Post your thoughts and suggestions here!
-
johnhenriksson
- Posts: 21
- Joined: 07 Jan 2016, 13:49
Post
by johnhenriksson » 25 Apr 2018, 08:22
I would like a more dynamic CLI. We have very large configurations and sometimes it's frustrating to get the right output from the console. If a customer has 10 of our 150 configured ike SA's and we would like to show these SA's only, it would be nice to just type
and all their SA's would appear.
// John
Friends Don’t Let Friends Build Large L2 Networks
-
ansj
- Posts: 15
- Joined: 15 Jul 2016, 08:53
Post
by ansj » 26 Apr 2018, 09:09
Hello,
If the customer has their 10 SA's towards the same remote IP you can show only their SA's by writing the command:
When you write you'd like to be able to filter on *CUSTOMER*, do you mean "customer" as a text string?
Should this command then show all SA's that are bound to an interface which name contains the specified text string?
Or do you mean there should be implemented some type of "Customer" field on the IPsec interface where you can enter which customer the tunnel is associated with, which can then be filtered on?
/André
-
anders s
- Posts: 33
- Joined: 27 Sep 2011, 14:41
Post
by anders s » 26 Apr 2018, 09:52
I would also like to be able to filter on partial text string from ipsec interface name, both in ike -show and, more importently, on ipsec -show.
Also a list of tunnels that are both up and down (a combination of ike -tunnels and ipsec -show) with the same filtering
-
Anton
- Posts: 26
- Joined: 16 Jun 2016, 18:50
- Location: Clavister HQ - Örnsköldsvik
Post
by Anton » 27 Apr 2018, 07:48
Hello John
I understand what you mean, I have created a RFE with ID:COP-20963 to implement wildcard support in the following commands:
Code: Select all
ike -show
ike -show -tunnel=
ipsec -show
ike -tunnel
ike -delete
ike -connect
@anders s, what do you mean? Do you want to add SA information to the ike -tunnels command?
Best regards
Anton
-
anders s
- Posts: 33
- Joined: 27 Sep 2011, 14:41
Post
by anders s » 27 Apr 2018, 16:54
Something like this:
clavister:/> ipsec -show -pattern=*customerA* -includeinactive
--- IPsec SAs for *customerA*:
IPsec Tunnel Local Network Remote Network Remote Endpoint Status
------------------ ------------------ ------------------ ------------------ --------
customerA-sto 10.25.42.0/24 172.16.9.0/24 10.235.233.30 UP
customerA-sto 10.25.42.0/24 172.18.0.0/24 10.235.233.30 DOWN
customerA-got 10.25.42.0/24 172.16.8.0/24 10.193.254.117 DOWN
Thanks for ike -connect btw, I had missed that command
-
johnhenriksson
- Posts: 21
- Joined: 07 Jan 2016, 13:49
Post
by johnhenriksson » 04 May 2018, 09:29
Thanks for your response! Yes, I would indeed be able to "filter" the output based on a text pattern in the IPSec tunnel name. And, NO! There should not be a exclusive field in the IPSec object regarding the customer name. We do that in the naming context. I would only like to be able to filter the output from the CLI command.
// John
Friends Don’t Let Friends Build Large L2 Networks
-
Anton
- Posts: 26
- Joined: 16 Jun 2016, 18:50
- Location: Clavister HQ - Örnsköldsvik
Post
by Anton » 09 May 2018, 15:54
Hi
@anders s
I see your point and a good suggestion. That would be an easy way to see the status of the tunnel and also a way to show the potential SAs that could be created for that tunnel. I have reported this to our developers, development ID: COP-21009.
I also missed the ike -connect for the longest time it's very handy
@johnhenriksson
We will see what the architects say I do not know how much work that is need to implement such functionality. But I think it would be really nice, it can be a bit frustrating to look up a tunnel if you have a lot of them.
Best regards
Anton