Skip to main content

Welcome

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Welcome to Dell

My Account

Place orders quickly and easily
View orders and track your shipping status
Enjoy members-only rewards and discounts
Create and access a list of your products

Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In

Your Dell.com Carts

Products
Solutions
Services
Contact Us

Support
Product Support
Manuals

Dell Command Line Reference Guide for the S4048–ON System 9.14.2.6

Notes, cautions, and warnings
About this Guide
- Objectives
- Audience
- Conventions
- Information Icons
CLI Basics
- Accessing the Command Line
- Multiple Configuration Users
- Obtaining Help
- Navigating the CLI
- Using the no Command
- Filtering show Commands
- Enabling Software Features on Devices Using a Command Option
  - feature vrf
  - show feature
- Command Modes
File Management
- boot system
- cd
- HTTP Copy via CLI
- copy
- delete
- dir
- format
- fsck flash
- mkdir
- mount nfs
- rmdir
- HTTP Copy via CLI
- rename
- restore factory-defaults
- show boot system
- show bootvar
- show file-systems
- show os-version
- show running-config
- show startup-config
- show version
- upgrade
- upgrade system
Control and Monitoring
- asf-mode
- banner exec
- banner login
- banner motd
- cam-acl
- cam-acl-vlan
- clear average-power
- clear line
- configure
- disable
- do
- enable
- enable cpu-clock-monitor
- enable optic-info-update interval
- enable xfp-power-updates
- end
- exec-timeout
- exit
- ftp-server enable
- ftp-server topdir
- ftp-server username
- hostname
- ip http source-interface
- ip http vrf
- ip ftp password
- ip ftp source-interface
- ip ftp username
- ip ftp vrf
- ip telnet server enable
- ip telnet server vrf
- ip telnet source-interface
- ip telnet vrf
- ip tftp source-interface
- ip tftp vrf
- line
- login concurrent-session
- login statistics
- motd-banner
- ping
- reload
- reload-type
  - boot-type
  - secure-erase
- send
- service timestamps
- show alarms
- show cam-acl-vlan
- show command-history
- show cpu-traffic-stats
- show debugging
- show environment
- show inventory
- show login statistics
- show memory
- show processes cpu
- show processes ipc flow-control
- show processes memory
- show reset-reason
- show software ifm
- show system
- show tech-support
- ssh-peer-stack-unit
- telnet
- telnet-peer-stack-unit
- terminal length
- traceroute
- undebug all
- virtual-ip
- write
802.1X
- debug dot1x
- dot1x auth-fail-vlan
- dot1x auth-server
- dot1x auth-type mab-only
- dot1x authentication (Configuration)
- dot1x authentication (Interface)
- dot1x critical-vlan
- dot1x guest-vlan
- dot1x host-mode
- dot1x mac-auth-bypass
- dot1x max-eap-req
- dot1x max-supplicants
- dot1x port-control
- dot1x profile
- dot1x quiet-period
- dot1x reauthentication
- dot1x reauth-max
- dot1x server-timeout
- dot1x static-mab
- dot1x supplicant-timeout
- dot1x tx-period
- mac
- show dot1x cos-mapping interface
- show dot1x interface
- show dot1x profile
Access Control Lists (ACL)
- Commands Common to all ACL Types
  - remark
  - show config
- Common IP ACL Commands
  - access-class
  - clear counters ip access-group
  - ip access-group
  - ip mirror-access-group
  - ip control-plane egress-filter
  - show ip accounting access-list
  - show ip access-lists
- Standard IP ACL Commands
  - deny
  - ip access-list standard
  - permit
  - resequence access-list
  - seq
- Extended IP ACL Commands
  - deny
  - deny icmp
  - deny tcp
  - deny udp
  - ip access-list extended
  - permit
  - permit tcp
  - permit udp
  - resequence access-list
  - seq
- Common MAC Access List Commands
  - clear counters mac access-group
  - mac access-group
  - show mac access-lists
  - show mac accounting access-list
- Standard MAC ACL Commands
  - deny
  - mac access-list standard
  - permit
  - seq
- Extended MAC ACL Commands
  - deny
  - mac access-list extended
  - permit
- IP Prefix List Commands
  - clear ip prefix-list
  - deny
  - ip prefix-list
  - seq
  - show config
  - show ip prefix-list detail
  - show ip prefix-list summary
- Route Map Commands
  - continue
  - description
  - match as-path
  - match community
  - match interface
  - match ip address
  - match ip next-hop
  - match ip route-source
  - match metric
  - match origin
  - match route-type
  - match tag
  - route-map
  - set as-path
  - set automatic-tag
  - set comm-list delete
  - set community
  - set level
  - set local-preference
  - set metric
  - set metric-type
  - set next-hop
  - set origin
  - set tag
  - set weight
  - show config
  - show route-map
- AS-Path Commands
  - ip as-path access-list
  - show ip as-path-access-lists
- IP Community List Commands
  - ip community-list
  - show ip community-lists
- UDF ACL Commands
  - deny ip
  - feature udf-acl
  - key
  - match
  - permit ip
  - show config
  - udf-id
  - udf-qualifier-value
  - udf-tcam
- deny (for Standard IP ACLs)
- deny (for Extended IP ACLs)
- seq (for Standard IPv4 ACLs)
- deny tcp (for Extended IP ACLs)
- deny udp (for Extended IP ACLs)
- deny arp (for Extended MAC ACLs)
- deny icmp (for Extended IP ACLs)
- deny ether-type (for Extended MAC ACLs)
- deny (for Standard MAC ACLs)
- deny (for Extended MAC ACLs)
- permit (for Standard IP ACLs)
- permit arp (for Extended MAC ACLs)
- permit ether-type (for Extended MAC ACLs)
- permit icmp (for Extended IP ACLs)
- permit udp (for Extended IP ACLs)
- permit (for Extended IP ACLs)
- permit (for Standard MAC ACLs)
- seq (for Standard MAC ACLs)
- permit tcp (for Extended IP ACLs)
- seq arp (for Extended MAC ACLs)
- seq ether-type (for Extended MAC ACLs)
- seq (for IP ACLs)
- seq (for IPv6 ACLs)
- permit udp (for IPv6 ACLs)
- permit tcp (for IPv6 ACLs)
- permit icmp (for IPv6 ACLs)
- permit (for IPv6 ACLs)
- deny udp (for IPv6 ACLs)
- deny tcp (for IPv6 ACLs)
- deny icmp (for Extended IPv6 ACLs)
- deny (for IPv6 ACLs)
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
- member vlan
- ip access-group
- show acl-vlan-group
- show cam-acl-vlan
- cam-acl-vlan
- show cam-usage
- show running config acl-vlan-group
- acl-vlan-group
- show acl-vlan-group detail
- description (ACL VLAN Group)
Bidirectional Forwarding Detection (BFD)
- bfd all-neighbors
- bfd enable (Configuration)
- bfd enable (Interface)
- bfd interval
- bfd protocol-liveness
- ip route bfd
- ip ospf bfd all-neighbors
- ipv6 ospf bfd all-neighbors
- ipv6 route bfd
- isis bfd all-neighbors
- neighbor bfd disable
- show bfd neighbors
- vrrp bfd neighbor
Border Gateway Protocol
- BGP IPv4 Commands
- MBGP Commands
- BGP Extended Communities (RFC 4360)
- IPv6 BGP Commands
- IPv6 MBGP Commands
  - show ipv6 mbgproutes
Content Addressable Memory (CAM)
- CAM Profile Commands
- Unified Forwarding Table Modes
  - hardware forwarding-table mode
  - show hardware forwarding-table mode
Control Plane Policing (CoPP)
- control-plane-cpuqos
- service-policy rate-limit-cpu-queues
- service-policy rate-limit-protocols
- ip unknown-unicast
- ipv6 unknown-unicast
- show cpu-queue rate cp
- show ip protocol-queue-mapping
- show ipv6 protocol-queue-mapping
- show mac protocol-queue-mapping
Data Center Bridging (DCB)
- DCB Command
  - dcb-enable
- PFC Commands
  - clear pfc counters
  - description
  - pfc mode on
  - pfc no-drop queues
  - show dcb
  - show interface pfc
  - show interface pfc statistics
  - show stack-unit stack-ports pfc details
- ETS Commands
  - bandwidth-percentage
  - clear ets counters
  - dcb-enable
  - description
  - priority-list
  - qos-policy-output ets
  - scheduler
  - show interface ets
  - show qos priority-groups
  - show stack-unit stack-ports ets details
- DCBX Commands
  - advertise dcbx-app-tlv
  - advertise dcbx-appln-tlv
  - advertise dcbx-tlv
  - dcbx port-role
  - dcbx version
  - debug dcbx
  - fcoe priority-bits
  - iscsi priority-bits
  - show interface dcbx detail
- dcb-map
- priority-pgid
- pfc mode on
- priority-group bandwidth pfc
- dcb-map stack-unit all stack-ports all
- show qos dcb-map
- dcb pfc-shared-buffer-size
- dcb-buffer-threshold
- priority
- qos-policy-buffer
- dcb-policy buffer-threshold (Interface Configuration)
- dcb-policy buffer-threshold (Global Configuration)
- show qos dcb-buffer-threshold
- dcb pfc-total-buffer-size
- show running-config dcb-buffer-threshold
- service-class buffer shared-threshold-weight
- dcb pfc-queues
- dcb {ets | pfc} enable
Debugging and Diagnostics
- Diagnostics and Monitoring Commands
  - logging coredump stack-unit
- Offline Diagnostic Commands
- Hardware Commands
Dynamic Host Configuration Protocol (DHCP)
- Commands to Configure the System to be a DHCP Server
- Commands to Configure Secure DHCP
- Commands to Configure DNS
Equal Cost Multi-Path (ECMP)
- ecmp-group
- hash-algorithm
- hash-algorithm ecmp
- hash-algorithm seed
- ip ecmp-group
- ip ecmp weighted
- link-bundle-monitor enable
- link-bundle-distribution trigger-threshold
- show config
- show link-bundle distribution
FIPS Cryptography
- fips mode enable
- show fips status
- show ip ssh
- ssh
FIP Snooping
- clear fip-snooping database interface vlan
- clear fip-snooping statistics
- debug fip snooping
- debug fip snooping rx
- feature fip-snooping
- fip-snooping enable
- fip-snooping fc-map
- fip-snooping max-sessions-per-enodemac
- fip-snooping port-mode fcf
- fip-snooping port-mode fcoe-trusted
- show fip-snooping config
- show fip-snooping enode
- show fip-snooping fcf
- show fip-snooping statistics
- show fip-snooping system
- show fip-snooping vlan
- show fips status
Force10 Resilient Ring Protocol (FRRP)
- clear frrp
- debug frrp
- description
- disable
- interface
- member-vlan
- mode
- protocol frrp
- show frrp
- timer
GARP VLAN Registration (GVRP)
- clear gvrp statistics
- debug gvrp
- disable
- garp timers
- gvrp enable
- gvrp registration
- protocol gvrp
- show config
- show garp timers
- show gvrp
- show gvrp statistics
High Availability (HA)
- redundancy disable-auto-reboot
- redundancy force-failover
- redundancy primary
- redundancy protocol
- show redundancy
ICMP Message Types
Internet Group Management Protocol (IGMP)
- IGMP Commands
- IGMP Snooping Commands
Interfaces
- Basic Interface Commands
- Egress Interface Selection (EIS) Commands
- Port Channel Commands
- Time Domain Reflectometer (TDR) Commands
  - tdr-cable-test
  - show tdr
- UDP Broadcast Commands
- ip http source-interface
Internet Protocol Security (IPSec)
- crypto ipsec transform-set
- crypto ipsec policy
- management crypto-policy
- match
- session-key
- show crypto ipsec transform-set
- show crypto ipsec policy
- transform-set
IPv4 Routing
- arp
- arp backoff-time
- arp learn-enable
- arp max-entries
- arp retries
- arp timeout
- clear arp-cache
- clear host
- clear ip fib stack-unit
- clear ip route
- clear tcp statistics
- debug arp
- debug ip dhcp
- debug ipv6 dhcp
- debug ip icmp
- debug ip packet
- icmp6-redirect enable
- ip address
- ip directed-broadcast
- ip domain-list
- ip domain-lookup
- ip domain-name
- ip helper-address
- ip helper-address hop-count disable
- ip host
- ip icmp source-interface
- ipv6 icmp source-interface
- ip max-frag-count
- ip max-routes
- ip name-server
- ip proxy-arp
- ip route
- ip source-route
- ip unreachables
- load-balance
- load-balance hg
- management route
- show arp
- show arp retries
- show hosts
- show ip cam stack-unit
- show ip fib stack-unit
- show ip flow
- show ip interface
- show ip management-route
- show ipv6 management-route
- show ip protocols
- show ip route
- show ip route list
- show ip route summary
- show ip traffic
- show tcp statistics
IPv6 Access Control Lists (IPv6 ACLs)
- show cam-acl-egress
- show cam-acl
- permit icmp
- permit
- ipv6 control-plane egress-filter
- ipv6 access-list
- cam-acl-egress
- cam-acl
IPv6 Basics
- cam-ipv6 extended-prefix
- clear ipv6 fib
- clear ipv6 route
- clear ipv6 mld_host
- maximum dynamic-routes-ipv6
- ipv6 address autoconfig
- ipv6 address
- ipv6 address eui64
- ipv6 control-plane icmp error-rate-limit
- ipv6 flowlabel-zero
- ipv6 host
- ipv6 name-server
- ipv6 nd dad attempts
- ipv6 nd disable-reachable-timer
- ipv6 nd dns-server
- ipv6 nd prefix
- ipv6 nd reachable-time
- ipv6 route
- ipv6 unicast-routing
- show ipv6 cam stack-unit
- show ipv6 control-plane icmp
- show ipv6 fib stack-unit
- show ipv6 flowlabel-zero
- show ipv6 interface
- show ipv6 mld_host
- show ipv6 route
- trust ipv6-diffserv
iSCSI Optimization
- advertise dcbx-app-tlv
- iscsi aging time
- iscsi cos
- iscsi enable
- iscsi priority-bits
- iscsi profile-compellant
- iscsi target port
- show iscsi
- show iscsi session
- show iscsi session detailed
- show run iscsi
Intermediate System to Intermediate System (IS-IS)
- adjacency-check
- advertise
- area-password
- clear config
- clear isis
- clns host
- debug isis
- debug isis adj-packets
- debug isis local-updates
- debug isis snp-packets
- debug isis spf-triggers
- debug isis update-packets
- default-information originate
- description
- distance
- distribute-list in
- distribute-list out
- distribute-list redistributed-override
- domain-password
- graceful-restart ietf
- graceful-restart interval
- graceful-restart restart-wait
- graceful-restart t1
- graceful-restart t2
- graceful-restart t3
- hello padding
- hostname dynamic
- ignore-lsp-errors
- ip router isis
- ipv6 router isis
- isis circuit-type
- isis csnp-interval
- isis hello-interval
- isis hello-multiplier
- isis hello padding
- isis ipv6 metric
- isis metric
- isis network point-to-point
- isis password
- isis priority
- is-type
- log-adjacency-changes
- lsp-gen-interval
- lsp-mtu
- lsp-refresh-interval
- max-area-addresses
- max-lsp-lifetime
- maximum-paths
- metric-style
- multi-topology
- net
- passive-interface
- redistribute
- redistribute bgp
- redistribute ospf
- router isis
- set-overload-bit
- show config
- show isis database
- show isis graceful-restart detail
- show isis hostname
- show isis interface
- show isis neighbors
- show isis protocol
- show isis traffic
- spf-interval
Link Aggregation Control Protocol (LACP)
- clear lacp counters
- debug lacp
- lacp fast-switchover
- lacp long-timeout
- lacp port-priority
- lacp system-priority
- port-channel-protocol lacp
- show lacp
Layer 2
- MAC Addressing Commands
- Virtual LAN (VLAN) Commands
- Far-End Failure Detection (FEFD)
Link Layer Discovery Protocol (LLDP)
- LLPD Commands
- LLDP-MED Commands
Microsoft Network Load Balancing
- arp (for Multicast MAC Address)
- mac-address-table static (for Multicast MAC Address)
- ip vlan-flooding
Multicast Source Discovery Protocol (MSDP)
- clear ip msdp peer
- clear ip msdp sa-cache
- clear ip msdp statistic
- debug ip msdp
- ip msdp cache-rejected-sa
- ip msdp default-peer
- ip msdp log-adjacency-changes
- ip msdp mesh-group
- ip msdp originator-id
- ip msdp peer
- ip msdp redistribute
- ip msdp sa-filter
- ip msdp sa-limit
- ip msdp shutdown
- ip multicast-msdp
- show ip msdp
- show ip msdp sa-cache rejected-sa
Multicast Listener Discovery Protocol
- MLD timers
  - Reducing Host Response Burstiness
- Clearing MLD groups
- Debugging MLD
- Explicit Tracking
- Reducing Leave Latency
- Displaying MLD groups table
- Displaying MLD Interfaces
- MLD Snooping
Multiple Spanning Tree Protocol (MSTP)
- debug spanning-tree mstp
- disable
- forward-delay
- hello-time
- max-age
- msti
- name
- port-channel path-cost custom
- protocol spanning-tree mstp
- revision
- show config
- show spanning-tree mst configuration
- show spanning-tree msti
- spanning-tree
- spanning-tree msti
- tc-flush-standard
Multicast
- IPv4 Multicast Commands
- IPv6 Multicast Commands
Neighbor Discovery Protocol (NDP)
- clear ipv6 neighbors
- ipv6 neighbor
- show ipv6 neighbors
- IPv6 Router Advertisement (RA) Guard
Object Tracking
- IPv4 Object Tracking Commands
- IPv6 Object Tracking Commands
Open Shortest Path First (OSPFv2 and OSPFv3)
- OSPFv2 Commands
- OSPFv3 Commands
Policy-based Routing (PBR)
- description
- ip redirect-group
- ip redirect-list
- permit
- redirect
- seq
- show cam pbr
- show ip redirect-list
PIM-Sparse Mode (PIM-SM)
- IPv4 PIM-Sparse Mode Commands
- IPv6 PIM-Sparse Mode Commands
Port Monitoring
- description
- erpm
- monitor multicast-queue
- monitor session
- rate-limit
- show config
- show monitor session
- show running-config monitor session
- source (port monitoring)
Private VLAN (PVLAN)
- ip local-proxy-arp
- private-vlan mode
- private-vlan mapping secondary-vlan
- switchport mode private-vlan
Per-VLAN Spanning Tree Plus (PVST+)
- description
- disable
- extend system-id
- protocol spanning-tree pvst
- show spanning-tree pvst
- spanning-tree pvst
- spanning-tree pvst err-disable
- tc-flush-standard
- vlan bridge-priority
- vlan forward-delay
- vlan hello-time
- vlan max-age
Quality of Service (QoS)
- Global Configuration Commands
  - qos-rate-adjust
- Per-Port QoS Commands
- Policy-Based QoS Commands
- DSCP Color Map Commands
Routing Information Protocol (RIP)
- auto-summary
- clear ip rip
- debug ip rip
- default-information originate
- default-metric
- description
- distance
- distribute-list in
- distribute-list out
- ip poison-reverse
- ip rip receive version
- ip rip send version
- ip split-horizon
- maximum-paths
- neighbor
- network
- offset-list
- output-delay
- passive-interface
- redistribute
- redistribute isis
- redistribute ospf
- router rip
- show config
- show ip rip database
- show running-config rip
- timers basic
- version
Remote Monitoring (RMON)
- rmon alarm
- rmon collection history
- rmon collection statistics
- rmon event
- rmon hc-alarm
- show rmon
- show rmon alarms
- show rmon events
- show rmon hc-alarm
- show rmon history
- show rmon log
- show rmon statistics
Rapid Spanning Tree Protocol (RSTP)
- bridge-priority
- debug spanning-tree rstp
- description
- disable
- forward-delay
- hello-time
- max-age
- protocol spanning-tree rstp
- show config
- show spanning-tree rstp
- spanning-tree rstp
- tc-flush-standard
Software-Defined Networking (SDN)
Security
- AAA Accounting Commands
- Authorization and Privilege Commands
- Obscure Password Commands
  - service obscure-passwords
- Authentication and Password Commands
- RADIUS Commands
- rate-limit
- replay-protection-window
- terminate-session
- TACACS+ Commands
- Port Authentication (802.1X) Commands
- SSH and SCP Commands
- Secure DHCP Commands
- Role-Based Access Control Commands
- System Security Commands
Service Provider Bridging
- debug protocol-tunnel
- protocol-tunnel
- protocol-tunnel destination-mac
- protocol-tunnel enable
- protocol-tunnel rate-limit
- show protocol-tunnel
sFlow
- sflow collector
- sflow enable (Global)
- sflow enable (Interface)
- sflow ingress-enable
- sflow extended-switch enable
- sflow max-header-size extended
- sflow polling-interval (Global)
- sflow polling-interval (Interface)
- sflow sample-rate (Global)
- sflow sample-rate (Interface)
- show sflow
Simple Network Management Protocol (SNMP) and Syslog
- SNMP Commands
- Syslog Commands
SNMP Traps
Stacking
- mixed-mode-stacking
- redundancy disable-auto-reboot
- redundancy force-failover stack-unit
- redundancy protocol
- reset stack-unit
- show redundancy
- show system stack-ports
- stack-unit priority
- stack-unit provision
- stack-unit stack-group
- upgrade system stack-unit
Storm Control
- show storm-control broadcast
- show storm-control multicast
- show storm-control unknown-unicast
- storm-control broadcast (Configuration)
- storm-control broadcast (Interface)
- storm-control multicast (Configuration)
- storm-control multicast (Interface)
- storm-control PFC/LLFC
- storm-control unknown-unicast (Configuration)
- storm-control unknown-unicast (Interface)
Spanning Tree Protocol (STP)
- bridge-priority
- bpdu-destination-mac-address
- debug spanning-tree
- description
- disable
- forward-delay
- hello-time
- max-age
- protocol spanning-tree
- show config
- show spanning-tree 0
- spanning-tree
SupportAssist
- eula-consent
- support-assist
- support-assist activate
- support-assist activity
- SupportAssist Commands
- SupportAssist Activity Commands
- SupportAssist Company Commands
- SupportAssist Person Commands
- SupportAssist Server Commands
- show eula-consent
- show running-config
- show support-assist status
System Time and Date
- clock summer-time date
- clock summer-time recurring
- clock timezone
- debug ntp
- ntp authenticate
- ntp authentication-key
- ntp broadcast client
- ntp control-key-passwd
- ntp disable
- ntp master <stratum>
- ntp offset-threshold
- ntp server
- ntp source
- ntp step-threshold
- ntp trusted-key
- show clock
- show ntp associations
- show ntp vrf associations
- show ntp status
Tunneling
- ip unnumbered
- ipv6 unnumbered
- tunnel allow-remote
- tunnel destination
- tunnel dscp
- tunnel flow-label
- tunnel hop-limit
- tunnel keepalive
- tunnel-mode
- tunnel source
Uplink Failure Detection (UFD)
- clear ufd-disable
- debug uplink-state-group
- description
- downstream
- downstream auto-recover
- downstream disable links
- enable
- show running-config uplink-state-group
- show uplink-state-group
- uplink-state-group
- upstream
VLAN Stacking
- dei enable
- dei honor
- dei mark
- member
- stack-unit stack-group
- vlan-stack access
- vlan-stack compatible
- vlan-stack dot1p-mapping
- vlan-stack protocol-type
- vlan-stack trunk
Virtual Routing and Forwarding (VRF)
- ip vrf
- ip http vrf
- description
- ip vrf forwarding
- ip route-export
- ip route-import
- ipv6 route-export
- ipv6 route-import
- match source-protocol
- redistribute
- interface management
- maximum dynamic-routes
- show ip vrf
- show run vrf
VLT Proxy Gateway
- proxy-gateway lldp
- proxy-gateway static
- remote-mac-address exclude-vlan
- peer-domain-link port-channel exclude-vlan
- proxy-gateway peer-timeout
- vlt-peer-mac transmit
- show vlt-proxy-gateway
Virtual Link Trunking (VLT)
- back-up destination
- clear vlt statistics
- delay-restore
- delay-restore abort-threshold
- lacp ungroup member-independent
- multicast peer-routing timeout
- peer-link port-channel
- peer-routing
- peer-routing-timeout
- primary-priority
- show vlt brief
- show vlt backup-link
- show vlt counters
- show vlt detail
- show vlt inconsistency
- show vlt mismatch
- show vlt role
- show vlt statistics
- show vlt statistics igmp-snoop
- system-mac
- unit-id
- vlt domain
- vlt-peer-lag port-channel
- show vlt private-vlan
Virtual Extensible LAN (VXLAN)
- clear mac-address-table dynamic
- clear vxlan vxlan-instance statistics
- controller
- feature vxlan
- debug vxlan
- disable-mac-learn
- fail-mode
- gateway-ip
- local-vtep-ip
- max_backoff
- peer-ovsdbserver-ip
- remote-vtep-ip
- vnid
- vni-profile
- vxlan-instance
- vxlan-instance (VAP)
- vxlan-instance loopback
- vnid
- vni-profile
- vxlan-instance static
- vxlan-vnid
- show running-config vxlan
- show vxlan vxlan-instance
- show vxlan vxlan-instance logical network
- show vxlan vxlan-instance physical-locator
- show vxlan vxlan-instance statistics interface
- show vxlan vxlan-instance statistics remote-vtep-ip
- show vxlan vxlan-instance unicast-mac-local
- show vxlan vxlan-instance unicast-mac-remote
- show vxlan vxlan-instance vtep-vni-map
Virtual Router Redundancy Protocol (VRRP)
- IPv4 VRRP Commands
- IPv6 VRRP Commands
X.509v3
- crypto ca-cert delete
- crypto ca-cert install
- crypto cert delete
- crypto cert generate
- crypto cert install
- crypto x509 ocsp
- crypto x509 revocation
- debug crypto
- logging secure
- crypto x509 ca-keyid
- ocsp-server
- ocsp-server prefer
- show crypto ca-cert
- show crypto cert

Loading, Please wait

show crypto ipsec policy

Display the configuration of IPsec authentication and encryption policies.

Syntax

show crypto ipsec policy [name name]

Parameters

name name: (OPTIONAL) Displays configuration details about a specified policy.

Defaults

No default behavior or values.

Command Modes

EXEC

EXEC Privilege

Command History

This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC Networking OS Command Line Reference Guide.

Version: Description
9.10(0.1): Introduced on the S6010-ON and S4048T-ON.
9.10(0.0): Introduced on the S3148.
9.10(0.0): Introduced on the S6100-ON.
9.8(2.0): Introduced on the S3100 series.
9.8(1.0): Introduced on the Z9100-ON.
9.8(0.0P5): Introduced on the S4048-ON.
9.8(0.0P2): Introduced on the S3048-ON.
9.2(1.0): Introduced on the Z9500.
9.1.(0.0): Introduced on the S4810 and Z9000.
8.4.2.0: Introduced on the E-Series.
8.3.19.0: Introduced on the S4820T.

Usage Information

The show crypto ipsec policy command output displays the AH and ESP parameters configured in IPsec security policies, including the SPI number, keys, and algorithms used.

When configured in a helper-reject role, an OSPFv3 router ignores the Grace LSAs that it receives from a restarting OSPFv3 neighbor.

Related Commands

show crypto ipsec sa ipv6– displays the IPsec security associations used on OSPFv3 interfaces.

Example

DellEMC# show crypto ipsec policy

Crypto IPSec client security policy data

Policy name : OSPFv3-1-502
Policy refcount : 1
Inbound ESP SPI : 502 (0x1F6)
Outbound ESP SPI : 502 (0x1F6)
Inbound ESP Auth Key : 123456789a123456789b123456789c12
Outbound ESP Auth Key : 123456789a123456789b123456789c12
Inbound ESP Cipher Key :
123456789a123456789b123456789c123456789d12345678
Outbound ESP Cipher Key :
123456789a123456789b123456789c123456789d12345678
Transform set : esp-3des esp-md5-hmac

Crypto IPSec client security policy data

Policy name : OSPFv3-0-501
Policy refcount : 1
Inbound ESP SPI : 501 (0x1F5)
Outbound ESP SPI : 501 (0x1F5)
Inbound ESP Auth Key :
bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0
c30808825fb5
Outbound ESP Auth Key :
bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0
c30808825fb5
Inbound ESP Cipher Key :
bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a
Outbound ESP Cipher Key :
bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a
Transform set : esp-128-aes esp-sha1-hmac

show crypto ipsec policy Command Fields

Field: Description
Policy name: Displays the name of an IPsec policy.
Policy refcount: Number of interfaces on the router that use the policy.
Inbound ESP SPI and Outbound ESP SPI: The encapsulating security payload (ESP) security policy index (SPI) for inbound and outbound links.
Inbound ESP Auth Key and Outbound Auth Key: The ESP authentication key for inbound and outbound links.
Inbound ESP Cipher Key and Outbound ESP Cipher Key: The ESP encryption key for inbound and outbound links.
Transform set: The set of security protocols and algorithms used in the policy.
Inbound AH SPI and Outbound AH SPI: The authentication header (AH) security policy index (SPI) for inbound and outbound links.
Inbound AH Key and Outbound AH Key: The AH key for inbound and outbound links.

Data is not available for the Topic

Rate this content

All fields are required unless marked otherwise.

Accurate

not accurate

somewhat accurate

mostly accurate

accurate

very accurate

Useful

not useful

somewhat useful

mostly useful

useful

very useful

Easy to understand

not easy

somewhat easy

mostly easy

easy

very-easy

Was this article helpful?

Yes

No

Send us feedback (Optional)

0/3000 characters

Comments cannot contain these special characters: <>()\

Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.

Please provide ratings (1-5 stars).

Please provide ratings (1-5 stars).

Please provide ratings (1-5 stars).

Please select whether the article was helpful or not.

Comments cannot contain these special characters: <>()\

Account

My Account
Order Status
Profile Settings
My Products
Make a Payment
Dell Rewards Balance

Support

Support Home
Contact Technical Support
Returns

Connect with Us

Community
Contact Us
X (Twitter)
LinkedIn
Instagram
YouTube

Our Offerings

Artificial Intelligence
Products
Solutions
Services
Deals

Our Company

Who We Are
Careers
Dell Technologies Capital
Investors
Newsroom
Recycling
ESG & Impact
Customer Stories

Our Partners

Find a Partner
Find a Reseller
OEM Solutions
Partner Program

Resources

Blog
Dell Rewards
Events
Email Sign-Up
Dell Learning Center
Privacy Center
Resource Library
Security & Trust Center
Trial Software Downloads

Dell Technologies
Dell Premier
Dell Financial Services

Copyright © 2024 Dell Inc.
Terms of Sale
Privacy Statement
Do Not Sell or Share My Personal Information
Cookies, Ads & Emails
Legal & Regulatory
Accessibility
Anti-Slavery, Human Trafficking & Child Labor