[index]
CentreCOM AR300/AR700 シリーズ コマンドリファレンス 2.3
SHOW IPSEC COUNTERS
カテゴリー:IPsec / 一般コマンド
対象機種:AR300 V2、AR300L V2、AR720、AR740
SHOW IPSEC COUNTERS[={AH|ALG|COMP|ESP|MAIN|SAD|SETUP|SPD}]
IPsecモジュールのデバッグ用統計カウンターを表示する。
COUNTERS: 表示する統計カウンターのカテゴリーを指定する。省略時およびALLを指定した場合はすべてのカウンターが表示される。その他カテゴリーには、AH(AHプロトコル処理部)、ALG(暗号化・認証アルゴリズム処理部)、COMP(IPCompプロトコル処理部)、ESP(ESPプロトコル処理部)、MAIN(IPsecメインプロトコル処理部)、SAD(SAデータベース)、SETUP(SAの構築と削除)、SPD(セキュリティーポリシーデータベース)がある。カテゴリーはカンマ区切りで複数指定可能。
SecOff > show ipsec counters
SAD Counters
Good Failed
Find SA 3407 0
Get SA 18110 0
Add SA 8
Delete SA 7 0
SPD Counters
Good Failed
policyMatchSelectors 11361 18812
policyAdd 3 0
policyGet 20 3
policyDelete 0 0
policyGetConfig 2 0
policySetConfig 1 0
policyFindByPeer 0 0
saSpecAdd 1 0
saSpecGet 17 1
saSpecDelete 0 0
bundleSpecAdd 1 0
bundleSpecGet 10 1
bundleSpecDelete 0 0
Policy Filter Counters
localAddressMaskFailed 7523 localAddressRangeFailed 0
remoteAddressMaskFailed 0 remoteAddressRangeFailed 0
localPortFailed 11289 remotePortFailed 0
localNameFailed 0 remoteNameFailed 0
transportProtoFailed 0
IPsec bundle setup/remove counters:
setupGetSaSpecFail 0 setupGetPolicyFail 0
setupStarted 8 setupSaSetupFailImm 0
setupSaSetupStarted 8 setupSaSetupFailed 0
setupDone 8 setupFailed 0
setupBundleRemoving 0
removeStarted 7 removeSaSetupStarted 0
removeDone 7
IPsec main packet processing counters:
outProcessPkt 8001 inProcessPkt 6767
outNoPolicyFound 0 inNoPolicyFound 0
outProcessPktFinished 3766 inProcessPktFinished 3391
IPsec over UDP Counters
outPkt 0 inPkt 0
outPktFail 0 inPktBadVersion 0
inPktNoPolicy 0
outUdpHeartBeat 0 inUdpHeartBeat 0
ESP setup/remove counters
setupGetSaFailed 0 setupEncSetupFailed 0
setupHashSetupFailImm 0 setupEncSetupBundleRm 0
setupFailed 0 setupDone 8
removeGetSaFailed 0 removeNothingDone 0
removeHashFailImm 0 removeDone 7
ESP outbound processing counters
bufChainCopy 0 seqNumberCycled 0
encryptionStart 3766 encryptionFailImm 0
encDoneGetSaFail 0 encryptionFail 0
encDoneSaBadState 0 encryptionGood 3766
hashStart 3766 hashFailImm 0
hashDoneGetSaFail 0 hashFail 0
hashDoneSaBadState 0 hashGood 3766
ESP inbound processing counters
bufChainCopy 0 icvInvalid 0
paddingInvalid 0 replayedPacket 0
hashStart 3391 hashFailImm 0
hashDoneGetSaFail 0 hashFail 0
hashDoneSaBadState 0 hashGood 3391
decryptionStart 3391 decryptionFailImm 0
encDoneGetSaFail 0 decryptionFail 0
encDoneSaBadState 0 decryptionGood 3391
AH setup/remove counters
setupGetSaFailed 0 setupFailed 0
setupDone 0
removeGetSaFailed 0 removeNothingDone 0
removeDone 0
AH outbound processing counters
bufChainCopy 0
seqNumberCycled 0 fragmentSeen 0
hashStart 0 hashFailImm 0
hashDoneGetSaFail 0 hashFail 0
hashDoneSaBadState 0 hashGood 0
AH inbound processing counters
--More-- (<space> = next page, <CR> = one line, C = continuous, Q = quit)
bufChainCopy 0 replayedPacket 0
icvInvalid 0 badPayloadLength 0
hashStart 0 hashFailImm 0
hashDoneGetSaFail 0 hashFail 0
hashDoneSaBadState 0 hashGood 0
COMP setup/remove counters:
setupGetSaFailed 0 setupFailed 0
setupDone 0
removeGetSaFailed 0 removeNothingDone 0
removeDone 0
COMP outbound processing counters:
bufChainCopy 0
compTooSmall 0 compFragment 0
nonExpansionBackoff 0 dataExpansion 0
compressionStart 0 compressionFailImm 0
compDoneGetSaFail 0 compressionFail 0
compDoneSaBadState 0 compressionGood 0
COMP inbound processing counters:
bufChainCopy 0
decompressionStart 0 decompressionFailImm 0
decompDoneGetSaFail 0 decompressionFail 0
dec
ompDoneSaBadState 0 decompressionGood 0
General Algorithm Counters
nullKeymatProcessed 0
DES:
desKeymatProcessed 8
desAttachFail 0 desAttachGood 8
desConfigureFail 0 desConfigureGood 8
desRemove 7 desDetached 7
desEncodeGood 7532 desDecodeGood 6782
desEncodeFail 0 desDecodeFail 0
desEncodeDiscard 0 desDecodeDiscard 0
desEncodeGetInfoFail 0
TRIPLE DES INNER:
3DesInnerKeymatProcessed 0
3DesInnerAttachFail 0 3DesInnerAttachGood 0
3DesInnerConfigureFail 0 3DesInnerConfigureGood 0
3DesInnerRemove 0 3DesInnerDetached 0
3DesInnerEncodeGood 0 3DesInnerDecodeGood 0
3DesInnerEncodeFail 0 3DesInnerDecodeFail 0
3DesInnerEncodeDiscard 0 3DesInnerDecodeDiscard 0
3DesInnerEncGetInfoFail 0
TRIPLE DES OUTER:
3DesOuterKeymatProcessed 0
3DesOuterAttachFail 0 3DesOuterAttachGood 0
3DesOuterConfigureFail 0 3DesOuterConfigureGood 0
3DesOuterRemove 0 3DesOuterDetached 0
3DesOuterEncodeGood 0 3DesOuterDecodeGood 0
3DesOuterEncodeFail 0 3DesOuterDecodeFail 0
3DesOuterEncodeDiscard 0 3DesOuterDecodeDiscard 0
3DesOuterEncGetInfoFail 0
TRIPLE DES 2KEY:
3Des2KeyKeymatProcessed 0
3Des2KeyAttachFail 0 3Des2KeyAttachGood 0
3Des2KeyConfigureFail 0 3Des2KeyConfigureGood 0
3Des2KeyRemove 0 3Des2KeyDetached 0
3Des2KeyEncodeGood 0 3Des2KeyDecodeGood 0
3Des2KeyEncodeFail 0 3Des2KeyDecodeFail 0
3Des2KeyEncodeDiscard 0 3Des2KeyDecodeDiscard 0
3Des2KeyEncGetInfoFail 0
SHA:
shaKeymatProcessed 8
shaAttachFail 0 shaAttachGood 8
shaConfigureFail 0 shaConfigureGood 8
shaRemove 7 shaDetached 7
shaEncodeGood 7532 shaDecodeGood 6782
shaEncodeFail 0 shaDecodeFail 0
shaEncodeDiscard 0 shaDecodeDiscard 0
MD5:
md5KeymatProcessed 0
md5AttachFail 0 md5AttachGood 0
md5ConfigureFail 0 md5ConfigureGood 0
md5Remove 0 md5Detached 0
md5EncodeGood 0 md5DecodeGood 0
md5EncodeFail 0 md5DecodeFail 0
md5EncodeDiscard 0 md5DecodeDiscard 0
DES-MAC:
desmacKeymatProcessed 0
desmacAttachFail 0 desmacAttachGood 0
desmacConfigureFail 0 desmacConfigureGood 0
desmacRemove 0 desmacDetached 0
desmacEncodeGood 0 desmacDecodeGood 0
desmacEncodeFail 0 desmacDecodeFail 0
desmacEncodeDiscard 0 desmacDecodeDiscard 0
LZS:
lzsKeymatProcessed 0
lzsAttachFail 0 lzsAttachGood 0
lzsConfigureFail 0 lzsConfigureGood 0
lzsRemove 0 lzsDetached 0
lzsEncodeGood 0 lzsDecodeGood 0
lzsEncodeFail 0 lzsDecodeFail 0
lzsEncodeDiscard 0 lzsDecodeDiscard 0
|
IPsecを使用するには、通信データの暗号化と復号化を行うすべてのルーターに暗号ボード(AR010)または暗号・圧縮ボード(AR011)を装着する必要がある。
SHOW IPSEC SA
RFC2401, Security Architecture for the Internet Protocol
RFC2402, IP Authentication Header
RFC2403, The Use of HMAC-MD5-96 within ESP and AH
RFC2404, The Use of HMAC-SHA-1-96 within ESP and AH
RFC2405, The ESP DES-CBC Cipher Algorithm With Explicit IV
RFC2406, IP Encapsulating Security Payload (ESP)
RFC2407, The Internet IP Security Domain of Interpretation for ISAKMP
RFC2408, Internet Security Association and Key Management Protocol (ISAKMP)
RFC2409, The Internet Key Exchange (IKE)
RFC2410, The NULL Encryption Algorithm and Its Use With IPsec
RFC2411, IP Security Document Roadmap
RFC2412, The OAKLEY Key Determination Protocol
RFC2451, The ESP CBC-Mode Cipher Algorithms
RFC2104, HMAC: Keyed-Hashing for Message Authentication
RFC2393, IP Payload Compression Protocol (IPComp)
RFC2395, IP Payload Compression Using LZS
(C) 1997 - 2005 アライドテレシスホールディングス株式会社
PN: J613-M0274-00 Rev.K