Network Router User Manual

ManualsBrandsBrocade Communications Systems ManualsNetwork RouterLayer 3 Routing Configuration ICX 6650

291

292

293

294

295

296

297

298

299

300

Brocade ICX 6650 Layer 3 Routing Configuration Guide 275

53-1002603-01

Displaying OSPF V3 Information

Showing IPsec policy

The show ipsec policy command displays the database for the IPsec security policies. The fields for

this show command output appear in the screen output example that follows. However, you should

understand the layout and column headings for the display before trying to interpret the

information in the example screen.

Each policy entry consists of two categories of information:

• The policy information

• The SA used by the policy

The policy information line in the screen begins with the heading Ptype and also has the headings

Dir, Proto, Source (Prefix:TCP.UDP Port), and Destination (Prefix:TCP/UDPPort). The SA line

contains the SPDID, direction, encapsulation (always ESP in the current release), the user-specified

SPI, For readability, the policy information is described in Table 57, and SA-specific information is in

Table 58.

Syntax: show ipsec policy

This command takes no parameters.

TABLE 57 IPsec policy information

Field Description

PType This field contains the policy type. Of the existing policy types, only the “use”

policy type is supported, so each entry can have only “use.”

Dir The direction of traffic flow to which the IPsec policy is applied. Each direction

has its own entry.

Proto The only possible routing protocol for the security policy in the current release

is OSPFv3.

Brocade#show ipsec policy

IPSEC Security Policy Database(Entries:8)

PType Dir Proto Source(Prefix:TCP/UDP Port) Destination(Prefix:TCP/UDPPort)

SA: SPDID(if) Dir Encap SPI Destination

use in OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/2 in ESP 302 FE80::

use out OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/2 out ESP 302 ::

use in OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/1 in ESP 302 FE80::

use out OSPF 2001:db8::/10:any ::/0:any

SA: eth1/1/1 out ESP 302 ::

use in OSPF 2001:db8:1::1/128:any 2001:db8:1::2/128:any

SA: ethALL in ESP 512 10:1:1::2

use out OSPF 2001:db8:1::2/128:any 2001:db8:1::1/128:any

SA: eth1/1/1 out ESP 512 35:1:1::1

use in OSPF 2001:db8:1::1/128:any 2001:db8:1::2/128:any

SA: ethALL in ESP 512 10:1:1::2

use out OSPF 2001:db8:1::2/128:any 2001:db8:1::1/128:any

SA: 2:e1/1/2 out ESP 512 2001:db8:1::1