[index] CentreCOM AR300/AR700 シリーズ コマンドリファレンス 2.3

SHOW IPSEC COUNTERS

カテゴリー:IPsec / 一般コマンド
対象機種:AR300 V2、AR300L V2、AR720、AR740


SHOW IPSEC COUNTERS[={AH|ALG|COMP|ESP|MAIN|SAD|SETUP|SPD}]


IPsecモジュールのデバッグ用統計カウンターを表示する。



パラメーター

COUNTERS: 表示する統計カウンターのカテゴリーを指定する。省略時およびALLを指定した場合はすべてのカウンターが表示される。その他カテゴリーには、AH(AHプロトコル処理部)、ALG(暗号化・認証アルゴリズム処理部)、COMP(IPCompプロトコル処理部)、ESP(ESPプロトコル処理部)、MAIN(IPsecメインプロトコル処理部)、SAD(SAデータベース)、SETUP(SAの構築と削除)、SPD(セキュリティーポリシーデータベース)がある。カテゴリーはカンマ区切りで複数指定可能。



入力・出力・画面例

SecOff > show ipsec counters

SAD Counters
                  Good      Failed
  Find SA         3407           0
  Get SA         18110           0
  Add SA             8
  Delete SA          7           0

SPD Counters
                             Good          Failed
  policyMatchSelectors      11361           18812
  policyAdd                     3               0
  policyGet                    20               3
  policyDelete                  0               0
  policyGetConfig               2               0
  policySetConfig               1               0
  policyFindByPeer              0               0
  saSpecAdd                     1               0
  saSpecGet                    17               1
  saSpecDelete                  0               0
  bundleSpecAdd                 1               0
  bundleSpecGet                10               1
  bundleSpecDelete              0               0

Policy Filter Counters
  localAddressMaskFailed        7523  localAddressRangeFailed           0
  remoteAddressMaskFailed          0  remoteAddressRangeFailed          0
  localPortFailed              11289  remotePortFailed                  0
  localNameFailed                  0  remoteNameFailed                  0
  transportProtoFailed             0

IPsec bundle setup/remove counters:
  setupGetSaSpecFail             0  setupGetPolicyFail             0
  setupStarted                   8  setupSaSetupFailImm            0
  setupSaSetupStarted            8  setupSaSetupFailed             0
  setupDone                      8  setupFailed                    0
  setupBundleRemoving            0
  removeStarted                  7  removeSaSetupStarted           0
  removeDone                     7

IPsec main packet processing counters:
  outProcessPkt               8001  inProcessPkt                6767
  outNoPolicyFound               0  inNoPolicyFound                0
  outProcessPktFinished       3766  inProcessPktFinished        3391

IPsec over UDP Counters
  outPkt                         0  inPkt                          0
  outPktFail                     0  inPktBadVersion                0
                                    inPktNoPolicy                  0
  outUdpHeartBeat                0  inUdpHeartBeat                 0

ESP setup/remove counters
  setupGetSaFailed               0  setupEncSetupFailed            0
  setupHashSetupFailImm          0  setupEncSetupBundleRm          0
  setupFailed                    0  setupDone                      8
  removeGetSaFailed              0  removeNothingDone              0
  removeHashFailImm              0  removeDone                     7
ESP outbound processing counters
  bufChainCopy                   0  seqNumberCycled                0
  encryptionStart             3766  encryptionFailImm              0
  encDoneGetSaFail               0  encryptionFail                 0
  encDoneSaBadState              0  encryptionGood              3766
  hashStart                   3766  hashFailImm                    0
  hashDoneGetSaFail              0  hashFail                       0
  hashDoneSaBadState             0  hashGood                    3766
ESP inbound processing counters
  bufChainCopy                   0  icvInvalid                     0
  paddingInvalid                 0  replayedPacket                 0
  hashStart                   3391  hashFailImm                    0
  hashDoneGetSaFail              0  hashFail                       0
  hashDoneSaBadState             0  hashGood                    3391
  decryptionStart             3391  decryptionFailImm              0
  encDoneGetSaFail               0  decryptionFail                 0
  encDoneSaBadState              0  decryptionGood              3391

AH setup/remove counters
  setupGetSaFailed               0  setupFailed                    0
  setupDone                      0
  removeGetSaFailed              0  removeNothingDone              0
  removeDone                     0
AH outbound processing counters
  bufChainCopy                   0
  seqNumberCycled                0  fragmentSeen                   0
  hashStart                      0  hashFailImm                    0
  hashDoneGetSaFail              0  hashFail                       0
  hashDoneSaBadState             0  hashGood                       0
AH inbound processing counters
--More--  (<space> = next page, <CR> = one line, C = continuous, Q = quit)
bufChainCopy                   0  replayedPacket                 0
  icvInvalid                     0  badPayloadLength               0
  hashStart                      0  hashFailImm                    0
  hashDoneGetSaFail              0  hashFail                       0
  hashDoneSaBadState             0  hashGood                       0

COMP setup/remove counters:
  setupGetSaFailed               0  setupFailed                    0
  setupDone                      0
  removeGetSaFailed              0  removeNothingDone              0
  removeDone                     0
COMP outbound processing counters:
  bufChainCopy                   0
  compTooSmall                   0  compFragment                   0
  nonExpansionBackoff            0  dataExpansion                  0
  compressionStart               0  compressionFailImm             0
  compDoneGetSaFail              0  compressionFail                0
  compDoneSaBadState             0  compressionGood                0
COMP inbound processing counters:
  bufChainCopy                   0
  decompressionStart             0  decompressionFailImm           0
  decompDoneGetSaFail            0  decompressionFail              0
                                                                             dec
ompDoneSaBadState           0  decompressionGood              0

General Algorithm Counters
  nullKeymatProcessed               0
  DES:
  desKeymatProcessed                8
  desAttachFail                     0  desAttachGood                     8
  desConfigureFail                  0  desConfigureGood                  8
  desRemove                         7  desDetached                       7
  desEncodeGood                  7532  desDecodeGood                  6782
  desEncodeFail                     0  desDecodeFail                     0
  desEncodeDiscard                  0  desDecodeDiscard                  0
  desEncodeGetInfoFail              0
  TRIPLE DES INNER:
  3DesInnerKeymatProcessed          0
  3DesInnerAttachFail               0  3DesInnerAttachGood               0
  3DesInnerConfigureFail            0  3DesInnerConfigureGood            0
  3DesInnerRemove                   0  3DesInnerDetached                 0
  3DesInnerEncodeGood               0  3DesInnerDecodeGood               0
  3DesInnerEncodeFail               0  3DesInnerDecodeFail               0
  3DesInnerEncodeDiscard            0  3DesInnerDecodeDiscard            0
  3DesInnerEncGetInfoFail           0
  TRIPLE DES OUTER:
  3DesOuterKeymatProcessed          0
  3DesOuterAttachFail               0  3DesOuterAttachGood               0
  3DesOuterConfigureFail            0  3DesOuterConfigureGood            0
  3DesOuterRemove                   0  3DesOuterDetached                 0
  3DesOuterEncodeGood               0  3DesOuterDecodeGood               0
  3DesOuterEncodeFail               0  3DesOuterDecodeFail               0
  3DesOuterEncodeDiscard            0  3DesOuterDecodeDiscard            0
  3DesOuterEncGetInfoFail           0
  TRIPLE DES 2KEY:
  3Des2KeyKeymatProcessed           0
  3Des2KeyAttachFail                0  3Des2KeyAttachGood                0
  3Des2KeyConfigureFail             0  3Des2KeyConfigureGood             0
  3Des2KeyRemove                    0  3Des2KeyDetached                  0
  3Des2KeyEncodeGood                0  3Des2KeyDecodeGood                0
  3Des2KeyEncodeFail                0  3Des2KeyDecodeFail                0
  3Des2KeyEncodeDiscard             0  3Des2KeyDecodeDiscard             0
  3Des2KeyEncGetInfoFail            0
 SHA:
  shaKeymatProcessed                8
  shaAttachFail                     0  shaAttachGood                     8
  shaConfigureFail                  0  shaConfigureGood                  8
  shaRemove                         7  shaDetached                       7
  shaEncodeGood                  7532  shaDecodeGood                  6782
  shaEncodeFail                     0  shaDecodeFail                     0
  shaEncodeDiscard                  0  shaDecodeDiscard                  0
 MD5:
  md5KeymatProcessed                0
  md5AttachFail                     0  md5AttachGood                     0
  md5ConfigureFail                  0  md5ConfigureGood                  0
  md5Remove                         0  md5Detached                       0
  md5EncodeGood                     0  md5DecodeGood                     0
  md5EncodeFail                     0  md5DecodeFail                     0
  md5EncodeDiscard                  0  md5DecodeDiscard                  0
 DES-MAC:
  desmacKeymatProcessed             0
  desmacAttachFail                  0  desmacAttachGood                  0
  desmacConfigureFail               0  desmacConfigureGood               0
  desmacRemove                      0  desmacDetached                    0
  desmacEncodeGood                  0  desmacDecodeGood                  0
  desmacEncodeFail                  0  desmacDecodeFail                  0
  desmacEncodeDiscard               0  desmacDecodeDiscard               0
 LZS:
  lzsKeymatProcessed                0
  lzsAttachFail                     0  lzsAttachGood                     0
  lzsConfigureFail                  0  lzsConfigureGood                  0
  lzsRemove                         0  lzsDetached                       0
  lzsEncodeGood                     0  lzsDecodeGood                     0
  lzsEncodeFail                     0  lzsDecodeFail                     0
  lzsEncodeDiscard                  0  lzsDecodeDiscard                  0



備考・注意事項

IPsecを使用するには、通信データの暗号化と復号化を行うすべてのルーターに暗号ボード(AR010)または暗号・圧縮ボード(AR011)を装着する必要がある。



関連コマンド

SHOW IPSEC SA



参考

RFC2401, Security Architecture for the Internet Protocol
RFC2402, IP Authentication Header
RFC2403, The Use of HMAC-MD5-96 within ESP and AH
RFC2404, The Use of HMAC-SHA-1-96 within ESP and AH
RFC2405, The ESP DES-CBC Cipher Algorithm With Explicit IV
RFC2406, IP Encapsulating Security Payload (ESP)
RFC2407, The Internet IP Security Domain of Interpretation for ISAKMP
RFC2408, Internet Security Association and Key Management Protocol (ISAKMP)
RFC2409, The Internet Key Exchange (IKE)
RFC2410, The NULL Encryption Algorithm and Its Use With IPsec
RFC2411, IP Security Document Roadmap
RFC2412, The OAKLEY Key Determination Protocol
RFC2451, The ESP CBC-Mode Cipher Algorithms
RFC2104, HMAC: Keyed-Hashing for Message Authentication
RFC2393, IP Payload Compression Protocol (IPComp)
RFC2395, IP Payload Compression Using LZS


(C) 1997 - 2005 アライドテレシスホールディングス株式会社

PN: J613-M0274-00 Rev.K