beautypg.com

Showing ipsec policy – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 373

background image

IPSEC Security Association Database(Entries:8)

SPDID(vrf:if) Dir Encap SPI Destination AuthAlg EncryptAlg

1:ALL in ESP 512 2001:db8:1::1 sha1 Null

1:e1/1 out ESP 302 :: sha1 Null

1:e1/1 in ESP 302 FE80:: sha1 Null

1:e1/1 out ESP 512 2001:db8:1::2 sha1 Null

2:ALL in ESP 512 2001:db8:1::1 sha1 Null

2:e1/2 out ESP 302 :: sha1 Null

2:e1/2 in ESP 302 FE80:: sha1 Null

2:e1/2 out ESP 512 2001:db8:1::2 sha1 Null

Syntax: show ipsec sa

Showing IPsec policy

The show ipsec policy command displays the database for the IPsec security policies. The fields for
this show command output appear in the screen output example that follows. However, you should
understand the layout and column headings for the display before trying to interpret the information in
the example screen.

Each policy entry consists of two categories of information:

• The policy information
• The SA used by the policy

The policy information line in the screen begins with the heading Ptype and also has the headings Dir,
Proto, Source (Prefix:TCP.UDP Port), and Destination (Prefix:TCP/UDPPort). The SA line contains the
SPDID, direction, encapsulation (always ESP in the current release), the user-specified SPI.

device#show ipsec policy

IPSEC Security Policy Database(Entries:8)

PType Dir Proto Source(Prefix:TCP/UDP Port)

Destination(Prefix:TCP/UDPPort)

SA: SPDID(vrf:if) Dir Encap SPI Destination

use in OSPF FE80::/10:any

::/0:any

SA: 2:e1/2 in ESP 302 FE80::

use out OSPF FE80::/10:any

::/0:any

SA: 2:e1/2 out ESP 302 ::

use in OSPF FE80::/10:any

::/0:any

SA: 1:e1/1 in ESP 302 FE80::

use out OSPF FE80::/10:any

::/0:any

SA: 1:e1/1 out ESP 302 ::

use in OSPF 2001:db8:1:1::1/128:any

2001:db8:1:1::2/128:any

SA: 1:ALL in ESP 512 2001:db8:1:1::2

use out OSPF 2001:db8:1:1::2/128:any

2001:db8:1:1::1/128:any

SA: 1:e1/1 out ESP 512 2001:db8:1:1::1

use in OSPF 35:1:1::1/128:any

10:1:1::2/128:any

SA: 2:ALL in ESP 512 10:1:1::2

Syntax: show ipsec policy

show ipsec policy output descriptions

TABLE 86

This field

Displays

PType

This field contains the policy type. Of the existing policy types, only the "use" policy type is supported,
so each entry can have only "use."

Showing IPsec policy

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

373

53-1003087-04