beautypg.com

Showing ipsec policy – Brocade Communications Systems Layer 3 Routing Configuration ICX 6650 User Manual

Page 293

background image

Brocade ICX 6650 Layer 3 Routing Configuration Guide

275

53-1002603-01

Displaying OSPF V3 Information

Showing IPsec policy

The show ipsec policy command displays the database for the IPsec security policies. The fields for
this show command output appear in the screen output example that follows. However, you should
understand the layout and column headings for the display before trying to interpret the
information in the example screen.

Each policy entry consists of two categories of information:

The policy information

The SA used by the policy

The policy information line in the screen begins with the heading Ptype and also has the headings
Dir, Proto, Source (Prefix:TCP.UDP Port), and Destination (Prefix:TCP/UDPPort). The SA line
contains the SPDID, direction, encapsulation (always ESP in the current release), the user-specified
SPI, For readability, the policy information is described in

Table 57

, and SA-specific information is in

Table 58

.

Syntax: show ipsec policy

This command takes no parameters.

TABLE 57

IPsec policy information

Field

Description

PType

This field contains the policy type. Of the existing policy types, only the “use”
policy type is supported, so each entry can have only “use.”

Dir

The direction of traffic flow to which the IPsec policy is applied. Each direction
has its own entry.

Proto

The only possible routing protocol for the security policy in the current release
is OSPFv3.

Brocade#show ipsec policy

IPSEC Security Policy Database(Entries:8)

PType Dir Proto Source(Prefix:TCP/UDP Port) Destination(Prefix:TCP/UDPPort)

SA: SPDID(if) Dir Encap SPI Destination

use in OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/2 in ESP 302 FE80::

use out OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/2 out ESP 302 ::

use in OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/1 in ESP 302 FE80::

use out OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/1 out ESP 302 ::

use in OSPF 2001:db8:1::1/128:any 2001:db8:1::2/128:any

SA: ethALL in ESP 512 10:1:1::2

use out OSPF 2001:db8:1::2/128:any 2001:db8:1::1/128:any

SA: eth1/1/1 out ESP 512 35:1:1::1

use in OSPF 2001:db8:1::1/128:any 2001:db8:1::2/128:any

SA: ethALL in ESP 512 10:1:1::2

use out OSPF 2001:db8:1::2/128:any 2001:db8:1::1/128:any

SA: 2:e1/1/2 out ESP 512 2001:db8:1::1

See also other documents in the category Brocade Communications Systems Hardware: