Ipsec examples, Amples, Showing ipsec security association information – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual
Page 721
Multi-Service IronWare Routing Configuration Guide
693
53-1003033-02
Displaying OSPFv3 information
IPsec examples
This section contains examples of IPsec configuration and the output from the IPsec-specific show
commands. In addition, IPsec-related information appears in general show command output for
interfaces and areas.
The show commands that are specific to IPsec are:
•
show ipsec sa
•
show ipsec policy
•
show ipsec statistics
The other show commands with IPsec-related information are:
•
show ipv6 ospf area
•
show ipv6 ospf interface
•
show ipv6 ospf vrf
Showing IPsec security association information
The show ipsec sa command displays the IPSec security association databases, as follows.
State
The state between the device and the virtual neighbor. The state can be one of
the following:
•
Down
•
Attempt
•
Init
•
2-Way
•
ExStart
•
Exchange
•
Loading
•
Full
Interface
The IPv6 address of the virtual neighbor.
Option
The bits set in the virtual-link hello or database descriptors.
QCount
The number of packets that are in the queue and ready for transmission. If the
system is stable, this number should always be 0.
Timer
A timer that counts down until a hello packet should arrive. If “timers” elapses
and a hello packet has not arrived, the VL neighbor is declared to be down.
TABLE 145
OSPFv3 virtual neighbor information (Continued)
This field...
Displays...
Brocade#show ipsec sa
IPSEC Security Association Database(Entries:8)
SPDID(vrf:if) Dir Encap SPI Destination AuthAlg EncryptAlg
1:ALL in ESP 512 2001:db8:1::1 sha1 Null
1:e1/1 out ESP 302 :: sha1 Null
1:e1/1 in ESP 302 FE80:: sha1 Null
1:e1/1 out ESP 512 2001:db8:1::2 sha1 Null
2:ALL in ESP 512 2001:db8:1::1 sha1 Null
2:e1/2 out ESP 302 :: sha1 Null
2:e1/2 in ESP 302 FE80:: sha1 Null
2:e1/2 out ESP 512 2001:db8:1::2 sha1 Null