Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1391139213931394139513961397139813991400
FastIron Configuration Guide 1335
53-1002494-02
Displaying OSPF V3 Information
Showing IPsec policy
The show ipsec policy command displays the database for the IPSec security policies. The fields for
this show command output appear in the screen output example that follows. However, you should
understand the layout and column headings for the display before trying to interpret the
information in the example screen.
Each policy entry consists of two categories of information:
The policy information
The SA used by the policy
The policy information line in the screen begins with the heading Ptype and also has the headings
Dir, Proto, Source (Prefix:TCP.UDP Port), and Destination (Prefix:TCP/UDPPort). The SA line
contains the SPDID, direction, encapsulation (always ESP in the current release), the user-specified
SPI, For readability, the policy information is described in Table 234, and SA-specific information is
in Table 235.
Syntax: show ipsec policy
This command takes no parameters.
TABLE 234 IPsec policy information
Field Description
PType This field contains the policy type. Of the existing policy types, only the “use”
policy type is supported, so each entry can have only “use.”
Dir The direction of traffic flow to which the IPsec policy is applied. Each direction
has its own entry.
Proto The only possible routing protocol for the security policy in the current release
is OSPFv3.
Brocade#show ipsec policy
IPSEC Security Policy Database(Entries:8)
PType Dir Proto Source(Prefix:TCP/UDP Port) Destination(Prefix:TCP/UDPPort)
SA: SPDID(if) Dir Encap SPI Destination
use in OSPF FE80::/10:any ::/0:any
SA: eth1/1/2 in ESP 302 FE80::
use out OSPF FE80::/10:any ::/0:any
SA: eth1/1/2 out ESP 302 ::
use in OSPF FE80::/10:any ::/0:any
SA: eth1/1/1 in ESP 302 FE80::
use out OSPF FE80::/10:any ::/0:any
SA: eth1/1/1 out ESP 302 ::
use in OSPF 35:1:1::1/128:any 10:1:1::2/128:any
SA: ethALL in ESP 512 10:1:1::2
use out OSPF 10:1:1::2/128:any 35:1:1::1/128:any
SA: eth1/1/1 out ESP 512 35:1:1::1
use in OSPF 35:1:1::1/128:any 10:1:1::2/128:any
SA: ethALL in ESP 512 10:1:1::2
use out OSPF 10:1:1::2/128:any 35:1:1::1/128:any