Ipsecconfig – Dell POWEREDGE M1000E User Manual
Page 465
Fabric OS Command Reference
433
53-1001764-02
ipSecConfig
2
ipSecConfig
Configures Internet Protocol security (IPSec) policies for Ethernet management interfaces.
Synopsis
ipsecconfig --enable [default] --disable
ipsecconfig --add | --modify type [subtype] [arguments]
ipsecconfig --delete [type] arguments
ipsecconfig --flush manual-sa
ipsecconfig --show type [subtype] arguments
ipsecconfig --help [command type subtype]
Description
Use this command to configure the Internet Protocol Security (IPSec) feature for traffic flows on
switch Ethernet management interfaces, or to display the current configuration.
Internet Protocol security (IPSec) is a framework of open standards that provides private, secure
communication over Internet Protocol (IP) networks through the use of cryptographic security
services.
IPSec uses different protocols to ensure the authentication, integrity, and confidentiality of the
communication.
•
Encapsulating Security Payload (ESP) provides confidentiality, data integrity and data source
authentication of IP packets, and protection against replay attacks.
•
Authentication Header (AH) provides data integrity, data source authentication, and protection
against replay attacks, but unlike ESP, AH does not provide confidentiality.
IPSec can protect either the entire IP datagram or only the upper-layer protocols. The appropriate
modes are called tunnel mode and transport mode.
•
In tunnel mode the IP datagram is fully encapsulated by a new IP datagram using the IPSec
protocol.
•
In transport mode only the payload of the IP datagram is handled by the IPSec protocol; it
inserts the IPSec header between the IP header and the upper-layer protocol header.
The IPSec key management supports Internet Key Exchange (IKE) or Manual key/SA entry.
•
In IKE the IPSec protocol negotiates shared security parameters and keys. Security
Associations (SAs) used in IKE use automatically generated keys for authentication negotiation
between peers.
•
Manual key/SA entry requires the keys to be generated and managed manually, and it is
therefore suited for small static environments. For the selected authentication or encryption
algorithms, the correct keys must be generated. The key length is determined by the algorithm
selected. Refer to the Fabric OS Administrator’s Guide for more information.
The following IPSec configuration tasks can be performed with this command:
•
Enable or disable the IPSec policies.
•
Configure IP address for both IPv4 and IPv6 format.
•
Configure three types of policies and their respective components:
-
IPSec policy including selector, transform, SA-proposal, and SA.
-
IKE policy (automatic key management).
-
Manual SA (manual SA management).