Showing ipsec policy – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual
Page 373
IPSEC Security Association Database(Entries:8)
SPDID(vrf:if) Dir Encap SPI Destination AuthAlg EncryptAlg
1:ALL in ESP 512 2001:db8:1::1 sha1 Null
1:e1/1 out ESP 302 :: sha1 Null
1:e1/1 in ESP 302 FE80:: sha1 Null
1:e1/1 out ESP 512 2001:db8:1::2 sha1 Null
2:ALL in ESP 512 2001:db8:1::1 sha1 Null
2:e1/2 out ESP 302 :: sha1 Null
2:e1/2 in ESP 302 FE80:: sha1 Null
2:e1/2 out ESP 512 2001:db8:1::2 sha1 Null
Syntax: show ipsec sa
Showing IPsec policy
The show ipsec policy command displays the database for the IPsec security policies. The fields for
this show command output appear in the screen output example that follows. However, you should
understand the layout and column headings for the display before trying to interpret the information in
the example screen.
Each policy entry consists of two categories of information:
• The policy information
• The SA used by the policy
The policy information line in the screen begins with the heading Ptype and also has the headings Dir,
Proto, Source (Prefix:TCP.UDP Port), and Destination (Prefix:TCP/UDPPort). The SA line contains the
SPDID, direction, encapsulation (always ESP in the current release), the user-specified SPI.
device#show ipsec policy
IPSEC Security Policy Database(Entries:8)
PType Dir Proto Source(Prefix:TCP/UDP Port)
Destination(Prefix:TCP/UDPPort)
SA: SPDID(vrf:if) Dir Encap SPI Destination
use in OSPF FE80::/10:any
::/0:any
SA: 2:e1/2 in ESP 302 FE80::
use out OSPF FE80::/10:any
::/0:any
SA: 2:e1/2 out ESP 302 ::
use in OSPF FE80::/10:any
::/0:any
SA: 1:e1/1 in ESP 302 FE80::
use out OSPF FE80::/10:any
::/0:any
SA: 1:e1/1 out ESP 302 ::
use in OSPF 2001:db8:1:1::1/128:any
2001:db8:1:1::2/128:any
SA: 1:ALL in ESP 512 2001:db8:1:1::2
use out OSPF 2001:db8:1:1::2/128:any
2001:db8:1:1::1/128:any
SA: 1:e1/1 out ESP 512 2001:db8:1:1::1
use in OSPF 35:1:1::1/128:any
10:1:1::2/128:any
SA: 2:ALL in ESP 512 10:1:1::2
Syntax: show ipsec policy
show ipsec policy output descriptions
TABLE 86
This field
Displays
PType
This field contains the policy type. Of the existing policy types, only the "use" policy type is supported,
so each entry can have only "use."
Showing IPsec policy
FastIron Ethernet Switch Layer 3 Routing Configuration Guide
373
53-1003087-04