Manualshelf

Command Reference Guide

ManualsBrandsDell ManualsComputer AccessoriesPOWEREDGE M1000E
471472473474475476477478479480
Table Of Contents
446 Fabric OS Command Reference
53-1001764-02
ipSecConfig
2
IPSec display commands
To display the IPSec IKE Policy:
switch:admin> ipsecconfig --show policy ike -a
IKE-01 version:ikev2 remote:10.33.69.132
local-id:10.33.74.13 remote-id:10.33.69.132
encryption algorithm: 3des_cbc
hash algorithm: hmac_md5
prf algorithm: hmac_md5
dh group: 2 1
auth method:rsasig
public-key:"/etc/fabos/certs/sw0/thawkcert.pem"
private-key:"/etc/fabos/certs/sw0/thawkkey.pem"
peer-public-key:"/etc/fabos/certs/sw0/spiritcert.pem
To display the outbound and inbound SAs in the kernel SA database:
switch:admin> ipsecconfig --show manual-sa -a
10.33.69.132[0] 10.33.74.13[0]
ah mode=transport spi=34560190(0x020f58be) reqid=0(0x00000000)
A: hmac-md5 7e5aeb47 e0433649 c1373625 34a64ece
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Oct 15 23:34:55 2008 current: Oct 15 23:35:06 2008
diff: 11(s) hard: 2621440(s) soft: 2100388(s)
last: Oct 15 23:34:56 2008 hard: 0(s) soft: 0(s)
current: 256(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 4 hard: 0 soft: 0
sadb_seq=1 pid=10954 refcnt=0
10.33.74.13[0] 10.33.69.132[0]
ah mode=transport spi=48095089(0x02dddf71) reqid=0(0x00000000)
A: hmac-md5 c84d27e5 960d116c bf7c0e4a b232c49e
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Oct 15 23:34:55 2008 current: Oct 15 23:35:06 2008
diff: 11(s) hard: 2621440(s) soft: 2137448(s)
last: Oct 15 23:34:55 2008 hard: 0(s) soft: 0(s)
current: 540(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 5 hard: 0 soft: 0
sadb_seq=0 pid=10954 refcnt=0
To display a specified IPSec SA:
switch:admin> ipsecconfig --show policy ips sa -t sa-esp-1
sa-esp-1 ipsec-protocol:esp
encryption algorithm: aes128_cbc 3des_cbc
authentication algorithm: hmac_sha1 hmac_md5
To display all IPSec SA proposals:
switch:admin> ipsecconfig --show policy ips sa-proposal -a
ipsec-esp-a-b SA(s) used:sa-esp-1 sa-ah-1
lifetime in seconds:infinite
lifetime in bytes:infinite
ipsec-esp-def SA(s) used:sa-esp-1
lifetime in seconds:infinite
lifetime in bytes:infinite