Cisco MDS 9000 Series Configuration Manual page 284

Setting Up Security Association Parameters
Example
To determine which ports are using the SA, use the show running-config fcsp command. Refer to
theViewing Running System Information, on page
Note Cisco TrustSec FC Link Encryption is currently supported only on DHCHAP on and off modes.
Setting Up Security Association Parameters
To set up the SA parameters, such as keys and salt, follow these steps:
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# fcsp esp sa spi_number
Enters into SA submode for configuring SAs. The range of spi_number is from 256 to 65536.
Step 3
switch(config-sa)# key key
Configures the key for the SA. Maximum size of key is 34.
Step 4 switch(config-sa)# no key key
(Optional) Removes the key from the SA.
Step 5 switch(config-sa)# salt salt
Configures the salt for the SA. The range is from 0x0 to 0xffffffff.
Step 6
switch(config-sa)# no salt salt
(Optional) Removes the salt for the SA.
Configuring ESP Settings
This section includes the following topics:
Configuring ESP on Ingress and Egress Ports
Once the SA is created, you need to configure Encapsulating Security Protocol (ESP) on the ports. You should
specify the egress and ingress ports for the encryption and decryption of packets between the network peers.
The egress SA specifies which keys or parameters are to be used for encrypting the packets that leave the
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
266
Configuring Cisco TrustSec Fibre Channel Link Encryption
270.