Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

IPSec Clear and Show Commands

14-108 Configuring the VPN

IPSec Clear and Show Commands

clear crypto sa

ThiscommanddeletesIPSecSecurityAssociations(SAs)asfollows:

•IftheSAswereestablishedviaIKE,theyaredeletedandfutureIPSectrafficwillrequirenew

SAstobenegotiated.(WhenIKEisused,theIPSecSAsareestablishedonlywhenneeded.)

•The

peerkeyworddeletesanyIPSecSAsforthespecifiedpeer.

•The

mapkeyworddeletesanyIPSecSAsforthenamedcryptomapset.

•The

counterskeywordsimplyclearsthetrafficcountersmaintainedforeachSA;itdoesnot

cleartheSAsthemselves.

Syntax

clear crypto sa

clear crypto sa peer {ip-address | peer-name}

clear crypto sa map map-name

clear crypto sa counters

Default

Ifpeer,map,orcounterskeywordsarenotused,allIPSecSAsaredeleted.

Mode

PrivilegedEXEC:XSR#

Example

ThefollowingexampleclearstheSAcountersforallpeers:

XSR#clear crypto sa counters

show access-lists

ThiscommandshowsoneorallaccesslistsdefinedintheXSR.Alternatively,youcanviewthe

packetthresholdafterwhichtheACLviolationslogistriggered.

Syntax

show access-lists number log-update-threshold

Note: If there are many thousands of tunnels in use, this command will use as many system

resources as are available for as long as necessary to complete the task, making the XSR appear

“frozen.”

ip-address

SpecifyaremotepeerʹsIPaddress.

peer-name

Specifyaremotepeerʹsnameasthefullyqualifieddomainname.

map-name

Specifythenameofacryptomapset.

previous next