You are here: Home > CLI Commands > Just_CLI_Topics > show crypto isakmp

show crypto isakmp

show crypto isakmp

block-aruba-ca

cluster IPAssignPendingRaps

clusterIP

clusterMAC

eap-passthrough

groupname

ipsecSPI

key

lc-members

log ap <macaddr>

packet-dump

policy <policy-number>

sa

stats

timers

transports

udpencap-behind-natdevice

Descriptions

This command displays Internet Key Exchange (IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.) parameters for the Internet Security Association and Key Management Protocol (ISAKMPInternet Security Association and Key Management Protocol. ISAKMP is used for establishing Security Associations and cryptographic keys in an Internet environment.).

Syntax

Parameter

Description

block-aruba-ca

Shows the Configuration if Aruba-certified clients are blocked.

cluster IPAssignPendingRaps

Shows cluster configuration.

clusterIP

Show clusterIP hash table entries

clusterMAC

Show clusterMAC hash table entries

eap-passthrough

Displays configured IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  pass-through methods.

groupname

Shows the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. Aggressive group name.

ipsecSPI

Shows IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. SPI hash table entries.

key

Shows the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. pre-shared keys.

lc-members

Shows cluster members.

log ap <macaddr>

Shows debugging log.

packet-dump

Shows the packet dump configuration.

policy <policy-number>

Shows the following information for predefined and manually configured IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. policies:

IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. version

encryption and hash algorithms

authentication method

PRF methods,

DH group

lifetime settings

sa

Shows the security associations.

[peer v6 <peer-ipv6> | peer <peer-ip>]

Shows crypto ISAKMPInternet Security Association and Key Management Protocol. ISAKMP is used for establishing Security Associations and cryptographic keys in an Internet environment. security associations for this IP.

stats

Shows detailed IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. statistics. This information can be very useful for troubleshooting problems with ISAKMPInternet Security Association and Key Management Protocol. ISAKMP is used for establishing Security Associations and cryptographic keys in an Internet environment..

timers

Shows IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409. timers.

transports

Shows IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. Transports.

udpencap-behind-natdevice

Shows the Configuration if NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.-T is enabled if managed device is behind a NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. device .

Usage Guidelines

Use the show crypto isakmp command to view ISAKMPInternet Security Association and Key Management Protocol. ISAKMP is used for establishing Security Associations and cryptographic keys in an Internet environment. settings, statistics and policies.

Examples

The show crypto isakmp stats command shows the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. statistics.

(host) [mynode] #show crypto isakmp stats

Default protection suite 10001

Version 1

encryption algorithm: 3DES - Triple Data Encryption Standard (168 bit keys)

hash algorithm: Secure Hash Algorithm 160

authentication method: Pre-Shared Key

Diffie-Hellman Group: #2 (1024 bit)

lifetime: [300 - 86400] seconds, no volume limit

Default RAP Certificate protection suite 10002

Version 1

encryption algorithm: AES - Advanced Encryption Standard (256 bit keys)

hash algorithm: Secure Hash Algorithm 160

authentication method: Rivest-Shamir-Adelman Signature

Diffie-Hellman Group: #2 (1024 bit)

lifetime: [300 - 86400] seconds, no volume limit

Default RAP PSK protection suite 10003

Version 1

encryption algorithm: AES - Advanced Encryption Standard (256 bit keys)

hash algorithm: Secure Hash Algorithm 160

authentication method: Pre-Shared Key

Diffie-Hellman Group: #2 (1024 bit)

lifetime: [300 - 86400] seconds, no volume limit

The show crypto isakmp sa command shows the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. security associations.

(host) [mynode] #show crypto isakmp sa

ISAKMP SA Active Session Information

------------------------------------

Initiator IP Responder IP Flags Start Time Private IP

------------ ------------ ----- --------------- ----------

10.17.65.116 10.17.65.120 r-v2-p May 14 05:32:24 -

10.17.41.82 10.17.65.120 r-v2-p May 14 07:12:14 -

10.17.40.226 10.17.65.120 r-v2-p May 14 07:12:15 -

10.17.41.194 10.17.65.120 r-v2-p May 14 07:12:13 -

Flags: i = Initiator; r = Responder

m = Main Mode; a = Agressive Mode; v2 = IKEv2

p = Pre-shared key; c = Certificate/RSA Signature; e = ECDSA Signature

x = XAuth Enabled; y = Mode-Config Enabled; E = EAP Enabled

3 = 3rd party AP; C = Campus AP; R = RAP; Ru = Custom Certificate RAP; I = IAP

V = VIA; S = VIA over TCP

Total ISAKMP SAs: 4

Related Commands

Command

Description

crypto isakmp

Use this command to configure Internet Key Exchange (IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.) parameters for the Internet Security Association and Key Management Protocol (ISAKMPInternet Security Association and Key Management Protocol. ISAKMP is used for establishing Security Associations and cryptographic keys in an Internet environment.).

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/