Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 206

background image

176

Fabric OS Command Reference

53-1003131-01

cryptoCfg

2

Group-wide policy configuration.

Zeroization of all critical security parameters on the local encryption switch or blade.

Certificate display and management.

Display of the local encryption engine status.

Rebalancing of disk and tape LUNS for optimized performance.

Configuring and running key vault diagnostics.

Use the --show -localEE command to display encryption engine configuration parameters pertaining to
the local node. The command displays the following information:

EE Slot: Encryption engine slot number.

SP state: Security processor state. For a complete listing of SP states, refer to the Fabric OS
Encryption Administrator's Guide
, Appendix A.

Current master key ID (or primary link key ID) - Key ID or zero if not configured.

Alternate master key ID (or secondary link key- Key ID or zero if not configured.

HA cluster name to which this EE belongs, or "No HA cluster membership".

EE Attributes: The following attributes are displayed:

-

Link IP Address: Link IP address

-

Link GW IP Address: Link gateway W IP address

-

Link Net Mask: Link net mask

-

Link MAC Address: Link MAC address

-

Link MTU: The maximum transmission unit of the link

-

Link State: DOWN unless the EE is part of an HA cluster

-

Route Mode: Always "shared;" this parameter is not configurable

-

Media Type: TAPE, DISK, DISK/TAPE, or NOT DEFINED

-

Rebalance Recommended: No, Yes, or EE Busy (unspecified, try again to determine rebalance
recommendation)

-

System Card Label: Displayed only if a system card is registered

-

System Card CID: Displayed only if a system card is registered.

Remote EE Reachability: If the EE is part of an encryption group, the following information is displayed
for the peer. Node WWN/Slot, EE IP Address, EE State, and IO Link State. On a chassis with multiple
encryption blades, remote reachability information is displayed for all encryption groups.

NOTES

The initial setup includes preparatory steps that are outside the scope of the cryptoCfg command. For
preinitialization procedures, refer to the Fabric OS Encryption Administrator's Guide.

OPERANDS

The cryptoCfg node initialization and configuration function has the following operands:

--help -nodecfg

Displays the synopsis for the node initialization and configuration function. This
command is valid on all nodes.

--initnode

Initializes the node to prepare for the configuration of encryption options.
Initialization must be performed on every node before configuration options may
be set and encryption may be enabled.

This command prompts for confirmation, because the --initnode function
overwrites any previously generated identification or authentication data on the
node. Successful execution generates the node CP certificate, the key
authentication center (KAC) certificate, the FIPS Crypto Officer, and the FIPS
User key pairs.