Monitoring Secure Policy Lists

Purpose

Display information about only secure policy lists. This command and the output are visible only to authorized users—the mirror-enable command must be enabled before using this command. Use the name keyword to display information for a specific secure policy list.

Action

To display information about secure policy lists:

host1#show secure policy-list
                                  Policy Table
                                  ------ -----
Secure IP Policy secureIpPolicy
   Administrative state: enable
   Reference count:      2
   Classifier control list: secClassA
      mirror analyzer-ip-address 192.168.1.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543
   Referenced by interface(s): 
      ATM5/0.1  secure-input policy, statistics disabled, virtual-router default
      ATM5/0.1  secure-output policy, statistics disabled, virtual-router default
Secure IPv6 Policy secure-ipv6-pol3
   Administrative state: enable
   Reference count:      2
   Classifier control list: *
      Mirror analyzer-ip-address 190.168.1.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543

   Referenced by interface(s):
      GigabitEthernet1/0/2.1.2  secure-input policy, statistics disabled, virtual-router default
      GigabitEthernet1/0/2.1.2  secure-output policy, statistics disabled, virtual-router default

   Referenced by merged policies:
      None
L2TP Secure Policy secureL2tpPolicy
   Administrative state: enable
   Reference count:      2
   Classifier control list: *
      mirror analyzer-ip-address 192.168.2.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543 (unreachable)
   Referenced by interface(s): 
      TUNNEL l2tp:1/msn.pwh.com/1  secure-input policy, statistics disabled
      TUNNEL l2tp:1/msn.pwh.com/1  secure-output policy, statistics disabled

 

Meaning

Table 70 lists show secure policy-list command output fields.

Table 70: show secure policy-list Output Fields

Field Name

Field Description

Policy

Type (IP, IPv6, or L2TP) and name of the policy list

Administrative state

Status of administrative state, enable or disable; set to enable when the policy list is created

Reference count

Number of attachments to interfaces or profiles

Classifier control list

Name of the classifier control list

Mirror analyzer-ip-address

IP address of analyzer device

Analyzer-virtual-router

Analyzer interface virtual router

Analyzer-udp-port

UDP port used to communicate with analyzer device

Mirror-id

Unique identifier of the mirrored session

Session-id

Unique identifier of the user session

Referenced by interface(s)

List of interfaces to which the policy is attached; indicates whether the attachment is at secure input or secure output of interface

Referenced by profile(s)

Not currently supported: always null

Statistics

Not currently supported: always disabled

Related Documentation