlg EncryptAlg

1:ALL in ESP 512 2001:db8:1::1 sha1 Null

1:e1/1/1 out ESP 302 :: sha1 Null

1:e1/1/1 in ESP 302 FE80:: sha1 Null

1:e1/1/1 out ESP 512 2001:db8:1::2 sha1 Null

2:ALL in ESP 512 2001:db8:1::1 sha1 Null

2:e1/1/2 out ESP 302 :: sha1 Null

2:e1/1/2 in ESP 302 FE80:: sha1 Null

2:e1/1/2 out ESP 512 2001:db8:1::2 sha1 Null

Syntax: show ipsec sa

Showing IPsec policy

The show ipsec policy command displays the database for the IPsec security policies. The

elds for this show command output appear

in the screen output example that follows. However, you should understand the layout and column headings for the display before trying

to interpret the information in the example screen.

Each policy entry consists of two categories of information:

• The policy information

• The SA used by the policy

The policy information line in the screen begins with the heading Ptype and also has the headings Dir, Proto, Source (Prex:TCP.UDP

Port), and Destination (Prex:TCP/UDPPort). The SA line contains the SPDID, direction, encapsulation (always ESP in the current

release), the user-specied SPI.

device# show ipsec policy

IPSEC Security Policy Database(Entries:8)

PType Dir Proto Source(Prefix:TCP/UDP Port)

Destination(Prefix:TCP/UDPPort)

SA: SPDID(vrf:if) Dir Encap SPI Destination

use in OSPF FE80::/10:any

::/0:any

SA: 2:e1/1/2 in ESP 302 FE80::

use out OSPF FE80::/10:any

::/0:any

SA: 2:e1/1/2 out ESP 302 ::

Displaying OSPFv3 information

FastIron Ethernet Switch Layer 3 Routing

53-1003627-04 341

Brand	Brocade Communications Systems
Model	FastIron X Series
Category	Switch
Language	English

Brocade Communications Systems FastIron X Series User Manual

Table of Contents

Other manuals for Brocade Communications Systems FastIron X Series

Questions and Answers:

Brocade Communications Systems FastIron X Series Specifications

Related product manuals