Dell Brocade 300 Fabric OS Command Reference v7.1.0 - Page 508
Representation of IP addresses, secCertUtil, enable, disable, modify
View all Dell Brocade 300 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 508 highlights
2 ipSecConfig • Flush existing SAs from the kernel SA database (SADB). • Display policy parameters. NOTES OPERANDS Representation of IP addresses When configuring IPSec policies, IP addresses and ports must be specified in the following format: IP address IPv4 addresses are expressed in dotted decimal notation consisting of numeric characters (0-9) and periods (.), for example, 203.178.141.194. IPv6 address consist of hexadecimal digits (09afAF), colons (:) and a percent sign (%) if necessary, for example, 2001:200:0:8002:203:47ff:fea5:3085 network prefix A network prefix is represented by a number followed by a slash (/), for example, 1/0. IPSec configuration changes take effect upon execution and are persistent across reboot. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for details. This command does not provide IPSec protection for traffic flows on external management interfaces of intelligent blades in a chassis, nor does it support protection of traffic flows on FCIP interfaces. This command does not support manipulating preshared keys corresponding to the identity of the IKE peer or group of peers. Use secCertUtil to import, delete, or display the preshared keys in the local switch database. The MD5 hash algorithm is blocked when FIPS mode is enabled. Refer to the Examples section for specific use cases and associated command sequences. Refer to the Fabric OS Administrator's Guide for configuration procedures. This command accepts abbreviated operands. The abbreviated string must contain the minimum number of characters necessary to uniquely identify the operand within the set of available operands. This command has the following operands: --enable Enables IPSec on the switch. Existing IPSec configurations are enabled by this command. IPSec is disabled by default. It must be enabled before you can configure the policies and parameters. The following operand is optional: default Clears the existing policies (automatic key management and manual keyed entries) and resets the configuration databases to default values. --disable Disables IPSec on the switch. All active TCP sessions are terminated when you disable iPsec. --add | --modify Adds or modifies an IPSec or IKE policy in an existing enabled configuration. Not all parameters can be modified. Parameters that cannot be modified are indicated below. When modifying a policy the names and identifiers need to refer to valid existing entities. The syntax is as follows: --add | --modify type [subtype] [arguments] 480 Fabric OS Command Reference 53-1002746-01