HP StorageWorks 2/32 Brocade Fabric OS Command Reference Manual (53-1000240-01 - Page 460
policy, Synopsis, Description, Operands, Optional
View all HP StorageWorks 2/32 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 460 highlights
2 Note: Enter commands in lowercase only; mixed case is for readability. policy policy Displays or modifies the encryption and authentication algorithms for security policies. Synopsis policy option type number [--enc method] [--auth algorithm] [--pfs value] [--dh group] [--seclife seconds] Description Use this command to display or modify the encryption and authentication algorithms for security policies. You can configure a maximum of 32 Internet key exchange (IKE) and 32 Internet protocol security (IPSec) policies. Each FCIP tunnel is configured separately and might have the same or different IKE and IPSec policies. Policies cannot be altered. To change the parameters associated with a current IKE or IPSec policy, that policy needs to be deleted and re-created with new parameters. A policy cannot be deleted while an active FCIP tunnel is using it. Operands option type number Specifies the action to take. Actions include: --create Creates the policy. --delete Deletes the policy. --show Displays the policy. Specifies the policy type. Types include: --ike Internet key exchange. --ipsec Internet protocol security. Specifies the numeric ID of the policy. Valid values are 1 to 32, and ALL with the --show option. Optional --enc method Operands --auth algorithm --pfs value --dh group --seclife seconds Specifies the encryption algorithm. The default is AES-128. Methods include: 3DES Triple data encryption standard, 192-bit key. AES-128 Advanced encryption standard, 128-bit key. AES-256 Advanced encryption standard, 256-bit key. Specifies the authentication algorithm. The default is SHA-1. Algorithms include: SHA-1 Secure hash algorithm. MD5 Message digest 5 AES-XCBC Advanced encryption standard. Valid only wiht IPSec. Specifies the perfect forward secrecy. This operand is valid only with IKE policies. Values are on (default) or off. Specifies the Diffie-Hellman group used in PFS negotiation. This operand is valid only with IKE policies. The default is 1. Values include: 1 Fastest as it uses 768 bit values, but least secure. 14 Slowest as it uses 2048 bit values, but most secure. Security association lifetime in seconds. A new key is renegotiated before seconds expires. seconds must be between 28800 to 250000000 or 0. The default is 28800. 2-426 Fabric OS Command Reference Manual Publication Number: 53-1000240-01