Display IPsec Information on an Interface

Use the following procedure to display IPsec information on an interface.

Procedure

  1. To enter User EXEC mode, log on to the switch.
  2. Display the IPsec status on an Ethernet interface:

    show ipsec interface gigabitethernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

  3. Display the IPsec status on a VLAN interface:

    show ipsec interface vlan <1-4059>

  4. Display the IPsec status on a management interface:

    show ipsec interface mgmtethernet mgmt

    Note

    Note

    This step applies to VSP 8600 Series only.

  5. Display the IPsec status on a loopback interface:

    show ipsec interface loopback <1–256>

Example

Display the IPsec status on a VLAN interface.

Switch:1>show ipsec interface vlan 22 
==========================================================================================
                          VLAN Interface Policy Table

==========================================================================================
Vlan Interface         Policy Name            IPsec State          Direction
------------------------------------------------------------------------------------------
22                    AAA                   Enable                both                
22                    tcp                   Enable                both                
22                    icmp                  Enable                both                

Variable Definitions

The following table defines parameters for the show ipsec interface command.

Variable

Value

gigabitethernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

mgmtethernet mgmt

Identifies the interface as the management interface.

Note:

Exception: only supported on VSP 8600 Series.

loopback <1–256>

Specifies the loopback interface.

vlan <1-4059>

Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1.

Job aid

The following table describes the fields in the output for the show ipsec interface vlan command.

Parameter

Description

Vlan Interface

Specifies the VLAN interface.

Policy Name

Specifies the IPsec policy that associates with the specific VLAN or VLANs.

IPsec State

Specifies whether the IPsec policy is enabled on the VLAN interface.

Direction

Specifies the policy direction.

The following table describes the fields in the output for the show ipsec interface gigabitethernet command.

Parameter

Description

Interface

Specifies the interface.

Policy Name

Specifies the IPsec policy that associates with the specific port or ports.

IPsec State

Specifies whether the IPsec policy is enabled on the interface.

Direction

Specifies the policy direction.

The following table describes the fields in the output for the show ipsec interface mgmtethernet command.

Note

Note

This command applies to VSP 8600 Series only.

Parameter

Description

Interface

Specifies the VLAN interface.

Policy Name

Specifies the IPsec policy that associates with the management port.

IPsec State

Specifies whether the IPsec policy is enabled on the interface.

Direction

Specifies the policy direction.

The following table describes the fields in the output for the show ipsec interface loopback command.

Parameter

Description

LoopBack Interface

Specifies the loopback interface.

Policy Name

Specifies the IPsec policy that associates with the interface.

IPsec State

Specifies whether the IPsec policy is enabled on the interface.

Direction

Specifies the policy direction.