beautypg.com

How encryption and compression are enabled, Encryption and compression commands – Dell POWEREDGE M1000E User Manual

Page 396

background image

396

Fabric OS Administrator’s Guide

53-1002745-02

In-flight encryption and compression overview

14

The port level authentication security feature must be enabled before encryption configuration can
be enabled. Pre-shared secret keys should be configured on both ends of the ISL to perform
authentication. Once the link has been authenticated, the port (E_Port or EX_Port) will use the IKE
protocol to generate and exchange the keys, IV and Salt values.

At this time expiry keys are not supported. This means that the keys generated for a port will remain
the same for as long as the port is online. When a port is segmented, disabled, or taken offline,
a new and different set of keys will be generated when the port is enabled.

All members of the trunk group use the same set of keys as that of the master port, and slave ports
do not perform any key exchanges. If there is an E_Port or EX_Port change due to the master port
going offline, the same set of keys used by the trunk will continued to be used.

How encryption and compression are enabled

Encryption and compression capabilities and configurations from each end of the ISL are
exchanged during E_Port or EX_Port initialization. Capabilities and configurations must match,
otherwise port segmentation or disablement occurs. If the port was configured for compression,
then the compression feature is enabled.

If the port was configured for encryption, authentication is performed and the keys needed for
encryption are generated. The encryption feature is enabled if authentication is successful.
If authentication fails, then the ports are segmented.

You can also decommission any port that has in-flight encryption/compression enabled. See

“Port

decommissioning”

on page 90 for details on decommissioning ports.

Encryption and compression commands

Here are the commands most commonly associated with the encryption/compression feature.
See the Fabric OS Command Reference for more details on these commands.

portEncCompShow

The portEncCompShow command allows you to view the encryption and compression configuration
on any given port and whether it is active or not. It also shows the port speeds.

This command displays the speed of the port as part of the portStatsShow command. If the speed
is configured as AUTO NEG(otiation), the speed of the port is taken as 16G for capacity calculation
and will be displayed accordingly. The same value will be displayed as part of portEncCompShow
even if the link successfully negotiates a speed other than 16G. See also

“Configuring encryption

and compression”

on page 399 and the Fabric OS Command Reference for more details.

Usage: portEncCompShow [slot/]port

Example output

switch:admin> portStatsShow 16/17
16

16

011000

id

N8

Online

FC

E-Port

10:00:00:05:33:13:71:3e "switch16

2" (downstream)
17

17

011100

id

N8

Online

FC

E-Port

10:00:00:05:33:13:71:3e "switch16

2"

switch> portenccompshow
User

Encryption

Compression

Config

Port

configured

Active

configured

Active

Speed

----

----------

------

----------

------

-----

0

No

No

No

No