Display IPsec Information on an Interface

Use the following procedure to display IPsec information on an interface.

Procedure

To enter User EXEC mode, log on to the switch.
Display the IPsec status on an Ethernet interface:

show ipsec interface gigabitethernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}
Display the IPsec status on a VLAN interface:

show ipsec interface vlan <1-4059>
Display the IPsec status on a management interface:

show ipsec interface mgmtethernet mgmt

Note

This step applies to VSP 8600 Series only.
Display the IPsec status on a loopback interface:

show ipsec interface loopback <1–256>

Example

Display the IPsec status on a VLAN interface.

Switch:1>show ipsec interface vlan 22 
==========================================================================================
                          VLAN Interface Policy Table

==========================================================================================
Vlan Interface         Policy Name            IPsec State          Direction
------------------------------------------------------------------------------------------
22                    AAA                   Enable                both                
22                    tcp                   Enable                both                
22                    icmp                  Enable                both

Variable Definitions

The following table defines parameters for the show ipsec interface command.


Variable	Value
gigabitethernet `{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}`	Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
mgmtethernet mgmt	Identifies the interface as the management interface. Note: Exception: only supported on VSP 8600 Series.
loopback <1–256>	Specifies the loopback interface.
vlan `<1-4059>`	Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1.

Job aid

The following table describes the fields in the output for the show ipsec interface vlan command.


Parameter	Description
Vlan Interface	Specifies the VLAN interface.
Policy Name	Specifies the IPsec policy that associates with the specific VLAN or VLANs.
IPsec State	Specifies whether the IPsec policy is enabled on the VLAN interface.
Direction	Specifies the policy direction.

The following table describes the fields in the output for the show ipsec interface gigabitethernet command.


Parameter	Description
Interface	Specifies the interface.
Policy Name	Specifies the IPsec policy that associates with the specific port or ports.
IPsec State	Specifies whether the IPsec policy is enabled on the interface.
Direction	Specifies the policy direction.

The following table describes the fields in the output for the show ipsec interface mgmtethernet command.

Note

This command applies to VSP 8600 Series only.


Parameter	Description
Interface	Specifies the VLAN interface.
Policy Name	Specifies the IPsec policy that associates with the management port.
IPsec State	Specifies whether the IPsec policy is enabled on the interface.
Direction	Specifies the policy direction.

The following table describes the fields in the output for the show ipsec interface loopback command.


Parameter	Description
LoopBack Interface	Specifies the loopback interface.
Policy Name	Specifies the IPsec policy that associates with the interface.
IPsec State	Specifies whether the IPsec policy is enabled on the interface.
Direction	Specifies the policy direction.