beautypg.com

Management interface security, Table 55 – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 244

background image

Examples of strict fabric merges (Continued)

TABLE 54

Fabric-wide consistency policy setting

Expected behavior

DCC:S

Strict/Strict

SCC:S

DCC:S

Table 55

has a matrix of merging fabrics with tolerant and absent policies.

Fabric merges with tolerant and absent combinations

TABLE 55

Fabric-wide consistency policy setting Expected behavior

Fabric A

Fabric B

Tolerant/Absent

SCC;DCC

Error message logged.

Run the fddCfg command with the --fabwideset "policy_ID" from any
switch with the desired configuration to fix the conflict. The
secPolicyActivate command is blocked until conflict is resolved.

DCC

SCC;DCC

SCC

DCC

SCC

Management interface security

You can secure an Ethernet management interface between two Brocade switches or Backbones by
implementing IPsec and IKE policies to create a tunnel that protects traffic flows. While the tunnel
must have a Brocade switch or Backbone at each end, there may be routers, gateways, and firewalls
in between the two ends.

ATTENTION

Enabling secure IPsec tunnels does not provide IPsec protection for traffic flows on the external
management interfaces of intelligent blades in a chassis, nor does it support protection of traffic flows
on FCIP interfaces.

Internet Protocol security (IPsec) is a framework of open standards that ensures private and secure
communications over Internet Protocol (IP) networks through the use of cryptographic security
services. The goal of IPsec is to provide the following capabilities:

Authentication -- Ensures that the sending and receiving end-users and devices are known and

trusted by one another.

Data Integrity -- Confirms that the data received was in fact the data transmitted.
Data Confidentiality -- Protects the user data being transmitted, such as utilizing encryption to

avoid sending data in clear text.

Replay Protection -- Prevents replay attack in which an attacker resends previously-intercepted

packets in an effort to fraudulently authenticate or otherwise masquerade as a valid user.

Automated Key Management --Automates the process, as well as manages the periodic

exchange and generation of new keys.

Management interface security

244

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: