S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
35-33
Cisco MDS 9000 Family CLI Configuration Guide
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Chapter 35 Configuring IPsec Network Security
Displaying IPsec Configurations
lifetimes in seconds:: 120
lifetimes in bytes:: 423624704
Example 35-13 Displays Information About the Policy Database
switch#
show crypto spd domain ipsec
Policy Database for interface: GigabitEthernet4/1, direction: Both
# 0: deny udp any port eq 500 any
# 1: deny udp any any port eq 500
# 2: permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
# 63: deny ip any any
Policy Database for interface: GigabitEthernet4/2, direction: Both
# 0: deny udp any port eq 500 any
<-----------------------UDP default entry
# 1: deny udp any any port eq 500
<---------------------- UDP default entry
# 3: permit ip 10.10.100.0 255.255.255.0 10.10.100.0 255.255.255.0
# 63: deny ip any any
<---------------------------------------- Clear text default entry
Example 35-14 Displays SPD Information for a Specific Interface
switch#
show crypto spd domain ipsec interface gigabitethernet 4/2
Policy Database for interface: GigabitEthernet3/1, direction: Both
# 0: deny udp any port eq 500 any
# 1: deny udp any any port eq 500
# 2: permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
# 127: deny ip any any
Example 35-15 Displays Detailed iSCSI Session Information for a Specific Interface
switch#
show iscsi session detail
Initiator iqn.1987-05.com.cisco:01.9f39f09c7468 (ips-host16.cisco.com)
Initiator ip addr (s): 10.10.10.5
Session #1 (index 24)
Discovery session, ISID 00023d000001, Status active
Session #2 (index 25)
Target ibm1
VSAN 1, ISID 00023d000001, TSIH 0, Status active, no reservation
Type Normal, ExpCmdSN 42, MaxCmdSN 57, Barrier 0
MaxBurstSize 0, MaxConn 1, DataPDUInOrder Yes
DataSeqInOrder Yes, InitialR2T Yes, ImmediateData No
Registered LUN 0, Mapped LUN 0
Stats:
PDU: Command: 41, Response: 41
Bytes: TX: 21388, RX: 0
Number of connection: 1
Connection #1
iSCSI session is protected by IPSec
<-----------The iSCSI session protection status
Local IP address: 10.10.10.4, Peer IP address: 10.10.10.5
CID 0, State: Full-Feature
StatSN 43, ExpStatSN 0
MaxRecvDSLength 131072, our_MaxRecvDSLength 262144
CSG 3, NSG 3, min_pdu_size 48 (w/ data 48)
AuthMethod none, HeaderDigest None (len 0), DataDigest None (len 0)
Version Min: 0, Max: 0
FC target: Up, Reorder PDU: No, Marker send: No (int 0)
Received MaxRecvDSLen key: Yes