EasyManuals Logo

Cisco MDS 9000 Series User Manual

Cisco MDS 9000 Series
16 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #12 background imageLoading...
Page #12 background image
Send documentation comments to mdsfeedback-doc@cisco.com
22-12
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 22 Troubleshooting IPsec
IPsec Issues
2 Active TCP connections
Control connection:Local 10.10.100.232:65492, Remote 10.10.100.231:3225
Data connection:Local 10.10.100.232:65494, Remote 10.10.100.231:3225
22 Attempts for active connections, 1 close of connections
TCP Parameters
Path MTU 1400 bytes
Current retransmission timeout is 200 ms
Round trip time:Smoothed 2 ms, Variance:3
Advertized window:Current:128 KB, Maximum:14 KB, Scale:6
Peer receive window:Current:118 KB, Maximum:118 KB, Scale:6
Congestion window:Current:15 KB, Slow start threshold:204 KB
Current Send Buffer Size:14 KB, Requested Send Buffer Size:0 KB
CWM Burst Size:50 KB
5 minutes input rate 3192 bits/sec, 399 bytes/sec, 4 frames/sec
5 minutes output rate 2960 bits/sec, 370 bytes/sec, 4 frames/sec
3626 frames input, 359324 bytes
3610 Class F frames input, 357516 bytes
16 Class 2/3 frames input, 1808 bytes
1 Reass frames
0 Error frames timestamp error 0
3630 frames output, 340828 bytes
3612 Class F frames output, 338580 bytes
18 Class 2/3 frames output, 2248 bytes
0 Error frames
Verifying Security Associations
To verify security associations (SAs), follow these steps:
Step 1 Issue the show crypto sad domain ipsec command to verify the current peer, mode, and inbound and
outbound index of each switch. The example command outputs follow:
MDSA# show crypto sad domain ipsec
interface:GigabitEthernet7/1
Crypto map tag:cmap-01, local addr. 10.10.100.231
protected network:
local ident (addr/mask):(10.10.100.231/255.255.255.255)
remote ident (addr/mask):(10.10.100.232/255.255.255.255)
current_peer:10.10.100.232
local crypto endpt.:10.10.100.231, remote crypto endpt.:10.10.100.232
mode:tunnel, crypto algo:esp-3des, auth algo:esp-md5-hmac
tunnel id is:1
current outbound spi:0x822a202 (136487426), index:1
lifetimes in seconds::3600
lifetimes in bytes::483183820800
current inbound spi:0x38147002 (940863490), index:1
lifetimes in seconds::3600
lifetimes in bytes::483183820800
MDSC# show crypto sad domain ipsec
interface:GigabitEthernet1/2
Crypto map tag:cmap-01, local addr. 10.10.100.232
protected network:
local ident (addr/mask):(10.10.100.232/255.255.255.255)
remote ident (addr/mask):(10.10.100.231/255.255.255.255)
current_peer:10.10.100.231
local crypto endpt.:10.10.100.232, remote crypto endpt.:10.10.100.231

Table of Contents

Other manuals for Cisco MDS 9000 Series

Preview: Configuration Guide
Configuration Guide344 pages
Preview: Troubleshooting Guide
Troubleshooting Guide161 pages
Preview: Command Reference
Command Reference1464 pages
Preview: Rack Installation
Rack Installation8 pages
Preview: Installing
Installing22 pages
Preview: Hardware Installation Guide
Hardware Installation Guide62 pages
Preview: Installation Guide
Installation Guide20 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco MDS 9000 Series and is the answer not in the manual?

Cisco MDS 9000 Series Specifications

General IconGeneral
CategorySwitch
Operating SystemCisco NX-OS
PortsVaries by model
ProtocolsFibre Channel (FC), Fibre Channel over IP (FCIP), iSCSI
RedundancyRedundant supervisors, power supplies, and fans
ManagementCisco Data Center Network Manager (DCNM), CLI, SNMP
Virtualization SupportVSANs (Virtual SANs)
Security FeaturesFibre Channel Security Protocol (FC-SP)
Hot Swappable Componentspower supplies, fans
Power Supply OptionsAC and DC options available

Related product manuals