show isis logical-interface ipsec

Display IS-IS logical interface information for IPsec.

Syntax

show isis logical-interface ipsec

Command Parameters

ipsec: Displays IS-IS logical interface IDs with authentication key (auth-key) values, encryption key length, and other IPsec configurations.

Default

The default is none.

Command Mode

User EXEC

Usage Guidelines

This command only applies to XA1400 Series.

Command Output

The show isis logical-interface ipsec command displays the following information:


Name	Description
ID	Specifies the index number that uniquely identifies this logical interface.
Status	Specifies whether IPsec is enabled on the IPsec tunnel.
Auth-Method	Specifies the IPsec authentication method for the tunnel as either a pre-shared key or RSA signature for digital certificates.
Auth-Key	Specifies the authentication key of this logical interface, which can be up to 32 characters.
ESP	Specifies the IPsec Encapsulating Security Payload (ESP) cipher suite. Possible values are aes128gcm16-sha256, aes256-sha256, or aes256gcm16-sha256.
Responder-Only	Specifies whether the device is a Responder device in an IPsec Network Address Translation Traversal (NAT-T) connection.
Remote NAT IP	Specifies the public IP address of the NAT router connected to the Responder device in an IPsec NAT-T connection.
Auth-Key-Length	Specifies the IPsec encryption key length for FE tunnel, which can be 128 bit or 256 bit. The default value is 128.
Compression	Specifies whether IPsec compression is used.
Frag-before-encrypt	Specifies whether the fragmentation of packets before IPsec encryption is enabled or disabled on the tunnel.
IPsec source type	Specifies the type of source IP address for the IPsec tunnel.
IP address	Specifies the source IP address for the IPsec tunnel.
IPsec Dst IP	Specifies the destination IP address for the IPsec tunnel.
TUNNEL_NEXT_HOP PORT/MLT	Specifies the outgoing interface (port or MLT) for VXLAN traffic.
TUNNEL_NEXT_HOP VLAN	Specifies the outgoing VLAN interface for VXLAN traffic.
VRF	Specifies the IPsec tunnel VRF.

Examples

The following examples display the IS-IS logical interface IPsec and IPsec tunnel information.

Switch:1>show isis logical-interface ipsec
=======================================================================================================================================
                          ISIS Logical Interface IPSec
=======================================================================================================================================
ID   Status   Auth-Method   Auth-Key  ESP                  Responder-Only   Remote NAT IP  Auth-Key-Len Compression Frag-before-encrypt
---------------------------------------------------------------------------------------------------------------------------------------
1    Enable   RSA-SIG       ******    aes128gcm16-sha256   False            -              128          False       True

---------------------------------------------------------------------------------------------------------------------------------------
 1 out of 1 Total Num of Logical ISIS interfaces
---------------------------------------------------------------------------------------------------------------------------------------

======================================================================================================================
                           IPSec Tunnel General Info
======================================================================================================================
       IPSec tunnel global source-ip-address : 203.0.113.1

======================================================================================================================
                               ISIS IPSec Tunnels
======================================================================================================================

ID    IPSec source    IP            IPSec Dst Ip        TUNNEL_NEXT_HOP
      type            address                           PORT/MLT   VLAN        VRF
----------------------------------------------------------------------------------------------------------------------
1     global          203.0.113.1   100.100.100.6      Port1/6    100       GlobalRouter
----------------------------------------------------------------------------------------------------------------------
 1 out of 1 Total Num of Logical ISIS interfaces
----------------------------------------------------------------------------------------------------------------------

Switch:1>show isis logical-interface ipsec
========================================================================================================================================
                          ISIS Logical Interface IPSec
========================================================================================================================================
ID  Status  Auth-Method   Auth-Key   ESP                  Responder-Only   Remote NAT IP  Auth-Key-Len   Compression Frag-before-encrypt
----------------------------------------------------------------------------------------------------------------------------------------
1   Enable  PSK           ******     aes128gcm16-sha256   False            -              128             False       True
2   Enable  PSK           ******     aes128gcm16-sha256   False            -              128             False       True
3   Enable  PSK           ******     aes128gcm16-sha256   False            -              128             False       True
----------------------------------------------------------------------------------------------------------------------------------------
 3 out of 3 Total Num of Logical ISIS interfaces
----------------------------------------------------------------------------------------------------------------------------------------

======================================================================================================================
                           IPSec Tunnel General Info
======================================================================================================================
       IPSec tunnel global source-ip-address : 203.0.113.1

======================================================================================================================
                               ISIS IPSec Tunnels
======================================================================================================================

ID    IPSec source    IP            IPSec Dst Ip        TUNNEL_NEXT_HOP
      type            address                           PORT/MLT   VLAN        VRF
----------------------------------------------------------------------------------------------------------------------
1     dhcp            10.3.1.5      203.0.113.23          Port1/6    100       GlobalRouter
2     global          203.0.113.1   100.100.100.6         Port1/1    450       fe
3     static          20.20.20.20   120.120.120.6         Port1/1    20        fe
----------------------------------------------------------------------------------------------------------------------
 3 out of 3 Total Num of Logical ISIS interfaces
----------------------------------------------------------------------------------------------------------------------