Displaying and maintaining IPsec
Task
Display IPsec policy information.
Display IPsec transform set
information.
Display IPsec SA information.
Display IPsec session information.
Display IPsec packet statistics.
Display IPsec tunnel information.
Clear SAs.
Clear IPsec sessions.
Clear IPsec statistics.
IPsec configuration examples
IKE-based IPsec tunnel for IPv4 packets configuration example
Network requirements
As shown in
between Switch A and Switch B. Configure the tunnel to use the security protocol ESP, the encryption
algorithm AES-CBC- 1 28, and the authentication algorithm HMAC-SHA1-96.
Figure 115 Network diagram
Configuration procedure
1.
Configure Switch A:
# Assign an IP address to VLAN-interface 1.
Command
display ipsec policy [ brief | name
policy-name [ seq-number ] ] [ | { begin |
exclude | include } regular-expression ]
display ipsec transform-set
[ transform-set-name ] [ | { begin |
exclude | include } regular-expression ]
display ipsec sa [ brief | policy
policy-name [ seq-number ] | remote
ip-address ] [ | { begin | exclude |
include } regular-expression ]
display ipsec session [ tunnel-id integer ]
[ | { begin | exclude | include }
regular-expression ]
display ipsec statistics [ tunnel-id integer ]
[ | { begin | exclude | include }
regular-expression ]
display ipsec tunnel [ | { begin | exclude
| include } regular-expression ]
reset ipsec sa [ parameters dest-address
protocol spi | policy policy-name
[ seq-number ] | remote ip-address ]
reset ipsec session [ tunnel-id integer ]
reset ipsec statistics
Figure 1
15, configure an IPsec tunnel between Switch A and Switch B to protect data flows
312
Remarks
Available in any view.
Available in any view.
Available in any view.
Available in any view.
Available in any view.
Available in any view.
Available in user view.
Available in user view.
Available in user view.