R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

201

202

203

204

205

206

207

208

209

210

193

Examples

# Display brief information about IPsec SAs.

<Sysname> display ipsec sa brief

-----------------------------------------------------------------------

Interface/Global Dst Address SPI Protocol Status

-----------------------------------------------------------------------

Vlan-int1 10.1.1.1 400 ESP active

Vlan-int1 255.255.255.255 4294967295 ESP active

Vlan-int1 100::1/64 500 AH active

global -- 600 ESP active

Table 28 Command output

Field Descri

tion

Interface/Global

Interface where the IPsec SA belongs to or global IPsec SA (created by using an IPsec

profile).

Dst Address

Remote end IP address of the IPsec tunnel.

For the IPsec SAs created by using IPsec profiles, "–" is displayed in this field.

SPI IPsec SA SPI.

Protocol Security protocol used by IPsec.

Status

Stateful failover status of the IPsec SA: active or backup.

In standalone mode, "–" is displayed in this field.

# Display the number of IPsec SAs.

<Sysname> display ipsec sa count

Total IPsec SAs count: 4

# Display information about all IPsec SAs.

<Sysname> display ipsec sa

-------------------------------

Interface: Vlan-interface1

-------------------------------

-----------------------------

IPsec policy: r2

Sequence number: 1

Mode: isakmp

-----------------------------

Tunnel id: 3

Encapsulation mode: tunnel

Perfect Forward Secrecy:

Path MTU: 1443

Tunnel:

local address: 2.2.2.2

remote address: 1.1.1.2

Flow:

sour addr: 192.168.2.0/255.255.255.0 port: 0 protocol: IP

dest addr: 192.168.1.0/255.255.255.0 port: 0 protocol: IP