Management lan configuration, Configuring cluster links – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

118

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Management LAN configuration

3

Display the synopsis of hacluster parameter configuration.

--help -devicecfg:

Display the synopsis of device container parameter configuration.

--help -transcfg:

Display the synopsis of transaction management.

switch:admin> cryptocfg --help -nodecfg

Usage: cryptocfg

--help -nodecfg:

Display the synopsis of node parameter configuration.

--initnode:

Initialize the node for configuration of encryption options.

--initEE []:

Initialize the specified encryption engine.

--regEE []:

Register a previously initialized encryption blade.

--reg -membernode :

Register a member node with the system.

--reg -groupleader :

Register a group leader node with the system.

(output truncated)

Management LAN configuration

Each encryption switch has one GbE management port. In the case of a DCX Backbone chassis
with FS8-18 blades installed, management ports are located on the CP blades. The management
port IP address is normally set as part of the hardware installation. A static IP address should be
assigned. To eliminate DNS traffic and potential security risks related to DHCP, DHCP should not be
used.

For encryption switches and blades, the management port is used to communicate with a key
management system, and a secure connection must be established between the management
port and the key management system. All switches you plan to include in an encryption group must
be connected to the key management system. Only IPv4 addressing is currently supported. All
nodes, including the key management system, must use the same version of IP addressing.

Configuring cluster links

Each encryption switch or FS8-18 blade has two gigabit Ethernet ports labeled Ge0 and Ge1. The
Ge0 and Ge1 ports connect encryption switches and FS8-18 blades to other encryption switches
and FS8-18 blades. These two ports are bonded together as a single virtual network interface. Only
one IP address is used. The ports provide link layer redundancy, and are collectively referred to as
the cluster link.

NOTE

Do not confuse the gigabit Ethernet ports with the management and console ports, which are also
RJ-45 ports located close to the gigabit Ethernet ports.

All encryption switches or blades in an encryption group must be interconnected by their cluster
links through a dedicated LAN. Both ports of each encryption switch or blade must be connected to
the same IP network and the same subnet. Static IP addresses should be assigned. Neither VLANs
nor DHCP should be used.