Ipsec clear and show commands, Ipsec clear and show commands -108, Ipsec clear and show commands clear crypto sa – Enterasys Networks X-Pedition XSR CLI User Manual

IPSec Clear and Show Commands

14-108 Configuring the VPN

IPSec Clear and Show Commands

clear crypto sa

This command deletes IPSec Security Associations (SAs) as follows:

•

If the SAs were established via IKE, they are deleted and future IPSec traffic will require new 
SAs to be negotiated. (When IKE is used, the IPSec SAs are established only when needed.)

•

The 

peer

 keyword deletes any IPSec SAs for the specified peer.

•

The 

map

 keyword deletes any IPSec SAs for the named crypto map set.

•

The 

counters

 keyword simply clears the traffic counters maintained for each SA; it does not 

clear the SAs themselves.

Syntax

clear crypto sa
clear crypto sa peer {ip-address | peer-name}
clear crypto sa map map-name
clear crypto sa counters

Default

If 

peer

, 

map

, or 

counters

 keywords are not used, all IPSec SAs are deleted.

Mode

Privileged EXEC: 

XSR#

Example

The following example clears the SA counters for all peers:

XSR#clear crypto sa counters

show access-lists

This command shows one or all access lists defined in the XSR. Alternatively, you can view the 
packet threshold after which the ACL violations log is triggered.

Syntax

show access-lists number log-update-threshold

Note: If there are many thousands of tunnels in use, this command will use as many system
resources as are available for as long as necessary to complete the task, making the XSR appear
“frozen.”

ip-address

Specify a remote peerʹs IP address.

peer-name

Specify a remote peerʹs name as the fully qualified domain name.

map-name

Specify the name of a crypto map set.