Home » Dell Manuals » Hubs & Switches » Dell Brocade G620 » Manual Viewer

Dell Brocade G620 Brocade 8.0.1 Fabric OS Command Reference - Page 480

To display the IPSec IKE Policy, Example 4, ipsecConfig --show manual-sa -a, IPSec display commands

Add to My Manuals
Save this manual to your list of manuals

Page 480 highlights

ipSecConfig 456 Example 4 The following example illustrates how to secure traffic between two systems using protection with MD5 and Manually keyed SAs. The two systems are a switch, the BROCADE300 (IPv4 address 10.33.74.13), and an external UNIX host (IPv4 address 10.33.69.132). 1. On the system console, log in to the switch as Admin and enable IPSec. switch:admin> ipsecconfig --enable 2. Create an IPSec Manual SA that uses AH protection with MD5 for outbound traffic: switch:admin> ipsecconfig --add manual-sa -spi 0x300 \ -l 10.33.74.13 -r 10.33.69.132 -p any -d out -m transport \ -ipsec ah -ac protect -auth hmac_md5 \ -auth-key "TAHITEST89ABCDEF" 3. Create an SA for inbound traffic. switch:admin> ipsecconfig --add manual-sa -spi 0x200 \ -l 10.33.69.132 -r 10.33.74.13 -p any -d in \ -m transport -ipsec ah -ac protect -auth hmac_md5 \ -auth-key "TAHITEST89ABCDEF" 4. Verify the SAs using ipsecConfig --show manual-sa -a. Refer to the IPSec display commands section for an example. 5. Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to your server administration guide for instructions. IPSec display commands To display the IPSec IKE Policy: switch:admin> ipsecconfig --show policy ike -a IKE-01 version:ikev2 remote:10.33.69.132 local-id:10.33.74.13 remote-id:10.33.69.132 encryption algorithm: 3des_cbc hash algorithm: hmac_md5 prf algorithm: hmac_md5 dh group: 2 1 auth method:rsasig public-key:"/etc/fabos/certs/sw0/thawkcert.pem" private-key:"/etc/fabos/certs/sw0/thawkkey.pem" peer-public-key:"/etc/fabos/certs/sw0/spiritcert.pem To display the outbound and inbound SAs in the kernel SA database: switch:admin> ipsecconfig --show manual-sa -a 10.33.69.132[0] 10.33.74.13[0] ah mode=transport spi=34560190(0x020f58be) reqid=0(0x00000000) A: hmac-md5 7e5aeb47 e0433649 c1373625 34a64ece seq=0x00000000 replay=32 flags=0x00000000 state=mature created: Oct 15 23:34:55 2008 current: Oct 15 23:35:06 2008 diff: 11(s) hard: 2621440(s) soft: 2100388(s) last: Oct 15 23:34:56 2008 hard: 0(s) soft: 0(s) current: 256(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 4 hard: 0 soft: 0 sadb_seq=1 pid=10954 refcnt=0 Brocade Fabric OS Command Reference 53-1004112-02

Section	Page
Contents	3
Preface	15
Document conventions	15
Text formatting conventions	15
Command syntax conventions	15
Notes, cautions, and warnings	16
Brocade resources	16
Contacting Brocade Technical Support	16
Brocade customers	17
Brocade OEM customers	17
Document feedback	17
About this Document	19
Supported hardware	19
Brocade Gen 5 platform (16-Gbps) fixed-port switches	19
Brocade Gen 5 platform (16-Gbps) DCX Directors	19
Brocade Gen 6 platform (32-Gbps) fixed-port switches	20
Brocade Gen 6 platform (32-Gbps) Directors	20
What is new in this document	20
Changes made for the initial release (53-1004112-01)	20
Changes made for this release (53-1004112-02)	23
CLI usage conventions	24
Using Fabric OS Commands	25
Using the command line interface	25
Understanding Role-Based Access Control	25
Encryption commands and permissions	26
Understanding Virtual Fabric restrictions	27
Determining RBAC permissions for a specific command	27
Fabric OS Commands	29
aaaConfig	29
ad	36
ag	46
agAutoMapBalance	69
agShow	72
aliAdd	75
aliCreate	76
aliDelete	77
aliRemove	78
aliShow	79
appLoginHistory	81
aptPolicy	83
auditCfg	86
auditDump	88
authUtil	90
bannerSet	95
bannerShow	96
bcastShow	97
bladeCfgGeMode	98
bladeDisable	100
bladeEnable	102
bladeSwap	104
bootLunCfg	105
bufOpMode	107
cfgActvShow	111
cfgAdd	112
cfgClear	113
cfgCreate	114
cfgDelete	115
cfgDisable	116
cfgEnable	117
cfgRemove	119
cfgSave	120
cfgShow	122
cfgSize	126
cfgTransAbort	128
cfgTransShow	129
chassisBeacon	131
chassisCfgPerrThreshold	133
chassisDisable	135
chassisDistribute	136
chassisEnable	139
chassisName	140
chassisShow	141
classConfig	143
cliHistory	147
configDefault	149
configDownload	151
configList	158
configRemove	159
configShow	160
configUpload	164
configure	169
configureChassis	181
creditRecovMode	185
dataTypeShow	190
date	191
dbgShow	193
defZone	194
diagClearError	196
diagDisablePost	197
diagEnablePost	198
diagHelp	199
diagPost	200
diagRetry	201
diagShow	202
diagStatus	203
distribute	204
dlsReset	206
dlsSet	207
dlsShow	212
dnsConfig	213
enclosureShow	215
errClear	217
errDelimiterSet	218
errDump	219
errFilterSet	224
errModuleShow	225
errShow	226
ethIf	230
exit	234
extnCfg	235
fabRetryShow	237
fabRetryStats	239
fabricLog	241
fabricName	245
fabricPrincipal	247
fabricShow	250
fabStatsShow	253
fanDisable	255
fanEnable	256
fanShow	257
faPwwn	258
fastBoot	265
fcipHelp	267
fcipLedTest	268
fcipPathTest	269
fcPing	271
fcpLogClear	279
fcpLogDisable	280
fcpLogEnable	281
fcpLogShow	282
fcpProbeShow	283
fcpRlsProbe	285
fcpRlsShow	287
fcrBcastConfig	289
fcrConfigure	291
fcrEdgeShow	294
fcrFabricShow	296
fcrIclPathBWMonitor	298
fcrLsan	300
fcrLsanCount	303
fcrLsanMatrix	304
fcrPhyDevShow	310
fcrProxyConfig	312
fcrProxyDevShow	314
fcrResourceShow	316
fcrRouterPortCost	318
fcrRouteShow	320
fcrXlateConfig	322
fddCfg	326
fdmiCacheShow	328
fdmiShow	329
femDump	332
ficonCfg	334
ficonClear	336
ficonCupSet	337
ficonCupShow	340
ficonHelp	343
ficonShow	344
fipsCfg	353
firmwareActivate	358
firmwareCheck	359
firmwareCleanInstall	360
firmwareCommit	362
firmwareDownload	363
firmwareDownloadStatus	368
firmwareKeyShow	370
firmwareRestore	371
firmwareShow	372
firmwareSync	374
flow	375
fosConfig	397
fosExec	400
frameLog	404
fspfShow	409
gePortErrShow	412
h	413
haDisable	414
haDump	415
haEnable	417
haFailover	418
haReboot	419
haRedundancy	420
haShow	422
haSyncStart	424
haSyncStop	425
help	426
historyLastShow	428
historyMode	430
historyShow	431
i	433
iflShow	435
interfaceShow	437
iodReset	444
iodSet	445
iodShow	446
ipAddrSet	447
ipAddrShow	454
ipFilter	458
ipSecConfig	464
islShow	483
itemList	486
killTelnet	488
ldapCfg	489
lfCfg	491
licenseAdd	496
licenseIdShow	497
licensePort	498
licenseRemove	501
licenseShow	503
licenseSlotCfg	506
linkCost	509
logicalGroup	512
login	516
logout	517
lsanZoneShow	518
lsCfg	521
lsDbShow	528
mapsConfig	532
mapsDb	537
mapsHelp	543
mapsPolicy	544
mapsRule	548
mapsSam	561
memShow	563
motd	564
msCapabilityShow	565
msConfigure	566
msPlatShow	568
msPlatShowDBCB	569
msPlClearDB	570
msPlMgmtActivate	571
msPlMgmtDeactivate	572
msTdDisable	573
msTdEnable	574
msTdReadConfig	575
myId	576
nbrStateShow	577
nbrStatsClear	580
nodeFind	582
nsAliasShow	584
nsAllShow	589
nsCamShow	590
nsDevLog	594
nsShow	597
nsZoneMember	602
nsZoneShow	606
openSource	608
passwd	609
passwdCfg	613
pathInfo	620
pdShow	628
portAddress	629
portAlpaShow	632
portBeacon	633
portBufferCalc	635
portBufferShow	637
portCamShow	640
portCfg	642
portCfgAlpa	675
portCfgAutoDisable	676
portCfgCompress	680
portCfgCreditRecovery	682
portCfgDefault	683
portCfgDPort	684
portCfgEncrypt	687
portCfgEport	689
portCfgEportCredits	691
portCfgEXPort	693
portCfgFaultDelay	697
portCfgFec	700
portCfgFillword	706
portCfgFlogiLogout	709
portCfgFportBuffers	710
portCfgGE	711
portCfgGeMediaType	714
portCfgGport	716
portCfgISLMode	717
portCfgLongDistance	719
portCfgLossTov	723
portCfgLport	725
portCfgNonDfe	727
portCfgNPIVPort	730
portCfgNPort	734
portCfgOctetSpeedCombo	736
portCfgPersistence	738
portCfgPersistentDisable	740
portCfgPersistentEnable	743
portCfgQoS	746
portCfgShow	749
portCfgSpeed	763
portCfgTdz	766
portCfgTrunkPort	768
portCfgVEXPort	769
portChannelShow	772
portCmd	774
portDebug	786
portDecom	787
portDisable	788
portDPortTest	791
portEnable	800
portEncCompShow	802
portErrShow	804
portFlagsShow	807
portLedTest	809
portLogClear	811
portLogConfigShow	812
portLogDisable	813
portLogDump	814
portLogDumpPort	816
portLogEnable	817
portLogEventShow	818
portLoginShow	819
portLogPdisc	821
portLogReset	822
portLogResize	823
portLogShow	824
portLogShowPort	831
portLogTypeDisable	832
portLogTypeEnable	833
portLoopbackTest	834
portName	838
portPeerBeacon	841
portPerfShow	844
portRouteShow	848
portShow	850
portStats64Show	913
portStatsClear	918
portStatsShow	920
portSwap	928
portSwapDisable	930
portSwapEnable	931
portSwapShow	932
portTest	933
portTestShow	937
portTrunkArea	940
portZoneShow	946
powerOffListSet	947
powerOffListShow	949
psShow	951
rasAdmin	952
rasMan	955
reboot	957
relayConfig	959
roleConfig	961
rootAccess	964
routeHelp	966
rtLogTrace	967
sddQuarantine	968
secActiveSize	970
secAuthSecret	971
secCertUtil	973
secCryptoCfg	984
secDefineSize	990
secGlobalShow	991
secHelp	993
secPolicyAbort	994
secPolicyActivate	995
secPolicyAdd	996
secPolicyCreate	999
secPolicyDelete	1003
secPolicyDump	1005
secPolicyFCSMove	1008
secPolicyRemove	1010
secPolicySave	1012
secPolicyShow	1013
secStatsReset	1015
secStatsShow	1017
sensorShow	1019
serDesTuneMode	1020
setContext	1023
setDbg	1024
setVerbose	1025
sfpShow	1026
shellFlowControlDisable	1037
shellFlowControlEnable	1038
slotPowerOff	1039
slotPowerOn	1040
slotShow	1041
snmpConfig	1046
snmpTraps	1060
spinFab	1063
sshUtil	1067
statsClear	1073
stopPortTest	1074
supportFfdc	1075
supportFtp	1076
supportInfoClear	1078
supportSave	1079
supportShow	1083
supportShowCfgDisable	1086
supportShowCfgEnable	1088
supportShowCfgShow	1090
switchBeacon	1092
switchCfgPersistentDisable	1094
switchCfgPersistentEnable	1095
switchCfgSpeed	1096
switchCfgTrunk	1098
switchDisable	1099
switchEnable	1100
switchName	1101
switchShow	1103
switchUptime	1121
switchViolation	1122
syslogAdmin	1123
sysShutDown	1126
tempShow	1128
timeOut	1130
topologyShow	1131
traceDump	1135
trunkDebug	1138
trunkShow	1139
tsClockServer	1143
tsTimeZone	1145
turboRamTest	1149
upTime	1151
uRouteShow	1152
usbStorage	1154
userConfig	1156
version	1163
wwn	1164
wwnAddress	1166
wwnRecover	1169
zone	1171
zoneAdd	1183
zoneCreate	1185
zoneDelete	1188
zoneHelp	1189
zoneObjectCopy	1190
zoneObjectExpunge	1191
zoneObjectRename	1193
zoneObjectReplace	1194
zoneRemove	1196
zoneShow	1198
Primary FCS Commands	1205
Primary FCS commands	1205
Command Availability	1207
Command validation checks	1207

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1,000
1,001
1,002
1,003
1,004
1,005
1,006
1,007
1,008
1,009
1,010
1,011
1,012
1,013
1,014
1,015
1,016
1,017
1,018
1,019
1,020
1,021
1,022
1,023
1,024
1,025
1,026
1,027
1,028
1,029
1,030
1,031
1,032
1,033
1,034
1,035
1,036
1,037
1,038
1,039
1,040
1,041
1,042
1,043
1,044
1,045
1,046
1,047
1,048
1,049
1,050
1,051
1,052
1,053
1,054
1,055
1,056
1,057
1,058
1,059
1,060
1,061
1,062
1,063
1,064
1,065
1,066
1,067
1,068
1,069
1,070
1,071
1,072
1,073
1,074
1,075
1,076
1,077
1,078
1,079
1,080
1,081
1,082
1,083
1,084
1,085
1,086
1,087
1,088
1,089
1,090
1,091
1,092
1,093
1,094
1,095
1,096
1,097
1,098
1,099
1,100
1,101
1,102
1,103
1,104
1,105
1,106
1,107
1,108
1,109
1,110
1,111
1,112
1,113
1,114
1,115
1,116
1,117
1,118
1,119
1,120
1,121
1,122
1,123
1,124
1,125
1,126
1,127
1,128
1,129
1,130
1,131
1,132
1,133
1,134
1,135
1,136
1,137
1,138
1,139
1,140
1,141
1,142
1,143
1,144
1,145
1,146
1,147
1,148
1,149
1,150
1,151
1,152
1,153
1,154
1,155
1,156
1,157
1,158
1,159
1,160
1,161
1,162
1,163
1,164
1,165
1,166
1,167
1,168
1,169
1,170
1,171
1,172
1,173
1,174
1,175
1,176
1,177
1,178
1,179
1,180
1,181
1,182
1,183
1,184
1,185
1,186
1,187
1,188
1,189
1,190
1,191
1,192
1,193
1,194
1,195
1,196
1,197
1,198
1,199
1,200
1,201
1,202
1,203
1,204
1,205
1,206
1,207
1,208
1,209
1,210
1,211
1,212
1,213
1,214
1,215
1,216
1,217
1,218

Match case Limit results 1 per page

456

Brocade Fabric OS Command Reference

53-1004112-02

ipSecConfig

Example 4

The following example illustrates how to secure traffic between two systems using protection with MD5 and

Manually keyed SAs. The two systems are a switch, the BROCADE300 (IPv4 address 10.33.74.13), and an

external UNIX host (IPv4 address 10.33.69.132).

On the system console, log in to the switch as Admin and enable IPSec.

switch:admin>

ipsecconfig --enable

Create an IPSec Manual SA that uses AH protection with MD5 for outbound traffic:

switch:admin>

ipsecconfig --add manual-sa -spi 0x300

-l 10.33.74.13 -r 10.33.69.132 -p any -d out -m transport

-ipsec ah -ac protect -auth hmac_md5

-auth-key "TAHITEST89ABCDEF"

Create an SA for inbound traffic.

switch:admin>

ipsecconfig --add manual-sa -spi 0x200

-l 10.33.69.132 -r 10.33.74.13 -p any -d in

-m transport -ipsec ah -ac protect -auth hmac_md5

-auth-key "TAHITEST89ABCDEF"

Verify the SAs using

ipsecConfig --show manual-sa -a

. Refer to the IPSec display commands section for an

example.

Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to your server

administration guide for instructions.

IPSec display commands

To display the IPSec IKE Policy:

switch:admin>

ipsecconfig --show policy ike -a

IKE-01

version:ikev2 remote:10.33.69.132

local-id:10.33.74.13

remote-id:10.33.69.132

encryption algorithm: 3des_cbc

hash algorithm: hmac_md5

prf algorithm: hmac_md5

dh group: 2 1

auth method:rsasig

public-key:"/etc/fabos/certs/sw0/thawkcert.pem"

private-key:"/etc/fabos/certs/sw0/thawkkey.pem"

peer-public-key:"/etc/fabos/certs/sw0/spiritcert.pem

To display the outbound and inbound SAs in the kernel SA database:

switch:admin>

ipsecconfig --show manual-sa -a

10.33.69.132[0] 10.33.74.13[0]

ah mode=transport spi=34560190(0x020f58be) reqid=0(0x00000000)

A: hmac-md5

7e5aeb47 e0433649 c1373625 34a64ece

seq=0x00000000 replay=32 flags=0x00000000 state=mature

created: Oct 15 23:34:55 2008

current: Oct 15 23:35:06 2008

diff: 11(s)

hard: 2621440(s)

soft: 2100388(s)

last: Oct 15 23:34:56 2008

hard: 0(s)

soft: 0(s)

current: 256(bytes)

hard: 0(bytes)

soft: 0(bytes)

allocated: 4

hard: 0 soft: 0

sadb_seq=1 pid=10954 refcnt=0