Dell POWEREDGE M1000E User Manual
Page 239
Fabric OS Command Reference
211
53-1002746-01
cryptoCfg
2
--modify -LUN
Modifies the encryption policies of one or more LUNs in a specified CTC. This
command is valid only on the group leader. The following operands are required
when modifying a LUN:
crypto_target_container_name
Specifies the name of the CTC to which the LUNs belong.
LUN_Num | range
Specifies the LUN number either as a 16-bit (2 bytes) number in hex notation (for
example, 0x07) or as a 64-bit (8 bytes) number in WWN format (for example,
0:07:00:00:00:00:00:00). The LUN number must be zero when a tape LUN is
specified and the tape drive is a single LUN device. When specifying a range, the
LUN numbers must be entered in the 16-bit hex format.
initiator_PWWN initiator_NWWN
Specifies the initiator by its port WWN and node WWN.
You may optionally modify the following LUN policy configuration parameters.
Refer to cryptocfg --add -LUN for descriptions of these parameters.
•
[-encryption_format native | DF_compatible]
•
[-encrypt | cleartext]
•
[-enable_encexistingdata | -disable_encexistingdata]
•
[-enablerekey time_period | -disable_rekey]
•
[-write_early_ack disable | enable]
•
[-read_ahead disable | enable]
Make sure you understand the ramifications of modifying LUN parameters (such
as changing the LUN policy from encrypt to cleartext) for devices that are online
and are already being utilized. The following restrictions apply when modifying
LUN policy parameters:
•
When you change LUN policy from encrypt to cleartext the following policy
parameters are restored to default (disabled): -enable_encexistingdata,
-enable_rekey, and -key_lifespan.
•
When changing the LUN policy back to encrypt, these parameters need to be
reconfigured. Attempting to reconfigure these parameters while the LUN
policy is set to cleartext is not permitted and generates an error.
•
For tape LUNs the -enable_encexistingdata and the -enable_rekey
operands are not valid and return an error when executed.
•
The -key_lifespan parameter cannot be modified for tape LUNs once it has
been set.
•
Exercise caution when modifying policy parameters while tape sessions are
in progress. For information on the impact of encryption policy changes while
tape sessions are in progress, refer to the Fabric OS Encryption
Administrator's Guide.
--remove -LUN
Removes a LUN from a specified CTC. You must stop all traffic to the LUN from all
initiators accessing the LUN you are removing from the CTC. Failure to do so
results in I/O failure between the initiators and the LUN. If the LUN is exposed with
different LUN Numbers to different initiators, all exposed LUN Numbers must be
removed. This command is valid only on the group leader. The following operands
are required when removing a LUN from a CTC:
crypto_target_container_name
Specifies the name of the CTC from which the LUN is to be removed.
LUN_Num
Specifies the number of the LUN to be removed. Use the --show -container
command for a list of LUN numbers associated with the specified CTC.