beautypg.com

Disabling ipsec on an interface, Changing the key rollover timer, Clearing ipsec statistics – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 346

background image

Disabling IPsec on an interface

For the purpose of troubleshooting, you can operationally disable IPsec on an interface by using the
ipv6 ospf authentication ipsec disable command in the CLI context of a specific interface. This
command disables IPsec on the interface whether its IPsec configuration is the area’s IPsec
configuration or is specific to that interface. The output of the show ipv6 ospf interface command
shows the current setting for the disable command.

To disable IPsec on an interface, go to the CLI context of the interface and proceed as in the following
example.

device(config-if-e10000-1/2)#ipv6 ospf auth ipsec disable

Syntax: [no] ipv6 ospf authentication ipsec disable

The no form of this command restores the area and interface-specific IPsec operation.

Changing the key rollover timer

Configuration changes for authentication takes effect in a controlled manner through the key rollover
procedure as specified in RFC 4552, Section 10.1. The key rollover timer controls the timing of the
configuration changeover. The key rollover timer can be configured in the IPv6 router OSPF context,
as the following example illustrates.

device(config-ospf6-router)#key-rollover-interval 200

Syntax: key-rollover-interval time

The range for the key-rollover-interval is 0 through 14400 seconds. The default is 300 seconds.

Clearing IPsec statistics

This section describes the clear ipsec statistics command for clearing statistics related to IPsec. The
command resets to 0 the counters (which you can view as a part of IP Security Packet Statistics). The
counters hold IPsec packet statistics and IPsec error statistics. The following example illustrates the
show ipsec statistics output.

device#show ipsec statistics

IPSecurity Statistics

secEspCurrentInboundSAs 1 ipsecEspTotalInboundSAs: 2

secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs: 2

IPSecurity Packet Statistics

secEspTotalInPkts: 20 ipsecEspTotalInPktsDrop: 0

secEspTotalOutPkts: 84

IPSecurity Error Statistics

secAuthenticationErrors 0

secReplayErrors: 0 ipsecPolicyErrors: 13

secOtherReceiveErrors: 0 ipsecSendErrors: 0

secUnknownSpiErrors: 0

To clear the statistics, enter the clear ipsec statistics command as in the following example.

device#clear ipsec statistics

Syntax: clear ipsec statistics

This command takes no parameters.

Disabling IPsec on an interface

346

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04

See also other documents in the category Brocade Computer Accessories: