crypto
Displays encryption mode
information
Supported on the following devices:
- Access Points:
AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP7602, AP7612, AP7622, AP7632,
AP7662, AP8163, AP8533.
- Service Platforms:
NX5500, NX7500, NX9500, NX9600
- Virtual Platforms: CX9000, VX9000
Syntax
show crypto [cmp|ike|ipsec|key|pki]
show crypto cmp request status
show crypto ike sa {detail|on|peer|version}
show crypto ike sa {detail|peer <IP>} {on <DEVICE-NAME>}
show crypto ike sa {version [1|2]} {peer <IP>} {(on <DEVICE-NAME>)}
show crypto ipsec sa {detail|on|peer}
show crypto ipsec sa {detail} {on <DEVICE-NAME>}
show crypto ipsec sa {peer <IP>} {detail} {(on <DEVICE-NAME>)}
show crypto key rsa {on|public-key-detail}
show crypto key rsa {public-key-detail} {(on <DEVICE-NAME>)}
show crypto pki trustpoints {<TRUSTPOINT-NAME>|all|on}
show crypto pki trustpoints {<TRUSTPOINT-NAME>|all} {(on <DEVICE-NAME>)}
Parameters
show crypto cmp request status
crypto cmp request status |
Displays current status of in-progress certificate management
protocol (CMP) requests For more information, see Crypto-CMP Policy.
|
show crypto ike sa {detail|peer <IP>} {on <DEVICE-NAME>}
crypto ike sa |
Displays Internet Key Exchange (IKE) SA (security
association) statistics |
detail |
Displays detailed IKE SA statistics |
peer <IP> |
Optional. Displays IKE SA statistics for a specified peer
- <IP> – Specify
the peer‘s IP address in the A.B.C.D format
|
on <DEVICE-NAME> |
Optional. Displays IKE SA statistics on a specified device
- <DEVICE-NAME> –
Specify the name of the AP, wireless controller, or service
platform.
|
show crypto ike sa {version [1|2]} {peer <IP>} {(on <DEVICE-NAME>)}
crypto ike sa |
Displays IKE SA details |
version [1|2] |
Optional. Displays IKE SA version statistics
- 1 – Displays IKEv1
statistics
- 2 – Displays IKEv2
statistics
|
peer <IP> |
Optional. Displays IKE SA version statistics for a specified peer
- <IP> – Specify the peer‘s IP address in the A.B.C.D format
|
on <DEVICE-NAME> |
The following keyword is recursive and common to the ‘peer ip‘
parameter:
- on <DEVICE-NAME> –
Optional. Displays IKE SA statistics on a specified device
- <DEVICE-NAME> – Specify the name of the AP, wireless
controller, or service platform.
|
show crypto ipsec sa {detail} {on <DEVICE-NAME>}
crypto ipsec sa |
Displays Internet Protocol Security (IPSec) SA statistics. The
IPSec encryption authenticates and encrypts each IP packet in a
communication session |
detail |
Optional. Displays detailed IPSec SA statistics |
on <DEVICE-NAME> |
Optional. Displays IPSec SAs on a specified device
- <DEVICE-NAME> – Specify the name of the AP, wireless controller,
or service platform.
|
show crypto ipsec sa {peer <IP>} {detail} {(on <DEVICE-NAME>)}
crypto ipsec sa |
Displays IPSec SA statistics. The IPSec encryption authenticates and
encrypts each IP packet in a communication session |
peer <IP> detail |
Optional. Displays IPSec SA statistics for a specified peer
- <IP> – Specify
the peer‘s IP address in the A.B.C.D format.
- detail –
Displays detailed IPSec SA statistics for the specified
peer
|
on <DEVICE-NAME> |
The following keyword is recursive:
- on <DEVICE-NAME>
– Optional. Displays IPSec SAs on a specified device
- <DEVICE-NAME> – Specify the name of the AP, wireless
controller, or service platform.
|
show crypto key rsa {public-key-detail} {(on <DEVICE-NAME>)}
crypto key rsa |
Displays RSA public keys |
public-key-detail |
Optional. Displays public key in the Privacy-Enhanced Mail (PEM)
format |
on <DEVICE-NAME> |
The following keyword is recursive:
- on <DEVICE-NAME>
– Optional. Displays public key on a specified device
- <DEVICE-NAME> – Specify the name of the AP, wireless
controller, or service platform.
|
show crypto pki trustpoints {<TRUSTPOINT-NAME>|all} {(on <DEVICE-NAME>)}
crypto pki |
Displays PKI related information |
trustpoints |
Displays WLAN trustpoints This command displays all trustpoints
including CMP-generated trustpoints.
|
<TRUSTPOINT-NAME> |
Optional. Displays a specified trustpoint details. Specify the
trustpoint name. |
all |
Optional. Displays details of all trustpoints |
on <DEVICE-NAME> |
The following keyword is recursive and common to the ‘trustpoint-name'
and ‘all' parameters:
- on <DEVICE-NAME>
– Optional. Displays trustpoints configured on a specified device
- <DEVICE-NAME> – Specify the name of the AP, wireless
controller, or service platform.
|
Examples
nx9500-6C8809(config)#show crypto key rsa public-key-detail
RSA key name: ting Key-length: 2048
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLj11yR38+/mcInGRlrw
3DaasuTJhKsWg7kcSVkM7RLd/Wq/mPZEsqwFLnvFIm4rVIke+mVdWBqV4oGE1TUm
Z4YqKtzlANSAG7EZREr3MXEIHd49NHYeK8U+1EAmHN9F21XCxTO+yRMngKDJeHfz
Za2/64PdBsnRlV4nqCGMGHbbaaCwGe5X0a
RSA key name: default_rsa_key Key-length: 2048
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hyJDk9aMk97X3PhoyMb
6nufFLFUkpF9YwSqO2fNyp9SutqpoML/VAMHHotmaa6SsxPURF8mC66bT7De32r7
wwPd7pIWwALTscwCzd3CrB1jY8s2OQ7ZHGCH6MLau+LeoNPE0c+uH3tNLloTAvSG
xtUAHfwFa4rM6vlzs/ejJ4InnboI8i4uIA
nx9500-6C8809(config)#
nx9500-6C8809(config)#show crypto key rsa
--------------------------------------------------------------------------------
# KEY NAME KEY LENGTH
--------------------------------------------------------------------------------
1 ting 2048
2 default_rsa_key 2048
--------------------------------------------------------------------------------
nx9500-6C8809(config)#
nx9500-6C8809(config)#show crypto pki trustpoints all
Trustpoint Name: default-trustpoint (self signed)
-------------------------------------------------------------------------------
CRL present: no
Server Certificate details:
Key used: default_rsa_key
Serial Number: 051d
Subject Name:
/CN=NX9500-B4-C7-99-6C-88-09
Issuer Name:
/CN=NX9500-B4-C7-99-6C-88-09
Valid From : Thu Dec 5 04:15:59 2013 UTC
Valid Until: Sun Dec 3 04:15:59 2023 UTC
nx9500-6C8809(config)#
nx9500-6C8809>show crypto cmp request status
CMP Request Status: ir-req-reset
nx9500-6C8809>