How encryption and compression are enabled, Encryption and compression commands – Dell POWEREDGE M1000E User Manual
Page 396
396
Fabric OS Administrator’s Guide
53-1002745-02
In-flight encryption and compression overview
14
The port level authentication security feature must be enabled before encryption configuration can
be enabled. Pre-shared secret keys should be configured on both ends of the ISL to perform
authentication. Once the link has been authenticated, the port (E_Port or EX_Port) will use the IKE
protocol to generate and exchange the keys, IV and Salt values.
At this time expiry keys are not supported. This means that the keys generated for a port will remain
the same for as long as the port is online. When a port is segmented, disabled, or taken offline,
a new and different set of keys will be generated when the port is enabled.
All members of the trunk group use the same set of keys as that of the master port, and slave ports
do not perform any key exchanges. If there is an E_Port or EX_Port change due to the master port
going offline, the same set of keys used by the trunk will continued to be used.
How encryption and compression are enabled
Encryption and compression capabilities and configurations from each end of the ISL are
exchanged during E_Port or EX_Port initialization. Capabilities and configurations must match,
otherwise port segmentation or disablement occurs. If the port was configured for compression,
then the compression feature is enabled.
If the port was configured for encryption, authentication is performed and the keys needed for
encryption are generated. The encryption feature is enabled if authentication is successful.
If authentication fails, then the ports are segmented.
You can also decommission any port that has in-flight encryption/compression enabled. See
on page 90 for details on decommissioning ports.
Encryption and compression commands
Here are the commands most commonly associated with the encryption/compression feature.
See the Fabric OS Command Reference for more details on these commands.
portEncCompShow
The portEncCompShow command allows you to view the encryption and compression configuration
on any given port and whether it is active or not. It also shows the port speeds.
This command displays the speed of the port as part of the portStatsShow command. If the speed
is configured as AUTO NEG(otiation), the speed of the port is taken as 16G for capacity calculation
and will be displayed accordingly. The same value will be displayed as part of portEncCompShow
even if the link successfully negotiates a speed other than 16G. See also
on page 399 and the Fabric OS Command Reference for more details.
Usage: portEncCompShow [slot/]port
Example output
switch:admin> portStatsShow 16/17
16
16
011000
id
N8
Online
FC
E-Port
10:00:00:05:33:13:71:3e "switch16
2" (downstream)
17
17
011100
id
N8
Online
FC
E-Port
10:00:00:05:33:13:71:3e "switch16
2"
switch> portenccompshow
User
Encryption
Compression
Config
Port
configured
Active
configured
Active
Speed
----
----------
------
----------
------
-----
0
No
No
No
No