R2511-HP MSR Router Series Security Command Reference(V5)
580
Parameters
group group-name: Displays IPsec SA information obtained by GMs of a GDOI GM group. The
group-name argument is the GDOI GM group name, a case-sensitive string of 1 to 63 characters. If you
do not specify this option, the command displays IPsec SA information obtained by all GMs.
|: Filters command output by specifying a regular expression. For more information about regular
expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display IPsec SA information obtained by all GMs.
<Sysname> display gdoi gm ipsec sa
SA created for group abc:
Interface Ethernet0/0;
Interface Ethernet0/1:
IPsec SA:
SPI: 0x9AE5951E(2598737182)
Transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1
SA timing:
remaining key lifetime (sec): 12
Anti-replay detection: Disabled
SA created for group hh:
Interface Ethernet0/0;
Interface Ethernet0/1:
IPsec SA:
SPI: 0xDCC66F7B(3703992187)
Transform: ESP-ENCRYPT-AES-128 ESP-AUTH-SHA1
SA timing:
remaining key lifetime (sec): 190
Anti-replay detection: Disabled
Table 95 Command output
Field Description
Interface Name of the interface bound to the IPsec SA.
Transform Transform set.
remaining key lifetime (sec) Remaining lifetime of the IPsec SA, in seconds.
anti-replay window size(time based)
Time-based anti-replay window size, in seconds. This
field is displayed only when anti-replay detection is
enabled.
anti-replay window size(counter based)
Traffic-based anti-replay window size: 32, 64, 128,
256, 512, or 1024, in packets. This field is displayed
only when anti-replay detection is enabled.