use in OSPF FE80::/10:any
::/0:any
SA: 1:e1/1/1 in ESP 302 FE80::
use out OSPF FE80::/10:any
::/0:any
SA: 1:e1/1/1 out ESP 302 ::
use in OSPF 2001:db8:1:1::1/128:any
2001:db8:1:1::2/128:any
SA: 1:ALL in ESP 512 2001:db8:1:1::2
use out OSPF 2001:db8:1:1::2/128:any
2001:db8:1:1::1/128:any
SA: 1:e1/1/1 out ESP 512 2001:db8:1:1::1
use in OSPF 35:1:1::1/128:any
10:1:1::2/128:any
SA: 2:ALL in ESP 512 10:1:1::2
Syntax: show ipsec policy
TABLE 85 show ipsec policy output descriptions
This eld Displays
PType This eld contains the policy type. Of the existing policy types, only the
"use" policy type is supported, so each entry can have only "use."
Dir The direction of trac ow to which the IPsec policy is applied. Each
direction has its own entry.
Proto The only possible routing protocol for the security policy in the current
release is OSPFv3.
Source The source address consists of the IPv6 prex and the TCP or UDP port
identier.
Destination The destination address consists of the IPv6 prex. Certain logical
elements have a bearing on the meaning of the destination address and its
format, as follows:
For IPsec on an interface or area, the destination address is shown as a
prex of 0xFE80 (link local). The solitary "::" (no prex) indicates a "do not-
care" situation because the connection is multicast. In this case, the
security policy is enforced without regard for the destination address.
For a virtual link (SPDID = 0), the address is required.
TABLE 86 SA used by the policy
This eld Displays
SA This heading points at the SA-related headings for information used by
the security policy. Thereafter, on each line of this part of the IPsec entry
(which alternates with lines of policy information, "SA:" points at the elds
under those SA-related headings. The remainder of this table describes
each of the SA-related items.
SPDID The security policy database identier (SPDID) consists of two parts; the
rst part is an VRF id and the second part is an interface ID. The SPDID
0/ALL is a global database for the default VRF that applies to all
interfaces.
Dir The Dir eld is either ‘in" for inbound or "out" for outbound.
Encap The type of encapsulation in the current release is ESP.
SPI Security parameter index.
Destination The IPv6 address of the destination endpoint. From the standpoint of the
near interface and the area, the destination is not relevant and therefore
appears as ::/0:any.
Displaying OSPFv3 information
FastIron Ethernet Switch Layer 3 Routing
342 53-1003627-04
To Next Page
Loading...
Need help?
General
