Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

471

472

473

474

475

476

477

478

479

480

450 Brocade Fabric OS Command Reference

53-1004112-02

ipSecConfig

--flush manual-sa

Flushes all SA entries (including manually keyed and automatically keyed SAs) from the

kernel SADB. All active TCP sessions that are using IPSec protection are terminated when

this command is executed. This command, unlike delete, does not remove the policies from

the configuration database. Flushing any other policy parameters is not supported.

--show

Displays current IPSec or IKE configuration. The syntax for the display option is as follows:

--show type [subtype] arguments

type

Specifies the policy to be displayed. Valid values for type include the following:

policy ips

Displays the IPSec policy configuration. A policy subtype must be specified when displaying

the IPSec policy configuration. Valid subtypes include the following:

selector

Displays IPSec selector parameters including IPSec policy name, IP address of the

local entity, IP address of the remote entity, direction of traffic flow (inbound or

outbound), upper layer protocol used, and IPSec transform index.

transform

Displays IPSec transform parameters including IPSec policy name, key management

protocol (version) or manual SA, processing option for selected IP traffic, IPSec mode

(tunnel or transport), IP address of the local entity, IP address of the remote entity, and

SA proposal.

sa-proposal

Displays the parameters of the SA proposal, including proposal name, lifetime (in

seconds and in byte units, or infinite), and associated SA definitions.

Displays security association (SA) parameters for the specified IPSec policies including

policy names, IPSec protocol used (AH or ESP), encryption and authentication

algorithms.

policy ike

Displays the IKE policy configuration. No subtype is required with this command. The

command displays the following IKE policy parameters: IKE version, IP address of the

remote entity, IP address of the local entity, encryption algorithm, hash algorithm, PRF

algorithm, DH group, authentication method, path and filename of the preshared key.

manual-sa

Displays the Security Associations in the local SADB. No subtype is required with this

command.

arguments

Specifies the display selection as one of the following:

-a

Displays all configuration information for the specified type and subtype.