show security flow cp-session
Syntax
show security flow cp-session [<filter>] [summary | terse]<node (node-id| all | local | primary)>
Description
Display central point session-related flow information. This command is supported on the SRX5800, SRX5600, and SRX5400 devices.
Options
conn-tag—Session connection tag (0..4294967295)destination-port—Destination port (1..65535)destination-prefix—Destination prefixfamily—Display session by family.logical-system—Logical-system namenode—(Optional) For chassis cluster configurations, display security flow cp-session information on a specific node (device) in the cluster.node-id—Identification number of the node. It can be 0 or 1.all—Display information about all nodes.local—Display information about the local node.primary—Display information about the primary node.
protocol—IP protocol numberroot-logical-system—Root logical-system (default)source-port—Source port (1..65535)source-prefix—Source IP prefix or addresssummary | terse–Display the specified level of output.
Required Privilege Level
view
Output Fields
Table 1 lists the
output fields for the show security flow cp-session command.
Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
Valid gates |
Number of valid central point sessions. |
Pending gates |
Number of pending central point sessions. |
Invalidated gates |
Number of invalid central point sessions. |
Gates in other states |
Number of central point sessions in other states. |
Total gates |
Number of central point sessions in total. |
Maximum sessions |
Number of maximum central point sessions. |
Maximum inet6 sessions |
Number of maximum inet6 central point sessions. |
Session ID |
Number that identifies the session. Use this ID to get more information about the session. |
Conn Tag |
A 32-bit connection tag that uniquely identifies the GPRS tunneling protocol, user plane (GTP-U) and the Stream Control Transmission Protocol (STCP) sessions. The connection tag for GTP-U is the tunnel endpoint identifier (TEID) and for SCTP is the vTag. The connection ID remains 0 if the connection tag is not used by the sessions. |
SPU |
Services Processing Unit. |
In |
Incoming flow (source and destination IP addresses). |
Out |
Reverse flow (source and destination IP addresses). |
Sample Output
show security flow cp-session
root> show security flow cp-session DCP Flow Sessions on FPC0 PIC0: Total sessions: 0 DCP Flow Sessions on FPC0 PIC1: Session ID: 10320276, SPU: 1, Valid In: 203.0.113.1/1000 --> o 203.0.113.2/2000;udp, Conn Tag: 0x0, Out: 0.0.0.0/0 --> 0.0.0.0/0;0, Conn Tag: 0x0, Total sessions: 1
Sample Output
show security flow cp-session summary
root> show security flow cp-session summary DCP Flow Sessions on FPC10 PIC0: Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 DCP Flow Sessions on FPC10 PIC1: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Maximum sessions: 7549747 Maximum inet6 sessions: 7549747 DCP Flow Sessions on FPC10 PIC2: Valid sessions: 2 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 2 Maximum sessions: 7549747 Maximum inet6 sessions: 7549747 DCP Flow Sessions on FPC10 PIC3: Valid sessions: 1 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 1 Maximum sessions: 7549747 Maximum inet6 sessions: 7549747
show security flow cp-session terse
root> show security flow cp-session terse DCP Flow Sessions on FPC0 PIC1: Session ID: 10000038, SPU: 1, Valid In: 203.0.113.6/1 --> 198.51.100.13/1;pim, Conn Tag: 0x0, Out: 198.51.100.13/1 --> 203.0.113.6/1;pim, Conn Tag: 0x0, Total sessions: 1
Release Information
Command introduced in Junos OS Release 10.2. Support.