Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

661

662

663

664

665

666

667

668

669

670

To display information on the SAs used on a specific interface, enter interface interface, where interface is one of

the following values:

○ For a 10-Gigabit Ethernet interface, enter TenGigabitEthernet slot/port.

○ For a Port Channel interface, enter port-channel number.

○ For a 40-Gigabit Ethernet interface, enter FortyGigabitEthernet slot/port.

○ For a VLAN interface, enter vlan vlan-id. The valid VLAN IDs are from 1 to 4094.

In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted

(shown in bold).

Dell#show crypto ipsec policy

Crypto IPSec client security policy data

Policy name : OSPFv3-1-502

Policy refcount : 1

Inbound ESP SPI : 502 (0x1F6)

Outbound ESP SPI : 502 (0x1F6)

Inbound ESP Auth Key : 123456789a123456789b123456789c12

Outbound ESP Auth Key : 123456789a123456789b123456789c12

Inbound ESP Cipher Key : 123456789a123456789b123456789c123456789d12345678

Outbound ESP Cipher Key : 123456789a123456789b123456789c123456789d12345678

Transform set : esp-3des esp-md5-hmac

Crypto IPSec client security policy data

Policy name : OSPFv3-1-500

Policy refcount : 2

Inbound AH SPI : 500 (0x1F4)

Outbound AH SPI : 500 (0x1F4)

Inbound AH Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e

Outbound AH Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e

Transform set : ah-md5-hmac

Crypto IPSec client security policy data

Policy name : OSPFv3-0-501

Policy refcount : 1

Inbound ESP SPI : 501 (0x1F5)

Outbound ESP SPI : 501 (0x1F5)

Inbound ESP Auth Key :

bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0c30808825fb5

Outbound ESP Auth Key :

bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0c30808825fb5

Inbound ESP Cipher Key :

bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a

Outbound ESP Cipher Key :

bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a

Transform set : esp-128-aes esp-sha1-hmac

The following example shows the show crypto ipsec sa ipv6 command.

Dell#show crypto ipsec sa ipv6

Interface: TenGigabitEthernet 0/0

Link Local address: fe80::201:e8ff:fe40:4d10

IPSecv6 policy name: OSPFv3-1-500

inbound ah sas

spi : 500 (0x1f4)

transform : ah-md5-hmac

in use settings : {Transport, }

replay detection support : N

STATUS : ACTIVE

outbound ah sas

spi : 500 (0x1f4)

transform : ah-md5-hmac

in use settings : {Transport, }

Open Shortest Path First (OSPFv2 and OSPFv3)

667