Display IPsec Information on an Interface

Use the following procedure to display IPsec information on an interface.

Procedure

  1. To enter User EXEC mode, log on to the switch.
  2. Display the IPsec status on an Ethernet interface:

    show ipsec interface gigabitethernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

  3. Display the IPsec status on a VLAN interface:

    show ipsec interface vlan <1-4059>

  4. Display the IPsec status on a loopback interface:

    show ipsec interface loopback <1–256>

Example

Display the IPsec status on a VLAN interface:

Switch:1>show ipsec interface vlan 22 
==========================================================================================
                          VLAN Interface Policy Table

==========================================================================================
Vlan Interface         Policy Name            IPsec State          Direction
------------------------------------------------------------------------------------------
22                    AAA                   Enable                both                
22                    tcp                   Enable                both                
22                    icmp                  Enable                both

Variable Definitions

The following table defines parameters for the show ipsec interface command.

Variable

Value

gigabitethernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}
Identifies the slot and port in one of the following formats:

  • a single slot and port (slot/port)

  • a range of slots and ports (slot/port-slot/port)

  • a series of slots and ports (slot/port,slot/port,slot/port)

  • all ports on the same slot (slot/all)

  • all ports on the switch (all)

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

loopback <1–256>

Specifies the loopback interface.

vlan <1-4059>

Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1.

9039040-00 Rev AB