View IPSec Statistics
Use the following procedure to clear Internet Protocol Security (IPSec) system statistics counters and view IPSec statistics on an interface. The device only clears system statistics counters on system reboot.
Procedure
-
View statistics for
IPSec on the management interface:
show ipsec statistics mgmtethernet <mgmt | mgmt2>
Note
This step applies to VSP 8600 Series only.
Example
View IPSec statistics. Output is partial due to length.
Switch:1>show ipsec statistics system
================================================================================
IPSEC Global Statistics
================================================================================
InSuccesses = 0
InSPViolations = 0
InNotEnoughMemories = 0
InAHESPReplays = 0
InAHFailures = 0
InESPFailures = 0
OutSuccesses = 0
OutSPViolations = 0
OutNotEnoughMemories = 0
generalError = 0
InAHSuccesses = 0
InESPSuccesses = 0
OutAHSuccesses = 0
OutESPSuccesses = 0
OutKBytes = 0
OutBytes = 0
InKBytes = 0
InBytes = 0
--More-- (q = quit)
Switch:1>show ipsec statistics gigabitethernet 1/13
================================================================================
Ipsec Port Stats
================================================================================
Ifindex = 204
InSuccesses = 0
InSPViolations = 0
InNotEnoughMemories = 0
InAHESPReplays = 0
InAHFailures = 0
InESPFailures = 0
OutSuccesses = 0
OutSPViolations = 0
OutNotEnoughMemories = 0
generalError = 0
Switch:1>show ipsec statistics vlan 1
================================================================================
Ipsec Vlan Stats
================================================================================
Ifindex = 2049
InSuccesses = 0
InSPViolations = 0
InNotEnoughMemories = 0
InAHESPReplays = 0
InAHFailures = 0
InESPFailures = 0
OutSuccesses = 0
OutSPViolations = 0
OutNotEnoughMemories = 0
generalError = 0
View IPSec statistics for a loopback interface:
Switch:1>show ipsec statistics loopback 1
================================================================================
Ipsec LoopBack Stats
================================================================================
Ifindex = 1344
InSuccesses = 0
InSPViolations = 0
InNotEnoughMemories = 0
InAHESPReplays = 0
InESPReplays = 0
InAHFailures = 0
InESPFailures = 0
OutSuccesses = 0
OutSPViolations = 0
OutNotEnoughMemories = 0
generalError = 0
Switch:1>show ipsec statistics mgmtethernet mgmt
================================================================================
Ipsec Port Stats
================================================================================
Ifindex = 64
InSuccesses = 0
InSPViolations = 0
InNotEnoughMemories = 0
InAHESPReplays = 0
InESPReplays = 0
InAHFailures = 0
InESPFailures = 0
OutSuccesses = 0
OutSPViolations = 0
OutNotEnoughMemories = 0
generalError = 0
Switch:1>show ipsec statistics mgmtethernet mgmt2
================================================================================
Ipsec Port Stats
================================================================================
Ifindex = 128
InSuccesses = 0
InSPViolations = 0
InNotEnoughMemories = 0
InAHESPReplays = 0
InESPReplays = 0
InAHFailures = 0
InESPFailures = 0
OutSuccesses = 0
OutSPViolations = 0
OutNotEnoughMemories = 0
generalError = 0
Variable Definitions
Use the data in the following table to use the show ipsec statistics command.
|
Variable |
Value |
|---|---|
|
{slot/port[/sub-port][-slot/port[/sub-port]][,...]} |
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port. |
|
loopback <1–256> |
Identifies the loopback interface. |
|
mgmtethernet < mgmt | mgmt2> Note:
Exception: only supported on VSP 8600 Series. |
Identifies the interface as the management interface. |
|
system |
Shows statistics for the entire system. |
|
vlan <1-4059> |
Specifies the VLAN. |
Job Aid
The following table describes the fields in the output for the show ipsec statistics system command.
|
Parameter |
Description |
|---|---|
|
InSuccesses |
Specifies the number of ingress packets IPsec successfully carries. |
|
InSPViolations |
Specifies the number of ingress packets IPsec discards since boot time because of a security policy violation. |
|
InNotEnoughMemories |
Specifies the number of ingress packets IPsec discards since boot time because not enough memory is available. |
|
InAHESPReplays |
Specifies the number of ingress packets IPsec discards since boot time because the encapsulating security payload (ESP) replay check fails. |
|
InAHFailures |
Specifies the number of ingress packets IPsec discards since boot time because the AH authentication check fails. |
|
InESPFailures |
Specifies the number of ingress packets IPsec discards since boot time because the ESP authentication check fails. |
|
OutSuccesses |
Specifies the number of egress packets IPsec successfully carries since boot time. |
|
OutSPViolations |
Specifies the number of egress packets IPsec discards since boot time because a security policy violation occurs. |
|
OutNotEnoughMemories |
Specifies the number of egress packets IPsec discards since boot time because not enough memory is available since boot time. |
|
generalError |
Specifies a general error. |
|
InAHSuccesses |
Specifies the number of ingress packets IPsec carries because the AH authentication succeeds. |
|
InESPSuccesses |
Specifies the number of ingress packets IPsec carries since boot time because the ESP authentication succeeds. |
|
OutAHSuccesses |
Specifies the number of egress packets IPsec successfully carries since boot time. |
|
OutESPSuccesses |
Specifies the number of egress packets IPsec successfully carries since boot time. |
|
OutKBytes |
Specifies the total number of kilobytes on egress. |
|
OutBytes |
Specifies the total number of bytes on egress. |
|
InKBytes |
Specifies the total number of bytes on ingress. |
|
InBytes |
Specifies the total number of bytes on ingress. |
|
TotalPacketsProcessed |
Specifies the total number of packets processed. |
|
TotalPacketsByPassed |
Specifies the total number of packets bypassed. |
|
OutAHFailures |
Specifies the number of egress packets IPsec discards since boot time because the AH authentication check fails. |
|
OutESPFailures |
Specifies the number of egress packets IPsec discards since boot time because the ESP authentication check fails. |
|
InMD5Hmacs |
Specifies the number of inbound HMAC MD5 occurrences since boot time. |
|
InSHA1Hmacs |
Specifies the number of inbound HMAC SHA1 occurrences since boot time. |
|
InAESXCBCs |
Specifies the number of inbound AES XCBC MAC occurrences since boot time. |
|
InAnyNullAuth |
Specifies the number of inbound null authentication occurrences since boot time. |
|
In3DESCBCs |
Specifies the number of inbound 3DES CBC occurrences since boot time. |
|
InAESCBCs |
Specifies the number of inbound AES CBC occurrences since boot time. |
|
InAESCTRs |
Specifies the number of inbound AES CTR occurrences since boot time. |
|
InAnyNullEncrypt |
Specifies the number of inbound null occurrences since boot time. Used for debugging purposes. |
|
OutMD5Hmacs |
Specifies the number of outbound HMAC MD5 occurrences since boot time. |
|
OutSHA1Hmacs |
Specifies the number of outbound HMAC SHA1 occurrences since boot time. |
|
OutAESXCBCs |
Specifies the number of outbound AES XCBC MAC occurrences since boot time. |
|
OutInAnyNullAuth |
Specifies the number of outbound null authentication occurrences since boot time. |
|
Out3DESCBCs |
Specifies the number of outbound 3DES CBC occurrences since boot time. |
|
OutAESCBCs |
Specifies the number of outbound AES CBC occurrences since boot time. |
|
OutAESCTRs |
Specifies the number of outbound AES CTR occurrences since boot time. |
|
OutInAnyNullEncrypt |
Specifies the number of outbound null occurrences since boot time. Used for debugging purposes. |
The following table describes the fields in the output for the show ipsec statistics gigabitethernet {slot/port[-slot/port][,...]} and show statistics loopback <1–256> commands.
|
Parameter |
Description |
|---|---|
|
Ifindex |
Specifies the interface. |
|
InSuccesses |
Specifies the number of ingress packets IPsec successfully carries. |
|
InSPViolations |
Specifies the number of ingress packets IPsec discards since boot time because of a security policy violation. |
|
InNotEnoughMemories |
Specifies the number of ingress packets IPsec discards since boot time because not enough memory is available. |
|
InAHESPReplays |
Specifies the number of ingress packets IPsec discards since boot time because the encapsulating security payload (ESP) replay check fails. |
|
InAHFailures |
Specifies the number of ingress packets IPsec discards since boot time because the AH authentication check fails. |
|
InESPFailures |
Specifies the number of ingress packets IPsec discards since boot time because the ESP authentication check fails. |
|
OutSuccesses |
Specifies the number of egress packets IPsec successfully carries since boot time. |
|
OutSPViolations |
Specifies the number of egress packets IPsec discards since boot time because a security policy violation occurs. |
|
OutNotEnoughMemories |
Specifies the number of egress packets IPsec discards since boot time because not enough memory is available since boot time. |
|
generalError |
Specifies a general error. |
The following table describes the fields in the output for the show ipsec statistics vlan <1–4059> command.
|
Parameter |
Description |
|---|---|
|
Ifindex |
Specifies the interface. |
|
InSuccesses |
Specifies the number of ingress packets IPsec successfully carries. |
|
InSPViolations |
Specifies the number of ingress packets IPsec discards since boot time because of a security policy violation. |
|
InNotEnoughMemories |
Specifies the number of ingress packets IPsec discards since boot time because not enough memory is available. |
|
InAHESPReplays |
Specifies the number of ingress packets IPsec discards since boot time because the encapsulating security payload (ESP) replay check fails. |
|
InAHFailures |
Specifies the number of ingress packets IPsec discards since boot time because the AH authentication check fails. |
|
InESPFailures |
Specifies the number of ingress packets IPsec discards since boot time because the ESP authentication check fails. |
|
OutSuccesses |
Specifies the number of egress packets IPsec successfully carries since boot time. |
|
OutSPViolations |
Specifies the number of egress packets IPsec discards since boot time because a security policy violation occurs. |
|
OutNotEnoughMemories |
Specifies the number of egress packets IPsec discards since boot time because not enough memory is available since boot time. |
|
generalError |
Specifies a general error. |
The following table describes the fields in the output for the show ipsec statistics mgmtethernet command.
Note
This command only applies to VSP 8600 Series.
|
Parameter |
Description |
|---|---|
|
Ifindex |
Specifies the interface. |
|
InSuccesses |
Specifies the number of ingress packets IPsec successfully carries. |
|
InSPViolations |
Specifies the number of ingress packets IPsec discards since boot time because of a security policy violation. |
|
InNotEnoughMemories |
Specifies the number of ingress packets IPsec discards since boot time because not enough memory is available. |
|
InAHESPReplays |
Specifies the number of ingress packets IPsec discards since boot time because the AH replay check fails. |
|
InESPReplays |
Specifies the total number of ingress packets IPsec discards since boot time because the encapsulating security payload (ESP) replay check fails. |
|
InAHFailures |
Specifies the number of ingress packets IPsec discards since boot time because the AH authentication check fails. |
|
InESPFailures |
Specifies the number of ingress packets IPsec discards since boot time because the ESP authentication check fails. |
|
OutSuccesses |
Specifies the number of egress packets IPsec successfully carries since boot time. |
|
OutSPViolations |
Specifies the number of egress packets IPsec discards since boot time because a security policy violation occurs. |
|
OutNotEnoughMemories |
Specifies the number of egress packets IPsec discards since boot time because not enough memory is available since boot time. |
|
generalError |
Specifies a general error. |