Monitoring Secure Policy Lists

Purpose

Display information about only secure policy lists. This command and the output are visible only to authorized users—the mirror-enable command must be enabled before using this command. Use the name keyword to display information for a specific secure policy list.

Action

To display information about secure policy lists:

host1#show secure policy-list

                                  Policy Table
                                  ------ -----
Secure IP Policy secureIpPolicy
   Administrative state: enable
   Reference count:      2
   Classifier control list: secClassA
      mirror analyzer-ip-address 192.168.1.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543
   Referenced by interface(s): 
      ATM5/0.1  secure-input policy, statistics disabled, virtual-router default
      ATM5/0.1  secure-output policy, statistics disabled, virtual-router default
Secure IPv6 Policy secure-ipv6-pol3
   Administrative state: enable
   Reference count:      2
   Classifier control list: *
      Mirror analyzer-ip-address 190.168.1.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543

   Referenced by interface(s):
      GigabitEthernet1/0/2.1.2  secure-input policy, statistics disabled, virtual-router default
      GigabitEthernet1/0/2.1.2  secure-output policy, statistics disabled, virtual-router default

   Referenced by merged policies:
      None

L2TP Secure Policy secureL2tpPolicy
   Administrative state: enable
   Reference count:      2
   Classifier control list: *
      mirror analyzer-ip-address 192.168.2.1 analyzer-virtual-router default analyzer-udp-port 3000 mirror-id 6789 session-id 6543 (unreachable)
   Referenced by interface(s): 
      TUNNEL l2tp:1/msn.pwh.com/1  secure-input policy, statistics disabled
      TUNNEL l2tp:1/msn.pwh.com/1  secure-output policy, statistics disabled
 
Meaning
 Table 68 lists show secure
policy-list command output fields.
Table 68: show secure
policy-list Output Fields
Field Name
Field Description
Policy
Type (IP, IPv6, or L2TP) and name of the policy list
Administrative state
Status of administrative state, enable or disable; set
to enable when the policy list is created
Reference count
Number of attachments to interfaces or profiles
Classifier control list
Name of the classifier control list
Mirror analyzer-ip-address
IP address of analyzer device
Analyzer-virtual-router
Analyzer interface virtual router
Analyzer-udp-port
UDP port used to communicate with analyzer device
Mirror-id
Unique identifier of the mirrored session
Session-id
Unique identifier of the user session
Referenced by interface(s)
List of interfaces to which the policy is attached; indicates
whether the attachment is at secure input or secure output of interface
Referenced by profile(s)
Not currently supported: always null 
Statistics
Not currently supported: always disabled
Related Documentation

						Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.