7
Management interface security
TABLE 39
Fabric-wide consistency policy setting
Strict/Tolerant
Strict/Absent
Strict/Strict
Table 40
TABLE 40
Fabric-wide consistency policy setting
Tolerant/Absent
Management interface security
You can secure an Ethernet management interface between two Brocade switches or
enterprise-class platforms by implementing IPsec and IKE policies to create a tunnel that protects
traffic flows. The tunnel has at each end a Brocade switch or enterprise-class platform. There may
be routers, gateways, and firewalls in between the two ends.
ATTENTION
Enabling secure IPsec tunnels does not provide IPsec protection for traffic flows on the external
management interfaces of intelligent blades in a chassis, nor does it support protection of traffic
flows on FCIP interfaces.
Internet Protocol security (IPsec) is a framework of open standards that ensures private and secure
communications over Internet Protocol (IP) networks through the use of cryptographic security
services. The goal of IPsec is to provide the following capabilities:
•
•
•
164
Examples of strict fabric merges
Fabric A
SCC:S;DCC:S
SCC;DCC:S
SCC:S;DCC:S
SCC:S
DCC:S
SCC:S
has a matrix of merging fabrics with tolerant and absent policies.
Fabric merges with tolerant/absent combinations
Fabric A
SCC;DCC
DCC
SCC;DCC
DCC
Authentication — Ensures that the sending and receiving end-users and devices are known and
trusted by one another.
Data Integrity — Confirms that the data received was in fact the data transmitted.
Data Confidentiality — Protects the user data being transmitted, such as utilizing encryption to
avoid sending data in clear text.
Expected behavior
Fabric B
SCC;DCC:S
Ports connecting switches are
disabled.
SCC:S;DCC
DCC:S
Expected behavior
Fabric B
Error message logged.
Run fddCfg --fabwideset
"<policy_ID>" from any switch with
the desired configuration to fix the
SCC
conflict. The secPolicyActivate
SCC
command is blocked until conflict is
resolved.
Fabric OS Administrator's Guide
53-1001763-01