display ipsec session
Syntax
display ipsec session [ tunnel-id integer ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
integer: ID of the IPsec tunnel, in the range 1 to 2000000000.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display ipsec session command to display information about IPsec sessions.
If you do not specify any parameters, the command displays information about all IPsec sessions.
IPsec can find matched tunnels directly by session, reducing the intermediate matching procedures and improving the forwarding efficiency. A session is identified by the quintuplet of protocol, source IP address, source port, destination IP address, and destination port.
Related commands: reset ipsec session.
Examples
# Display information about all IPsec sessions.
<Sysname> display ipsec session
------------------------------------------------------------
total sessions : 2
------------------------------------------------------------
tunnel-id : 3
session idle time/total duration (sec) : 36/300
session flow : (8 times matched)
Sour Addr : 15.15.15.1 Sour Port: 0 Protocol : 1
Dest Addr : 15.15.15.2 Dest Port: 0 Protocol : 1
------------------------------------------------------------
tunnel-id : 4
session idle duration/total duration (sec) : 7/300
session flow : (3 times matched)
Sour Addr : 12.12.12.1 Sour Port: 0 Protocol : 1
Dest Addr : 13.13.13.1 Dest Port: 0 Protocol : 1
# Display information about the session with an IPsec tunnel ID of 5.
<Sysname> display ipsec session tunnel-id 5
------------------------------------------------------------
total sessions : 1
------------------------------------------------------------
tunnel-id : 5
session idle time/total duration (sec) : 30/300
session flow : (4 times matched)
Sour Addr : 12.12.12.2 Sour Port: 0 Protocol : 1
Dest Addr : 13.13.13.2 Dest Port: 0 Protocol : 1
Table 57: Output description
Field | Description |
|---|---|
total sessions | Total number of IPsec sessions |
tunnel-id | IPsec tunnel ID, same as the connection-id of the IPsec SA |
session idle time | Idle duration of the IPsec session in seconds |
total duration | Lifetime of the IPsec session in seconds, defaulted to 300 seconds |
session flow | Flow information of the IPsec session |
times matched | Total number of packets matching the IPsec session |
Sour Addr | Source IP address of the IPsec session |
Dest Addr | Destination IP address of the IPsec session |
Sour Port | Source port number of the IPsec session |
Dest Port | Destination port number of the IPsec session |
Protocol | Protocol number of the IPsec protected data flow, for example, 1 for ICMP |