HP StorageWorks 8/8 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01, - Page 436
IP address, network prefix, Using Fabric OS commands, Command, Availability
View all HP StorageWorks 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 436 highlights
2 ipsecConfig • Modify existing IPsec and IKE policies. • Delete existing policies and SAs from the configuration database. • Flush existing SAs from the kernel SA database (SADB). • Display policy parameters. Representation of IP addresses When configuring IPsec policies, IP addresses and ports must be specified in the following format: IP address IPv4 addresses are expressed in dotted decimal notation consisting of numeric characters (0-9) and periods (.), for example, 203.178.141.194. network prefix IPv6 address consist of hexadecimal digits (09afAF), colons (:) and a percent sign (%) if necessary, for example, 2001:200:0:8002:203:47ff:fea5:3085 A network prefix is represented by a number followed by a slash (/), for example: ::1/0. Notes IPsec configuration changes take effect upon execution and are persistent across reboot. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability" for details. This command does not provide IPsec protection for traffic flows on external management interfaces of intelligent blades in a chassis, nor does it support protection of traffic flows on FCIP interfaces. This command does not support manipulating pre-shared keys corresponding to the identity of the IKE peer or group of peers. Use secCertUtil to import, delete, or display the pre-shared keys in the local switch database. The MD5 hash algorithm is blocked when FIPS mode is enabled. Refer to the example section for specific use cases and associated command sequences. Refer to the Fabric OS Administrator's Guide for configuration procedures. This command accepts abbreviated operands. The abbreviated string must contain the minimum number of characters necessary to uniquely identify the operand within the set of available operands. Operands This command has the following operands: --enable Enables IPsec on the switch. Existing IPsec configurations are enabled by this command. IPsec is by default disabled. It must be enabled before you can configure the policies and parameters. The following operand is optional: default Clears the existing policies (automatic key management and manual keyed entries) and resets the configuration databases to default values. --disable Disables IPsec on the switch. All active TCP sessions are terminated when you disable iPsec. --add |--modify Adds or modifies an IPsec or IKE policy in an existing enabled configuration. Not all parameters can be modified. Parameters that cannot be modified are indicated below. When modifying a policy the names and identifiers need to refer to valid existing entities. The syntax is as follows: --add | --modify type [subtype] [arguments] 406 Fabric OS Command Reference 53-1001337-01