beautypg.com

Ip security debug commands – Brocade FastIron SX, FCX, and ICX Diagnostic Reference User Manual

Page 186

background image

174

Brocade FastIron SX, FCX, and ICX Diagnostic Reference

53-1003076-02

IP security debug commands

7

IP security debug commands

The following command displays debug information related to Internet Protocol security (IPsec)
operation for OSPFv3.

debug ipsec all

Syntax: [no] debug ipsec all

This command displays all debuggging information related to IPsec operation as shown in the
following example.

Brocade# debug ipsec all

IPSec: all debugging is on

Brocade(config-ospf6-router)# no area 0 auth ipsec spi 400 esp sha1

abcef12345678901234fedcba098765432109876IPSEC,SA: ipipsec_pfkeyv2_input() ::

receiving 'DELETE' command

IPSEC,SA: Removing SA: ESP in spi=0x190 dst=FE80::

IPSEC,Policy: Removing flow [input use 'prot=OSPF src=FE80::/10:0 dst=::/0:0' ->

SA: ESP in spi=0x190 dst=FE80::] : ok

IPSEC,SA: ipipsec_pfkeyv2_input() :: succeeded

debug ipsec esp

Syntax: [no] debug ipsec esp

This command enables debugging of Encapsulating Security Payload (ESP) and displays an output
as shown in the following example.

Brocade# debug ipsec esp

IPSec: esp debugging is on

Brocade(config-ospf6-router)# Debug: Jan 1 02:03:27 IPSEC,ESP: decrypt ok, seq=0

(SA: ESP in spi=0x190 dst=FE80::)

Debug: Jan 1 02:03:27 IPSEC,ESP: decrypt ok, seq=0 (SA: ESP in spi=0x190

dst=FE80::)

Debug: Jan 1 02:03:36 IPSEC,ESP: decrypt ok, seq=0 (SA: ESP in spi=0x190

dst=FE80::)

Debug: Jan 1 02:03:36 IPSEC,ESP: decrypt ok, seq=0 (SA: ESP in spi=0x190

dst=FE80::)

Debug: Jan 1 02:03:45 IPSEC,ESP: decrypt ok, seq=0 (SA: ESP in spi=0x190

dst=FE80::)

Debug: Jan 1 02:03:45 IPSEC,ESP: decrypt ok, seq=0 (SA: ESP in spi=0x190

dst=FE80::)

debug ipsec in

Syntax: [no] debug ipsec in

This command enables the display of debugging information related to inbound OSPFv3 packets
with IPsec.

Brocade# debug ipsec in

IPSec: in debugging is on

Brocade(config-ospf6-router)# Debug: Jan 1 02:04:15 IPSEC,IN: ESP spi=400 (pkt

'ESP FE80:: -> FE80::') payloadlength =64

Debug: Jan 1 02:04:15 IPSEC,IN: Incoming packet matches Policy : input use

'prot=OSPF src=FE80::/10:0 dst=::/0:0' -> SA: ESP in spi=0x190 dst=FE80::

Debug: Jan 1 02:04:15 IPSEC,IN: ESP spi=400 (pkt 'ESP FE80:: -> FE80::')

payloadlength =64

See also other documents in the category Brocade Computer Accessories: