dump servicelink summary
Table of Contents
Expand all | Collapse all
-
-
- clear app-engine
- clear app-map dynamic
- clear app-probe prefix
- clear connection
- clear device account-login
- clear dhcplease
- clear dhcprelay stat
- clear flow and clear flows
- clear flow-arp
- clear qos-bwc queue-snapshot
- clear routing
- clear routing multicast statistics
- clear routing ospf
- clear routing peer-ip
- clear switch mac-address-entries
- clear user-id agent statistics
-
- arping interface
- curl
- ping
- ping6
- debug bounce interface
- debug bw-test src-interface
- debug cellular stats
- debug controller reachability
- debug flow
- debug ipfix
- debug log agent eal file log
- debug logging facility
- debug logs dump
- debug logs follow
- debug logs tail
- debug poe interface
- debug process
- debug reboot
- debug routing multicast log
- debug routing multicast pimd
- debug servicelink logging
- debug tcpproxy
- debug time sync
- debug performance-policy
- dig dns
- dig6
- file export
- file remove
- file space available
- file tailf log
- file view log
- ssh6 interface
- ssh interface
- tcpdump
- tcpping
- traceroute
- traceroute6
-
- dump appdef config
- dump appdef version
- dump app-engine
- dump app-l4-prefix table
- dump app-probe config
- dump app-probe flow
- dump app-probe prefix
- dump app-probe status
- dump auth config
- dump auth status
- dump banner config
- dump bfd status
- dump bypass-pair config
- dump cellular config
- dump cellular stats
- dump cellular status
- dump cgnxinfra status
- dump cgnxinfra status live
- dump cgnxinfra status store
- dump config network
- dump config security
- dump controller cipher
- dump controller status
- dump device accessconfig
- dump device conntrack count
- dump device date
- dump device info
- dump device status
- dump dhcp-relay config
- dump dhcprelay stat
- dump dhcp-server config
- dump dhcp-server status
- dump dhcpstat
- dump dnsservice config all
- dump dpdk cpu
- dump dpdk interface
- dump dpdk port status
- dump dpdk stats
- dump flow
- dump flow count-summary
- dump interface config
- dump interface status
- dump interface status interface details
- dump interface status interface module
- dump ipfix config collector-contexts
- dump ipfix config derived-exporters
- dump ipfix config filter-contexts
- dump ipfix config ipfix-overrides
- dump ipfix config prefix-filters
- dump ipfix config profiles
- dump ipfix config templates
- dump lldp
- dump lldp config
- dump lldp info
- dump lldp stats
- dump lldp status
- dump log-agent eal conn
- dump log-agent eal response-time
- dump log-agent eal stats
- dump log-agent config
- dump log-agent iot snmp config
- dump log-agent iot snmp device discovery stats
- dump log-agent ip mac bindings
- dump log-agent neighbor discovery stats
- dump log-agent status
- dump ml7 mctd counters
- dump ml7 mctd session
- dump ml7 mctd version
- dump nat counters
- dump nat summary
- dump network-policy config policy-rules
- dump network-policy config policy-sets
- dump network-policy config policy-stacks
- dump network-policy config prefix-filters
- dump overview
- dump performance-policy config policy-rules
- dump performance-policy config policy-sets
- dump performance-policy config policy-set-stacks
- dump performance-policy config threshold-profile
- dump poe system config
- dump poe system status
- dump priority-policy config policy-rules
- dump priority-policy config policy-sets
- dump priority-policy config policy-stacks
- dump priority-policy config prefix-filters
- dump probe config
- dump probe profile
- dump radius config
- dump radius statistics
- dump radius status
- dump reachability-probe config
- dump qos-bwc config
- dump reachability-probe status
- dump routing aspath-list
- dump routing cache
- dump routing communitylist
- dump routing multicast config
- dump routing multicast igmp
- dump routing multicast interface
- dump routing multicast internal vif-entries
- dump routing multicast mroute
- dump routing multicast pim
- dump routing multicast sources
- dump routing multicast statistics
- dump routing multicast status
- dump routing ospf
- dump routing peer advertised routes
- dump routing peer config
- dump routing peer neighbor
- dump routing peer received-routes
- dump routing peer routes
- dump routing peer route-via
- dump routing peer status
- dump routing peer route-json
- dump routing prefixlist
- dump routing prefix-reachability
- dump routing route
- dump routing routemap
- dump routing running-config
- dump routing summary
- dump routing static-route reachability-status
- dump routing static-route config
- dump security-policy config policy-rules
- dump security-policy config policy-set
- dump security-policy config policy-set-stack
- dump security-policy config prefix-filters
- dump security-policy config zones
- dump sensor type
- dump sensor type summary
- dump serviceendpoints
- dump servicelink summary
- dump servicelink stats
- dump servicelink status
- dump site config
- dump snmpagent config
- dump snmpagent status
- dump software status
- dump spoke-ha config
- dump spoke-ha status
- dump standingalarms
- dump static-arp config
- dump static host config
- dump static routes
- dump support details
- dump-support
- dump switch fdb vlan-id
- dump switch port status
- dump switch vlan-db
- dump syslog config
- dump syslog-rtr stats
- dump syslog status
- dump time config
- dump time log
- dump time status
- dump troubleshoot message
- dump user-id agent config
- dump user-id agent statistics
- dump user-id agent status
- dump user-id agent summary
- dump user-id groupidx
- dump user-id group-mapping
- dump user-id ip-user-mapping
- dump user-id statistics
- dump user-id status
- dump user-id summary
- dump user-id useridx
- dump vlan member
- dump vpn count
- dump vpn ka all
- dump vpn ka summary
- dump vpn ka VpnID
- dump vpn status
- dump vpn summary
- dump vrf
- dump waninterface config
- dump waninterface summary
-
- inspect app-flow-table
- inspect app-l4-prefix lookup
- inspect app-map
- inspect certificate
- inspect certificate device
- inspect cgnxinfra role
- inspect connection
- inspect dhcplease
- inspect dhcp6lease
- inspect dpdk ip-rules
- inspect dpdk vrf
- inspect fib
- inspect fib-leak
- inspect flow-arp
- inspect flow brief
- inspect flow-detail
- inspect flow internal
- inspect interface stats
- inspect ipfix exporter-stats
- inspect ipfix collector-stats
- inspect ipfix app-table
- inspect ipfix wan-path-info
- inspect ipfix interface-info
- inspect ip-rules
- inspect ipv6-rules
- inspect lqm stats
- inspect memory summary
- inspect network-policy conflicts
- inspect network-policy dropped
- inspect network-policy hits policy-rules
- inspect network-policy lookup
- inspect performance-policy fec status
- inspect policy-manager status
- inspect policy-mix lookup-flow
- inspect priority-policy conflicts
- inspect priority-policy dropped
- inspect priority-policy hits default-rule-dscp
- inspect priority-policy hits policy-rules
- inspect priority-policy lookup
- inspect performance-policy incidents
- inspect performance-policy lookup
- inspect performance-policy hits analytics
- inspect process status
- inspect qos-bwc debug-state
- inspect qos-bwc queue-history
- inspect qos-bwc queue-snapshot
- inspect routing multicast fc site-iface
- inspect routing multicast interface
- inspect routing multicast mroute
- inspect security-policy lookup
- inspect security-policy size
- inspect switch mac-address-table
- inspect system arp
- inspect system ipv6-neighbor
- inspect system vrf
- inspect vrf
- inspect wanpaths
-
dump servicelink summary
Use the dump servicelink summary command
to display information on standard VPNs. Information includes the
name of the standard VPN, status, parent interface, extended state
of the VPN, IP addresses of the local and standard VPN endpoints,
Type (GRE or IPsec), and the IPsec profile.
Command
dump servicelink summary ( all | sltype=)
Options
| all | Enter all to display summary of all the standard VPNs. |
| sltype | Enter type to view the summary of all the standard VPNs matching the type. |
Command Notes
| Role | Super, Read Only, Monitor |
| Related Commands |
|
| Introduced in | Release 4.7.1 |
Example
dump servicelink summary all -------------- SERVICE LINKS ---------------------------------- Total : 2 TotalUP : 1 TotalDown : 1 --------------------------------------------------------------- SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile --------------------------------------------------------------- sl2 Gre down gre_keepalive_configured eth3 10.9.18.209 10.9.18.36 GRE N/A sl1 ubuntu up tunnel_up eth3 10.9.18.209 10.9.18.35 IPsec Ubuntu
dump servicelink summary all -------------- SERVICE LINKS ---------------------------------- Total : 2 TotalUP : 0 TotalDown : 2 --------------------------------------------------------------- Vrf SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile --------------------------------------------------------------- blue sl2 service_link-1709200539046021828 down peer_address_unresolved eth2 70.0.0.1 IPsec ZSCALER_IKEV2 green sl1 service_link-1704789489196015028 down proposal_mismatch_ike eth2 70.0.0.1 70.0.0.2 IPsec ZSCALER_IKEV2 dump servicelink summary sltype=ipsec -------------- SERVICE LINKS ---------------------------------- Total : 2 TotalUP : 0 TotalDown : 2 --------------------------------------------------------------- Vrf SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile --------------------------------------------------------------- green sl1 service_link-1704789489196015028 down retransmit_send eth2 70.0.0.1 255.255.255.0 IPsec ZSCALER_IKEV2 blue sl2 service_link-1709200539046021828 down peer_address_unresolved eth2 70.0.0.1 IPsec ZSCALER_IKEV2 dump servicelink summary sltype=gre -------------- SERVICE LINKS ---------------------------------- Total : 0 TotalUP : 0 TotalDown : 0 --------------------------------------------------------------- Vrf SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile ---------------------------------------------------------------
The ExtState in
the command output displays the status of the standard VPN. The
following table describes the various reasons for the VPN tunnel
down status:
| Extended State | Description |
|---|---|
| liveliness_failed | If the liveliness is configured and if probe does not get the response through the tunnel, the tunnel manager marks the tunnel down with the extended status as liveliness failed. |
| parent_no_ip | The underlay parent interface on which the standard VPN tunnel is configured does not have the IP address. |
| peer_address_unresolved | If there is no peer IP address to use. |
| invalid_service_endpoint | Service endpoint configured is not present. |
| peer_auth_failed | Peer authentication failed. |
| parse_error | If the control message parsing failed during tunnel bring up. |
| cert_expired | If the certificates are expired. |
| cert_revoked | If the certificates are revoked. |
| no_issuer_cert | No Issuer certificate found. |
| retransmit_send_timeout | If no response is seen from the remote. |
| proposal_mismatch_ike | Proposal mismatch in phase-1. |
| proposal_mismatch_child | Proposal mismatch in phase-2. |
| admin_down | Service link is admin down. |
| StandbySpoke | Spoke is Stand up. |
| bringup_wait | Scenarios to move to this state:
|
| bring up | When the config is complete and trying to bring up the connection. |
| hold_down | When the tunnel flaps 3 times with in 120 sec (2 min), we mark the tunnel to be in hold downstate. |
| internal_resource_unavailable | Parsing psk failed in tunnelmgr. |
| duplicate_endpoints | Already a tunnel is UP with the same Source and Remote IP. |
| local_auth_failed | Received authentication failed. |
| peer_auth_failed | Detected authentication failed. |
| parse_error | Parsing control message failed. |
| retransmit_send_timeout | No reply from peer retry in progress. |
| half_open_timeout | Timeout for negotiating child sa in phase2. |
| proposal_mismatch_ike | Phase1 proposal mismatch (ike). |
| proposal_mismatch_child | Phase2 proposal mismatch (ipsec). |
| transform_selector_mismatch | Phase2 selectors mismatch (ipsec). |
| install_child_sa_failed | Installing child sa failed. |
| install_child_policy_failed | Installing child policy failed. |
| authorization_failed | When explicit authorization rules are defiled (remote identity). |
| cert_expired | When the certificate is expired. |
| cert_revoked | Certificate is revoked. |
| no_issuer_cert | No issuer certificate found. |
| unique_replace | Session is uniquely identified uniquely. |
| unique_keep | Keep the session with unique ids. |
| vip_failure | Virtual interface creation failed. |
| retransmit_send | No reply from peer, hence retry in progress. |
| standby_spoke | Standby spoke. |
| lowerlayerdown | Lower layer is down. |
| liveliness_configured | When the tunnel comes up and if liveliness is configured. |
| tunnel_bringup_up_wait | When the tunnel is in bringup wait state. |
| tunnel_bringup | When the tunnel is in bringup state (loading the config to charon). |
| multiple_ike_session | When tunnel is reset because of multi ike. |
| invalid_auth_param | When the secret is invalid. |
| config_changed | Configuration was updated. |
| load_failed | Loading the configuration failed. |
| gre_keepalive_configured | GRE keepalive is configured. |