beautypg.com

Enabling in-flight encryption, Refer to – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 417

background image

WWN DId Name

-----------------------------------------------

10:00:00:05:1e:e5:cb:00 150 dcx_150

switch:admin> authutil --policy -sw active

Warning: Activating the authentication policy requires either DH-CHAP secrets or

PKI certificates depending on the protocol selected. Otherwise, ISLs will be

segmented during next E-port bring-up.

ARE YOU SURE (yes, y, no, n): [no] y

Auth Policy is set to ACTIVE

switch:admin> authutil --show

AUTH TYPE HASH TYPE GROUP TYPE

--------------------------------------

dhchap md5 4

Switch Authentication Policy: ACTIVE

Device Authentication Policy: OFF

For additional information about configuring DH-CHAP and FCAP authentication protocols, refer to

Authentication policy for fabric elements

on page 221.

Enabling in-flight encryption

Enable in-flight encryption to provide security for frames while they are in flight between two switches.
Frames are encrypted at the egress point of an ISL and then decrypted at the ingress point.

Enabling encryption is an offline event. Ports must be disabled first, and then re-enabled after.

Before performing this procedure, it is recommended that you check for port availability. Enabling
encryption fails if you try to exceed the number of allowable ports available for encryption or
compression on the ASIC. Refer to

Viewing the encryption and compression configuration

on page 414

for details.

You must also authenticate the port as described in

Configuring and enabling authentication for in-flight

encryption

on page 415.

1. Connect to the switch and log in using an account with secure admin permissions, or an account with

OM permissions for the EncryptionConfiguration RBAC class of commands.

2. Enter the portDisable command to disable the port on which you want to configure encryption.
3. Enter the portCfgEncrypt --enable command.

The following example enables encryption on port 15 of an FC16-32 blade in slot 9 of an enterprise
class platform:

switch:admin> portcfgencrypt --enable 9/15

4. Enter the portEnable command to enable the port.

After manually enabling the port, the new configuration becomes active.

The following example enables in-flight encryption on port 0.

switch:admin> portdisable 0

switch:admin> portcfgencrypt --enable 0

switch:admin> portenable 0

You can verify the configuration using the portCfgShow command.

switch:admin> portcfgshow 0

Area Number: 0

Octet Speed Combo: 3(16G,10G)

Enabling in-flight encryption

Fabric OS Administrators Guide

417

53-1003130-01

See also other documents in the category Brocade Computer Accessories: