Command Reference Guide
Fabric OS Command Reference 493
53-1002746-01
ipSecConfig
2
created: Oct 15 23:34:55 2008 current: Oct 15 23:35:06 2008
diff: 11(s) hard: 2621440(s) soft: 2137448(s)
last: Oct 15 23:34:55 2008 hard: 0(s) soft: 0(s)
current: 540(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 5 hard: 0 soft: 0
sadb_seq=0 pid=10954 refcnt=0
To display a specified IPSec SA:
switch:admin> ipsecconfig --show policy ips \
sa -t sa-esp-1
sa-esp-1 ipsec-protocol:esp
encryption algorithm: aes128_cbc 3des_cbc
authentication algorithm: hmac_sha1 hmac_md5
To display all IPSec SA proposals:
switch:admin> ipsecconfig --show policy ips \
sa-proposal -a
ipsec-esp-a-b SA(s) used:sa-esp-1 sa-ah-1
lifetime in seconds:infinite
lifetime in bytes:infinite
ipsec-esp-def SA(s) used:sa-esp-1
lifetime in seconds:infinite
lifetime in bytes:infinite
To display all IPSec transforms:
switch:admin> ipsecconfig --show policy ips transform -a
policy-A-B action:auto_ipsec mode:transport
local:10.33.69.132 remote:10.33.74.13
sa-proposal:ipsec-esp-a-b
ike-policy:remote-B
To display all IPSec traffic selectors:
switch:admin> ipsecconfig --show policy ips selector -a
slt-A-B-any local:10.33.69.132 remote:10.33.74.13
direction:outbound upper-layer-protocol:any
transform-used:policy-A-B
slt-B-A-any local:10.33.74.13 remote:10.33.69.132
direction:inbound upper-layer-protocol:any
transform-used:policy-A-B
Using the help command
To use the --help command with arguments to display the syntax of specific types and subtypes:
switch:admin> ipsecconfig --help add policy ips selector
Usage: ipsecConfig --add policy ips selector ARGUMENTS
ARGUMENTS
-tag <name> selector name
-direction <in|out> traffic flow direction
-local <addr> source IPv4 or IPv6 address
-remote <addr> peers IPv4 or IPv6 address
-transform <name> transform name
[-protocol <name>] protocol nam