dump servicelink status
Table of Contents
Expand all | Collapse all
-
-
- clear app-engine
- clear app-map dynamic
- clear app-probe prefix
- clear connection
- clear device account-login
- clear dhcplease
- clear dhcprelay stat
- clear flow and clear flows
- clear flow-arp
- clear qos-bwc queue-snapshot
- clear routing multicast statistics
- clear routing peer-ip
- clear switch mac-address-entries
- clear user-id agent statistics
-
- arping interface
- curl
- ping
- ping6
- debug bounce interface
- debug bw-test src-interface
- debug cellular stats
- debug controller reachability
- debug flow
- debug ipfix
- debug logging facility
- debug logs dump
- debug logs follow
- debug logs tail
- debug poe interface
- debug process
- debug reboot
- debug routing multicast log
- debug routing multicast pimd
- debug servicelink logging
- debug tcpproxy
- debug time sync
- dig dns
- dig6
- file export capture
- file remove
- file space available
- file tailf log
- file view log
- ssh6 interface
- ssh interface
- tcpdump
- tcpping
- traceroute
- traceroute6
-
- dump appdef config
- dump appdef version
- dump app-engine
- dump app-l4-prefix table
- dump app-probe config
- dump app-probe flow
- dump app-probe prefix
- dump app-probe status
- dump auth config
- dump auth status
- dump banner config
- dump bfd status
- dump bypass-pair config
- dump cellular config
- dump cellular stats
- dump cellular status
- dump cgnxinfra status
- dump cgnxinfra status live
- dump cgnxinfra status store
- dump config network
- dump config security
- dump controller cipher
- dump controller status
- dump device accessconfig
- dump device conntrack count
- dump device date
- dump device info
- dump device status
- dump dhcp-relay config
- dump dhcprelay stat
- dump dhcp-server config
- dump dhcp-server status
- dump dhcpstat
- dump dnsservice config all
- dump dpdk cpu
- dump dpdk interface
- dump dpdk port status
- dump dpdk stats
- dump flow
- dump flow count-summary
- dump interface config
- dump interface status
- dump interface status interface details
- dump interface status interface module
- dump ipfix config collector-contexts
- dump ipfix config derived-exporters
- dump ipfix config filter-contexts
- dump ipfix config ipfix-overrides
- dump ipfix config prefix-filters
- dump ipfix config profiles
- dump ipfix config templates
- dump lldp
- dump lldp config
- dump lldp info
- dump lldp stats
- dump lldp status
- dump log-agent eal conn
- dump log-agent eal response-time
- dump log-agent eal stats
- dump log-agent config
- dump log-agent status
- dump nat counters
- dump nat summary
- dump network-policy config policy-rules
- dump network-policy config policy-sets
- dump network-policy config policy-stacks
- dump network-policy config prefix-filters
- dump overview
- dump poe system config
- dump poe system status
- dump priority-policy config policy-rules
- dump priority-policy config policy-sets
- dump priority-policy config policy-stacks
- dump priority-policy config prefix-filters
- dump radius config
- dump radius statistics
- dump radius status
- dump reachability-probe config
- dump qos-bwc config
- dump reachability-probe status
- dump routing aspath-list
- dump routing cache
- dump routing communitylist
- dump routing multicast config
- dump routing multicast igmp
- dump routing multicast interface
- dump routing multicast internal vif-entries
- dump routing multicast mroute
- dump routing multicast pim
- dump routing multicast sources
- dump routing multicast statistics
- dump routing multicast status
- dump routing peer advertised routes
- dump routing peer config
- dump routing peer received-routes
- dump routing peer routes
- dump routing peer status
- dump routing peer route-json
- dump routing prefixlist
- dump routing prefix-reachability
- dump routing route
- dump routing routemap
- dump routing running-config
- dump routing summary
- dump routing static-route reachability-status
- dump routing static-route config
- dump security-policy config policy-rules
- dump security-policy config policy-set
- dump security-policy config policy-set-stack
- dump security-policy config prefix-filters
- dump security-policy config zones
- dump sensor type
- dump sensor type summary
- dump serviceendpoints
- dump servicelink summary
- dump servicelink stats
- dump servicelink status
- dump site config
- dump snmpagent config
- dump snmpagent status
- dump software status
- dump spoke-ha config
- dump spoke-ha status
- dump standingalarms
- dump static-arp config
- dump static host config
- dump static routes
- dump support details
- dump-support output
- dump switch fdb vlan-id
- dump switch port status
- dump switch vlan-db
- dump syslog config
- dump syslog-rtr stats
- dump syslog status
- dump time config
- dump time log
- dump time status
- dump troubleshoot message
- dump user-id agent config
- dump user-id agent statistics
- dump user-id agent status
- dump user-id agent summary
- dump user-id groupidx
- dump user-id group-mapping
- dump user-id ip-user-mapping
- dump user-id statistics
- dump user-id status
- dump user-id summary
- dump user-id useridx
- dump vlan member
- dump vpn count
- dump vpn ka all
- dump vpn ka summary
- dump vpn ka VpnID
- dump vpn status
- dump vpn summary
- dump waninterface config
- dump waninterface summary
-
- inspect app-flow-table
- inspect app-l4-prefix lookup
- inspect app-map
- inspect certificate
- inspect certificate device
- inspect cgnxinfra role
- inspect connection
- inspect dhcplease
- inspect dhcp6lease
- inspect dpdk ip-rules
- inspect dpdk vrf
- inspect fib
- inspect flow-arp
- inspect flow brief
- inspect flow-detail
- inspect flow internal
- inspect interface stats
- inspect ipfix exporter-stats
- inspect ipfix collector-stats
- inspect ipfix app-table
- inspect ipfix wan-path-info
- inspect ipfix interface-info
- inspect ip-rules
- inspect ipv6-rules
- inspect lqm stats
- inspect memory summary
- inspect network-policy conflicts
- inspect network-policy dropped
- inspect network-policy hits policy-rules
- inspect network-policy lookup
- inspect policy-manager status
- inspect policy-mix lookup-flow
- inspect priority-policy conflicts
- inspect priority-policy dropped
- inspect priority-policy hits default-rule-dscp
- inspect priority-policy hits policy-rules
- inspect priority-policy lookup
- inspect process status
- inspect qos-bwc debug-state
- inspect qos-bwc queue-history
- inspect qos-bwc queue-snapshot
- inspect routing multicast fc site-iface
- inspect routing multicast interface
- inspect routing multicast mroute
- inspect security-policy lookup
- inspect security-policy size
- inspect switch mac-address-table
- inspect system arp
- inspect system ipv6-neighbor
- inspect vrf
- inspect wanpaths
-
dump servicelink status
Use the
dump servicelink status
command
to display status of standard VPNs. Information includes the IPsec
profile selected, authentication, Internet Key Exchange (IKE) protocol
details, Encapsulating Security Payload (ESP) details and Dead Peer
Detection (DPD) details. The output differs based on whether
the standard VPN is up or down. When the VPN is down, the configuration
details are displayed as part of the status.
The output differs
based on the standard VPN protocol—IPsec or GRE. For GRE, interval
and Failure Count information displays only if Keepalives are enabled.
Command
dump servicelink status (all | sldev= | slname=)
Options
all | Enter all to display status
of all the standard VPNs. |
sldev | Enter the standard VPN number to view status
for a standard VPN. |
slname | Enter the standard VPN interface name to
view status for a standard VPN. |
Command Notes
Role | Super, Read Only, Monitor |
Related Commands |
|
Introduced in | Release 4.7.1 |
Example
The output for ZScaler Service
Link (IPSec)
dump servicelink status sldev=sl1 ServiceLink : sl1 Interface : slzscalerthree Description : ID : 16119027917990015 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : IpfixCollectorContextID : IpfixFilterContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 192.168.10.1/24 Parent Interface : 12.34 Parent Device : eth1.34 Service Endpoint : ZScalerthree IPSec Profile : ZSCALER_IKEV1 Authentication Type : psk Local ID Type : custom Local ID : zainab@demo-cloudgenix.com Key Exchange : ikev1 IKE Mode : Aggressive IKE Lifetime : 1 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : modp1024/aes128/sha1, modp1024/aes128/sha256 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : none/none/md5 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 60 Device : sl1 State : up Last Change : 2021-02-03 07:18:51.531 (1m47s ago) Address : 192.168.10.1/24 Route : 0.0.0.0/0 via 192.168.10.1 metric 0 Extended State : tunnel_up IPSec Algo : NULL_HMAC_MD5_96 Ike Algo : AES_CBC_128HMAC_SHA1_96 HostName : qla1-vpn.zscalerthree.net Remote IP : 104.129.198.179 Local IP : 10.9.34.13 IkeNextRekey : 2021-02-03 08:16:15.707023365 +0000 UTC IPsecNextRekey : 2021-02-03 08:09:12.707022419 +0000 UTC Peer configured on service endpoint Service endpoint name: ZScalerthree Order of connection Try:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| IP Address | Hostname | Reachable | Latency(ms) | Last Liveliness Failed | Last TunnelBringup Failed | Hold Time | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 104.129.202.10 | sjc4-vpn.zscalerthree.net | Yes | 2 | | 2021-02-03 07:17:49 | || 104.129.198.179 | qla1-vpn.zscalerthree.net | Yes | 10 | | | || 165.225.50.22 | sea1-vpn.zscalerthree.net | Yes | 20 | | | || 165.225.216.38 | dfw1-2-vpn.zscalerthree.net | Yes | 39 | | | || 165.225.34.44 | dfw1-vpn.zscalerthree.net | Yes | 40 | | | || 165.225.0.165 | chi1-vpn.zscalerthree.net | Yes | 50 | | | || 165.225.208.38 | yto3-vpn.zscalerthree.net | Yes | 64 | | | || 165.225.38.52 | nyc3-vpn.zscalerthree.net | Yes | 73 | | | || 165.225.48.10 | was1-vpn.zscalerthree.net | Yes | 78 | | | || 165.225.8.35 | was1-2-vpn.zscalerthree.net | Yes | 80 | | | || 165.225.110.24 | tyo4-vpn.zscalerthree.net | Yes | 106 | | | || 165.225.16.38 | lon3-vpn.zscalerthree.net | Yes | 133 | | | || 165.225.28.14 | ams2-vpn.zscalerthree.net | Yes | 137 | | | || 165.225.192.29 | sto3-vpn.zscalerthree.net | Yes | 138 | | | || 165.225.196.35 | Man1-vpn.zscalerthree.net | Yes | 143 | | | || 165.225.94.38 | zrh1-vpn.zscalerthree.net | Yes | 151 | | | || 165.225.86.39 | mil2-vpn.zscalerthree.net | Yes | 154 | | | || 165.225.92.35 | Mad3-vpn.zscalerthree.net | Yes | 155 | | | || 165.225.114.24 | syd3-vpn.zscalerthree.net | Yes | 167 | | | || 213.52.102.19 | osl2-vpn.zscalerthree.net | Yes | 168 | | | || 165.225.112.24 | sin4-vpn.zscalerthree.net | Yes | 172 | | | || 165.225.214.39 | sao2-2-vpn.zscalerthree.net | Yes | 188 | | | || 94.188.131.35 | tlv1-vpn.zscalerthree.net | Yes | 207 | | | || 154.113.23.33 | los2-vpn.zscalerthree.net | Yes | 227 | | | || 165.225.106.39 | bom4-vpn.zscalerthree.net | Yes | 244 | | | || 165.225.104.28 | maa1-vpn.zscalerthree.net | Yes | 265 | | | || 165.225.84.39 | waw1-vpn.zscalerthree.net | No | NA | | | || 211.144.19.18 | bjs1-vpn.zscalerthree.net | No | NA | | | |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Liveliness probe status--------------------------------------------------------------- Type : http Url : http://gateway.zscalerthree.net/vpntest Status : true Latency(ms) : 95 Last updated : 2021-02-03T07:18:50 Type : icmp Ipv4 : 8.8.8.8 Status : true Latency(ms) : 12 Last updated : 2021-02-03T07:18:49
The output for
Prisma Access Service Link (IPSec)
Public-BLR-Branch3K# dump servicelink status slname=AUTO-PRISMA_IPSEC-Tunnel_us-east-1_6 ServiceLink : sl2 Interface : AUTO-PRISMA_IPSEC-Tunnel_us-east-1_6 Description : Prisma Access info on Panorama: Remote Onboarding: AUTO-CGX_remotenet-2 IPSEC Tunnel: AUTO-CGX_ipsec_tn-2-A IKE Gateway: AUTO-CGX_ike_gw-2-c6ab50f Prisma License: FWAAS-AGGREGATE ID : 16124203058570004 Type : service_link (ipsec) Admin State : up Alarms : enabled NetworkContextID : Scope : local Directed Broadcast : false MTU : 1400 IP : static Address : 172.16.0.2/31 Parent Interface : 6 Parent Device : eth6 Peer : 208.127.66.98 Service Endpoint : Prisma US East (us-east-1) IPSec Profile : AUTO-PRISMA_IPSEC-Profile Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel@mycompany.com Key Exchange : ikev2 IKE Reauth : no IKE Lifetime : 8 hours IKE Remote Port : 500 IKE DH Group/Encryption/Hash : ecp384/aes256/sha512 ESP Lifetime : 1 hours ESP Encapsulation : Auto ESP DH Group/Encryption/Hash : ecp384/aes256/sha512 DPD Enabled : yes DPD Delay : 10 DPD Timeout : 30 Authentication Override Authentication Type : psk Remote ID : prisma-tunnel@mycompany.com Local ID Type : custom Local ID : cgx-tunnel.2@mycompany.com Device : sl2 State : up Last Change : 2021-02-04 15:19:43.502 (11h36m2s ago) Address : 172.16.0.2/31 Route : 0.0.0.0/0 via 172.16.0.2 metric 0 Extended State : tunnel_up IPSec Algo : AES_CBC_256_HMAC_SHA2_512_256 Ike Algo : AES_CBC_256HMAC_SHA2_512_256 Remote IP : 208.127.66.98 Local IP : 10.64.9.252 IkeLastRekeyed : 2021-02-04 22:48:20.744106061 +0000 UTC IkeNextRekey : 2021-02-05 06:29:03.744106976 +0000 UTC IPsecLastRekeyed: 2021-02-05 02:07:43.850020484 +0000 UTC IPsecNextRekey : 2021-02-05 02:56:04.850022436 +0000 UTC Peer configured on interface Ipv4Addr: 208.127.66.98 --------------------------------------------------------------- Liveliness probe status --------------------------------------------------------------- Type : icmp Ipv4 : 192.168.220.254 Status : true Latency : 251 Last updated : 2021-02-04T15:19:42