4.12. NGE Show, Clear, and Debug Command Reference

4.12.1. Command Hierarchies

Show Commands
Clear Commands

4.12.1.1. Show Commands

show

— group-encryption

— encryption-keygroup keygroup-id [spi spi]

— summary

4.12.1.2. Clear Commands

clear

— group-encryption

— encryption-keygroup keygroup-id [spi spi]

4.12.2. Command Descriptions

4.12.2.1. Show Commands

group-encryption

Syntax

group-encryption

Context

show

Description

This command accesses the show>group encryption context.

encryption-keygroup

Syntax

encryption-keygroup keygroup-id [spi spi]

Context

show>grp-encryp

Description

This command displays NGE information for a key group.

Parameters

keygroup-id—

Specifies the key group identifier to use for the output display.

Values—

1 to 15 or keygroup-name (up to 64 characters)

spi—

Specifies the SPI to use for the output display.

Output

The following output is an example of encryption key group information, and Table 95 describes the fields.

Output Example

domain1>show>grp-encryp# encryption-keygroup 2

===============================================================================

Encryption Keygroup Configuration Detail

===============================================================================

Keygroup Id : 2

Keygroup Name : KG1_secure

Description : Most_secure_KG

Authentication Algo: sha256

Encryption Algo : aes128

Active Outbound SA : 6

Activation Time : 04/20/2015 20:07:31

-------------------------------------------------------------------------------

Security Associations

-------------------------------------------------------------------------------

Spi : 2

Install Time : 04/20/2015 20:08:17

Key CRC : 0x806fb970

Spi : 6

Install Time : 04/20/2015 19:43:40

Key CRC : 0xa4f2d262

-------------------------------------------------------------------------------

Encryption Keygroup Forwarded Statistics

-------------------------------------------------------------------------------

Encrypted Pkts : 0 Encrypted Bytes : 0

Decrypted Pkts : 0 Decrypted Bytes : 0

-------------------------------------------------------------------------------

Encryption Keygroup Outbound Discarded Statistics (Pkts)

-------------------------------------------------------------------------------

Total Discard : 0 Unsupported Uplink : 0

Enqueue Error : 0 Other : 0

-------------------------------------------------------------------------------

Encryption Keygroup Inbound Discarded Statistics (Pkts)

-------------------------------------------------------------------------------

Total Discard : 0 Invalid Spi : 0

Authentication Failure *: 0 Control Word Mismatch : 0

Padding Error : 0 Enqueue Error : 0

Other : 0

-------------------------------------------------------------------------------

---------------------------------------------

SDP Keygroup Association Table

---------------------------------------------

SDP ID Direction

---------------------------------------------

61 Inbound Outbound

---------------------------------------------

Inbound Keygroup SDP Association Count: 1

Outbound Keygroup SDP Association Count: 1

---------------------------------------------

VPRN Keygroup Association Table

---------------------------------------------

VPRN SVC ID Direction

---------------------------------------------

12 Inbound Outbound

---------------------------------------------

Inbound Keygroup VPRN Association Count: 1

Outbound Keygroup VPRN Association Count: 1

---------------------------------------------

===============================================================================

* indicates that the corresponding row element may have been truncated.

domain1>show>grp-encryp#

domain1# show group-encryption encryption-keygroup 1 spi 1

===============================================================================

Encryption Keygroup Security Association Detail

===============================================================================

Keygroup Id : 1 SPI Id : 1

Install Time : 06/16/2015 11:28:49

Key CRC : 0x36e5af55

-------------------------------------------------------------------------------

Encryption Keygroup Security Association Forwarded Statistics

-------------------------------------------------------------------------------

Encrypted Pkts : 1662534 Encrypted Bytes : 837917136

Decrypted Pkts : 1662333 Decrypted Bytes : 837815832

-------------------------------------------------------------------------------

Encryption Keygroup Security Association Outbound Discarded Statistics (Pkts)

-------------------------------------------------------------------------------

Total Discard : 0 Enqueue Error : 0

Other : 0

-------------------------------------------------------------------------------

Encryption Keygroup Security Association Inbound Discarded Statistics (Pkts)

-------------------------------------------------------------------------------

Total Discard : 0 Authentication Failure : 0

Control Word Mismatch : 0 Padding Error : 0

Enqueue Error : 0 Other : 0

===============================================================================

Table 95: Show Encryption Key Group Output Fields

Label	Description
Encryption Keygroup Configuration Detail
Keygroup Id	The key group identifier
Keygroup Name	The key group name
Description	The key group description
Authentication Algo	The authentication algorithm used for the key group
Encryption Algo	The encryption algorithm used for the key group
Active Outbound SA	The active outbound SA for the key group
Activation Time	The date and time that the key group was activated
Security Associations
Spi	The security parameter index for the SA in the key group
Install Time	The date and time that the SA was installed in the key group
Key CRC	The CRC for the key belonging to the SA
Encryption Keygroup Forwarded Statistics
Encrypted Pkts	The number of encrypted packets forwarded by the key group
Encrypted Bytes	The number of encrypted bytes forwarded by the key group
Decrypted Pkts	The number of decrypted packets forwarded by the key group
Decrypted Bytes	The number of decrypted bytes forwarded by the key group
Encryption Keygroup Outbound Discarded Statistics (Pkts)
Total Discard	The total number of outbound packets discarded by the key group
Unsupported Uplink	The total number of outbound packets discarded by the key group due to an unsupported uplink
Enqueue Error	The total number of outbound packets discarded by the key group due to an enqueuing error
Other	The total number of outbound packets discarded by the key group due to some other reason, such as an internal configuration error (for example, a key group that points to an SA, but the SA is not valid)
Encryption Keygroup Inbound Discarded Statistics (Pkts)
Total Discard	The total number of inbound packets discarded by the key group
Invalid Spi	The total number of inbound packets discarded by the key group due to an invalid SPI
Authentication Failure *	The total number of inbound packets discarded by the key group due to an authorization failure
Control Word Mismatch	The total number of inbound packets discarded by the key group due to a control word (CW) mismatch between the encrypted (protected) CW in the ESP payload and the CW that is not encrypted
Padding Error	The total number of inbound packets discarded by the key group due to a padding error
Enqueue Error	The total number of inbound packets discarded by the key group due to an enqueuing error
Other	The total number of inbound packets discarded by the key group due to some other reason (for example, an incoming packet length is incorrect)
SDP Keygroup Association Table
SDP ID	The SDP ID
Direction	The direction in which key group authentication and encryption occurs for traffic on the SDP
Inbound Keygroup SDP Association Count	The number of SDPs configured to use inbound SA
Outbound Keygroup SDP Association Count	The number of SDPs configured to use outbound SA
VPRN Keygroup Association Table
VPRN SVC ID	The VPRN service identifier
Direction	The direction in which key group authentication and encryption occurs for traffic on the VPRN
Inbound Keygroup VPRN Association Count	The number of VPRNs configured to use inbound SA
Outbound Keygroup VPRN Association Count	The number of VPRNs configured to use outbound SA

summary

Syntax

summary

Context

show>grp-encryp

Description

This command shows NGE summary information.

Output

The following output is an example of NGE summary information, and Table 96 describes the fields.

Output Example

domain1>show>grp-encryp# summary

============================

Group Encryption

============================

Encryption Label : 34

============================

=======================================================

Encryption Keygroup

=======================================================

Id Name Auth Algo Encr Algo Active OutSA

-------------------------------------------------------

2 KG1_secure sha256 aes128 6

4 sha256 aes128 0

-------------------------------------------------------

No. of Encryption Keygroup: 2

=======================================================

domain1>show>grp-encryp#

Table 96: Show Group Encryption Summary Output Fields

Label	Description
Group Encryption
Encryption Label	The unique network-wide group encryption label
Encryption Keygroup
Id	The key group identifier value
Name	The key group name
Auth Algo	The authentication algorithm used by the key group
Encr Algo	The encryption algorithm used by the key group
Active OutSA	The active outbound SA for the key group
No. of Encryption Keygroup	The number of encryption key groups currently configured on the node

4.12.2.2. Clear Commands

group-encryption

Syntax

group-encryption

Context

clear

Description

This command accesses the context to clear group encryption parameters.

encryption-keygroup

Syntax

encryption-keygroup keygroup-id

encryption-keygroup keygroup-id spi spi

Context

clear>grp-encryp

Description

This command clears NGE information for a key group.

Parameters

keygroup-id—

Specifies the key group identifier.

Values—

1 to 127, keygroup-name (up to 64 characters)

spi—

Specifies the SPI ID.

Values—

1 to 127