crypto

Displays encryption mode information

Supported on the following devices:

Syntax

show crypto [cmp|ike|ipsec|key|pki]
show crypto cmp request status
show crypto ike sa {detail|on|peer|version}
show crypto ike sa {detail|peer <IP>} {on <DEVICE-NAME>}
show crypto ike sa {version [1|2]} {peer <IP>} {(on <DEVICE-NAME>)}
show crypto ipsec sa {detail|on|peer}
show crypto ipsec sa {detail} {on <DEVICE-NAME>}
show crypto ipsec sa {peer <IP>} {detail} {(on <DEVICE-NAME>)}
show crypto key rsa {on|public-key-detail}
show crypto key rsa {public-key-detail} {(on <DEVICE-NAME>)}
show crypto pki trustpoints {<TRUSTPOINT-NAME>|all|on}
show crypto pki trustpoints {<TRUSTPOINT-NAME>|all} {(on <DEVICE-NAME>)}

Parameters

show crypto cmp request status
crypto cmp request status Displays current status of in-progress certificate management protocol (CMP) requests

For more information, see Crypto-CMP Policy.

 
show crypto ike sa {detail|peer <IP>} {on <DEVICE-NAME>}
crypto ike sa Displays Internet Key Exchange (IKE) SA (security association) statistics
detail Displays detailed IKE SA statistics
peer <IP> Optional. Displays IKE SA statistics for a specified peer
  • <IP> – Specify the peer‘s IP address in the A.B.C.D format
on <DEVICE-NAME> Optional. Displays IKE SA statistics on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
 
show crypto ike sa {version [1|2]} {peer <IP>} {(on <DEVICE-NAME>)}
crypto ike sa Displays IKE SA details
version [1|2] Optional. Displays IKE SA version statistics
  • 1 – Displays IKEv1 statistics
  • 2 – Displays IKEv2 statistics
peer <IP> Optional. Displays IKE SA version statistics for a specified peer
  • <IP> – Specify the peer‘s IP address in the A.B.C.D format
on <DEVICE-NAME> The following keyword is recursive and common to the ‘peer ip‘ parameter:
  • on <DEVICE-NAME> – Optional. Displays IKE SA statistics on a specified device
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
 
show crypto ipsec sa {detail} {on <DEVICE-NAME>}
crypto ipsec sa Displays Internet Protocol Security (IPSec) SA statistics. The IPSec encryption authenticates and encrypts each IP packet in a communication session
detail Optional. Displays detailed IPSec SA statistics
on <DEVICE-NAME> Optional. Displays IPSec SAs on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
 
show crypto ipsec sa {peer <IP>} {detail} {(on <DEVICE-NAME>)}
crypto ipsec sa Displays IPSec SA statistics. The IPSec encryption authenticates and encrypts each IP packet in a communication session
peer <IP> detail Optional. Displays IPSec SA statistics for a specified peer
  • <IP> – Specify the peer‘s IP address in the A.B.C.D format.
    • detail – Displays detailed IPSec SA statistics for the specified peer
on <DEVICE-NAME> The following keyword is recursive:
  • on <DEVICE-NAME> – Optional. Displays IPSec SAs on a specified device
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
 
show crypto key rsa {public-key-detail} {(on <DEVICE-NAME>)}
crypto key rsa Displays RSA public keys
public-key-detail Optional. Displays public key in the Privacy-Enhanced Mail (PEM) format
on <DEVICE-NAME> The following keyword is recursive:
  • on <DEVICE-NAME> – Optional. Displays public key on a specified device
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
 
show crypto pki trustpoints {<TRUSTPOINT-NAME>|all} {(on <DEVICE-NAME>)}
crypto pki Displays PKI related information
trustpoints Displays WLAN trustpoints

This command displays all trustpoints including CMP-generated trustpoints.
<TRUSTPOINT-NAME> Optional. Displays a specified trustpoint details. Specify the trustpoint name.
all Optional. Displays details of all trustpoints
on <DEVICE-NAME> The following keyword is recursive and common to the ‘trustpoint-name' and ‘all' parameters:
  • on <DEVICE-NAME> – Optional. Displays trustpoints configured on a specified device
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.

Examples

nx9500-6C8809(config)#show crypto key rsa public-key-detail

RSA key name: ting        Key-length: 2048
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLj11yR38+/mcInGRlrw
3DaasuTJhKsWg7kcSVkM7RLd/Wq/mPZEsqwFLnvFIm4rVIke+mVdWBqV4oGE1TUm
Z4YqKtzlANSAG7EZREr3MXEIHd49NHYeK8U+1EAmHN9F21XCxTO+yRMngKDJeHfz
Za2/64PdBsnRlV4nqCGMGHbbaaCwGe5X0a

RSA key name: default_rsa_key        Key-length: 2048
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hyJDk9aMk97X3PhoyMb
6nufFLFUkpF9YwSqO2fNyp9SutqpoML/VAMHHotmaa6SsxPURF8mC66bT7De32r7
wwPd7pIWwALTscwCzd3CrB1jY8s2OQ7ZHGCH6MLau+LeoNPE0c+uH3tNLloTAvSG
xtUAHfwFa4rM6vlzs/ejJ4InnboI8i4uIA
nx9500-6C8809(config)#
nx9500-6C8809(config)#show crypto key rsa
--------------------------------------------------------------------------------
         #                      KEY NAME                     KEY LENGTH
--------------------------------------------------------------------------------
  1                  ting                             2048
  2                  default_rsa_key                  2048
--------------------------------------------------------------------------------
nx9500-6C8809(config)#
nx9500-6C8809(config)#show crypto pki trustpoints all

Trustpoint Name: default-trustpoint        (self signed)
-------------------------------------------------------------------------------
  CRL present: no
  Server Certificate details:
    Key used: default_rsa_key
    Serial Number: 051d
    Subject Name:
      /CN=NX9500-B4-C7-99-6C-88-09
    Issuer Name:
      /CN=NX9500-B4-C7-99-6C-88-09
    Valid From : Thu Dec  5 04:15:59 2013 UTC
    Valid Until: Sun Dec  3 04:15:59 2023 UTC

nx9500-6C8809(config)#
nx9500-6C8809>show crypto cmp request status
CMP Request Status: ir-req-reset
nx9500-6C8809>
9037762-01 Rev AA