beautypg.com

Crypto – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 596

background image

Brocade Mobility RFS Controller CLI Reference Guide

583

53-1003098-01

7

crypto

Profile Config Commands

Use the crypto command to define a system-level local ID for Internet Security Association and Key
Management Protocol (ISAKMP) negotiation and to enter the ISAKMP policy, ISAKMP client, or
ISAKMP peer command set.

The following table summarizes crypto configuration commands.

crypto

crypto

Use the crypto command to define a system-level local ID for ISAKMP negotiation and enter the
ISAKMP policy, ISAKMP client, or ISAKMP peer configuration mode.

A crypto map entry is a single policy that describes how certain traffic is secured. There are two
types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used
to sort the ordered list).

When a non-secured packet arrives on an interface, the crypto map associated with that interface
is processed (in order). If a crypto map entry matches the non-secured traffic, the traffic is
discarded.

When a packet is transmitted on an interface, the crypto map associated with that interface is
processed. The first crypto map entry that matches the packet is used to secure the packet. If a
suitable SA exists, it is used for transmission. Otherwise, IKE is used to establish a SA with the peer.
If no SA exists (and the crypto map entry is “respond only”), the packet is discarded.

When a secured packet arrives on an interface, its Security Parameter Index (SPI) is used to look
up a SA. If a SA does not exist (or if the packet fails any of the security checks), it is discarded. If all
checks pass, the packet is forwarded normally.

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Command

Description

Reference

crypto

Invokes commands used to configure ISAKMP policy, iSAKMP client, and ISAKMP peer

page 7-583

crypto-auto-ipsec-tunn
el commands

Creates an auto IPSec VPN tunnel and changes the mode to auto-ipsec-secure mode for
further configuration

page 588

crypto-ikev1/ikev2-poli
cy commands

Configures crypto IKEv1/IKEv2 policy parameters

page 595

crypto-ikev1/ikev2-pe
er commands

Configures IKEv1 peer parameters

page 601

crypto-map-config-co
mmands

Configures crypto map parameters

page 607

crypto-remote-vpn-clie
nt commands

Configures remote VPN client settings

page 627

See also other documents in the category Brocade Computer Accessories: