Brocade Communications Systems 8 Command Reference Manual page 475
Fabric os command reference manual supporting fabric
Hide thumbs
Also See for 8:
- Reference (842 pages) ,
- Reference manual (382 pages) ,
- Administrator's manual (310 pages)
Table of Contents
Advertisement
Example 1
Secure traffic between two systems using AH protection with MD5 and configure IKE with
preshared keys. The two systems are a switch, BROCADE300 (IPv4 address 10.33.74.13), and an
external UNIX server (10.33.69.132
1. On the system console, log into the switch as Admin and enable IPSec.
2. Create an IPSec SA policy named AH01, which uses AH protection with MD5.
3. Create an IPSec proposal IPSEC-AH to use AH01 as SA.
4. Configure the SA proposal's lifetime in time units.
5. Import the preshared key file (e.g., ipseckey.psk) using the seCcertUtil import command.
6. Configure an IKE policy for the remote peer.
7.
8. Create traffic selectors to select the outbound and inbound traffic that needs to be protected.
9. Verify the IPSec SAs created using IKE for above traffic flow using ipsecConfig --show
10. Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to
Example 2
Secure traffic between two systems using ESP protection with 3DES_CBC encryption and SHA1
authentication, and configure IKE with RSA Certificates signed by the certification authority (CA).
The two systems are A SWITCH, BROCADE300 (IPv6 address fe80::220:1aff:fe34:2e82), and an
external UNIX host (IPv6 address fe80::205:1fff:fe51:f09e).
1. On the system console, log into the switch as Admin and enable IPSec.
2. Create an IPSec SA policy named ESP01, which uses ESP protection with 3DES and SHA1.
3. Create an IPSec proposal IPSEC-ESP to use ESP01 as the SA.
Fabric OS Command Reference
53-1001764-02
switch:admin> ipsecconfig --enable
switch:admin> ipsecconfig --add policy ips sa -t AH01 -p ah -auth hmac_md5
switch:admin> ipsecconfig --add policy ips sa-proposal -t IPSEC-AH -sa AH01
switch:admin> ipsecconfig --add policy ips sa-proposal -t IPSEC-AH -lttime 280000 -sa AH01
switch:admin> ipsecconfig
-remoteid 10.33.69.132 -enc 3des_cbc -hash hmac_md5 -prf hmac_md5 -auth psk \
-dh modp1024 -psk ipseckey.psk
Create an IPSec transform named TRANSFORM01 to use transport mode to protect traffic
identified for IPSec protection and use IKE01 as the key management policy.
switch:admin> ipsecconfig --add policy ips transform -t TRANSFORM01 -mode transport \
-sa-proposal IPSEC-AH -action protect -ike IKE01
switch:admin> ipsecconfig --add policy ips selector -t SELECTOR-OUT \
-d out -l 10.33.74.13 -r 10.33.69.132 -transform TRANSFORM01
switch:admin> ipsecconfig --add policy ips selector -t SELECTOR-IN \
-d in -l 10.33.69.132 -r 10.33.74.13 -transform TRANSFORM01
manual-sa -a. Refer to the
your server administration guide for instructions.
switch:admin> ipsecconfig --enable
switch:admin> ipsecconfig --add policy ips sa -t ESP01 -p esp -enc 3des_cbc -auth hmac_sha1
switch:admin> ipsecconfig --add policy ips sa-proposal -t IPSEC-ESP -sa ESP01
).
add policy ike -t IKE01 -remote 10.33.69.132 -id 10.33.74.13 \
--
"IPSec display commands"
ipSecConfig
section for an example.
2
443
Advertisement
Table of Contents
Related Manuals for Brocade Communications Systems 8
Related Products for Brocade Communications Systems 8
- Brocade Communications Systems 8/24
- Brocade Communications Systems POWEREDGE 840
- Brocade Communications Systems 8/8
- Brocade Communications Systems 8/80
- Brocade Communications Systems Converged Enhanced Ethernet 8000
- Brocade Communications Systems 800
- Brocade Communications Systems 825
- Brocade Communications Systems 815
- Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems 8Gb SAN Switch
- Brocade Communications Systems 8000 Series
- Brocade Communications Systems 53-1001763-02
- Brocade Communications Systems 53-1001778-01
- Brocade Communications Systems 6505
- Brocade Communications Systems Brocade 6520