HP 8/20q HP StorageWorks Simple SAN Connection Manager User Guide (5697-0460, - Page 60

b. If you selected Static for Server Discovery, optionally enter up to three valid addresses in the DNS Server Address boxes. Use the DNS Search List to specify up to five DNS domain suffixes to be used by the DNS client when attempting to resolve a host name into an IP address. For example, if the DNS Search List includes a single domain name "servers.mycompany.com" and a client attempted to look up the host name "myhost," the DNS client will first request the IP address of the host name "myhost." If that fails, it will request the IP address of the host name, "myhost.servers.mycompany.com." 4. Under DNS Search List, complete the following: a. From the Search List Discovery list, select a method of assigning IP addresses: • Static-Select this option to manually configure the list of DNS domain suffixes to be searched. • DHCP-Select this option to use Dynamic Host Configuration Protocol for IPv4. DHCP allows the switch to dynamically receive an IP address from a pool of addresses, instead of requiring it to have a static IP address. DHCP can also be used to distribute information that is not otherwise discoverable; for example, the DNS domain used for name resolution. (If you select DHCP, the Search List Domain Name boxes become unavailable.) • DHCPv6-Select this option to use Dynamic Host Configuration Protocol for IPv6. DHCPv6 can be used to statefully assign addresses if the network administrator needs more control over addressing. DHCPv6 can also be used to distribute information that is not otherwise discoverable; for example, the DNS domain used for name resolution. (If you select DHCPv6, the Search List Domain Name boxes become unavailable.) b. If you selected Static for Search List Discovery, optionally enter up to five valid domain names in the Search List Domain Name boxes. 5. To save your changes to the switch DNS properties and close this dialog box, click OK. To close this dialog box without making changes, click Cancel. Setting switch IP security Network Internet Protocol security (IPsec) provides encryption-based security for IP version 4 (IPv4) and IP version 6 (IPv6) communications through the use of security policies and associations. Secure Sockets Layer (SSL) must be enabled before IP security can be configured. IMPORTANT: IP security configurations can be complex. It is possible to unintentionally configure policies and associations that isolate a switch from all communication. If this happens, you can disable IP security by placing the switch in maintenance mode, and correct the problem through the serial port interface. Simple SAN Connection Manager provides the IPsec Configuration dialog box to help you configure IPsec, which is used to encrypt and authenticate IPv4 and IPv6 packets. Use the IPsec Configuration dialog box to create, edit, delete, copy, and paste IPsec associations (see "Managing security associations," page 60) and IPsec policies (see "Managing security policies," page 65). Managing security associations A security association defines the encryption algorithm and encryption key to apply when called by a security policy. A security policy may call several associations at different times, but each association is related to only one policy. The security association database (SAD) is the set of all security associations. This section provides the following procedures for managing IPsec associations: • "Creating an IPsec association," page 61 • "Editing an IPsec association," page 64 • "Deleting an IPsec association," page 64 • "Copying and pasting IPsec associations," page 64 60 Managing Switches