Brocade Fabric OS Command Reference Manual Supporting Fabric OS v6.3.0 (53-1001337-01, July 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c Power Pack+ SAN Switch for BladeSystem c-Class

441

442

443

444

445

446

447

448

449

450

Fabric OS Command Reference 413

53-1001337-01

ipsecConfig

--delete Deletes a specified policy or all policies of a certain type from the

configuration database. You can delete IPsec policies, IKE policies, and SADB

entries. When deleting IPsec policies, you have the option to delete specific

components only, such as the transform or the selector, and recreate these

components without having to recreate the entire policy. The syntax for

deleting a policy is as follows:

ipsecconfig --delete type [subtype] arguments

type Specifies the policy to be deleted. Valid policy types include:

policy ips Deletes a specified IPsec policy or all IPsec policies.

subtype Optionally specify a component (subtype) to delete the component only:

selector Deletes the selector for a specified IPsec policy, or all selectors of all

configured IPsec policies.

transform Deletes the transform for a specified IPsec policy, or all transforms of all

configured IPsec policies.

sa-proposal Deletes the SA proposal for a specified IPsec policy, or all SA proposals of

all configured IPsec policies.

sa Deletes the SAs for a specified IPsec policy, or all SAs of all configured

IPsec policies.

policy ike Deletes a specified IKE policy or all configured IKE policies.

sa Deletes a specified SADB entry or all manual SADB entries.

manual-sa Deletes the SA policy entries used in manually keyed SA entries from the

configuration database.

arguments Specifies the selection as one of the following:

-a Deletes all configuration information for the specified type and subtype.

-tag name Deletes all configuration information for the specified policy type.

--flush manual-sa

Flushes all SA entries (including manually keyed and automatically keyed

SAs) from the kernel SADB. All active TCP sessions that are using IPsec

protection are terminated when this command is executed. This command,

unlike delete, does not remove the policies from the configuration database.

Flushing any other policy parameters is not supported.

--show Displays current IPsec or IKE configuration. The syntax for the display option

is as follows:

--show type [subtype] arguments]

type Specifies the policy to be displayed. Valid values for type include the

following:

policy ips Displays the IPsec policy configuration. A policy

subtype must be specified

when displaying the IPsec policy configuration. Valid subtypes include the

following: