Reference Guide

450 Brocade Fabric OS Command Reference
53-1004112-02
ipSecConfig
--flush manual-sa
Flushes all SA entries (including manually keyed and automatically keyed SAs) from the
kernel SADB. All active TCP sessions that are using IPSec protection are terminated when
this command is executed. This command, unlike delete, does not remove the policies from
the configuration database. Flushing any other policy parameters is not supported.
--show
Displays current IPSec or IKE configuration. The syntax for the display option is as follows:
--show type [subtype] arguments
type
Specifies the policy to be displayed. Valid values for type include the following:
policy ips
Displays the IPSec policy configuration. A policy subtype must be specified when displaying
the IPSec policy configuration. Valid subtypes include the following:
selector
Displays IPSec selector parameters including IPSec policy name, IP address of the
local entity, IP address of the remote entity, direction of traffic flow (inbound or
outbound), upper layer protocol used, and IPSec transform index.
transform
Displays IPSec transform parameters including IPSec policy name, key management
protocol (version) or manual SA, processing option for selected IP traffic, IPSec mode
(tunnel or transport), IP address of the local entity, IP address of the remote entity, and
SA proposal.
sa-proposal
Displays the parameters of the SA proposal, including proposal name, lifetime (in
seconds and in byte units, or infinite), and associated SA definitions.
sa
Displays security association (SA) parameters for the specified IPSec policies including
policy names, IPSec protocol used (AH or ESP), encryption and authentication
algorithms.
policy ike
Displays the IKE policy configuration. No subtype is required with this command. The
command displays the following IKE policy parameters: IKE version, IP address of the
remote entity, IP address of the local entity, encryption algorithm, hash algorithm, PRF
algorithm, DH group, authentication method, path and filename of the preshared key.
manual-sa
Displays the Security Associations in the local SADB. No subtype is required with this
command.
arguments
Specifies the display selection as one of the following:
-a
Displays all configuration information for the specified type and subtype.