Sample Fcip Configuration - Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual

Mds 9000 family
Table of Contents

Advertisement

Chapter 30
Configuring IPsec Network Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Example 30-19 Displays the IPsec Statistics for the Specified Interface
switch# show crypto global domain ipsec interface gigabitethernet 3/1
IPSec interface statistics:
Example 30-20 Displays the Global SA Lifetime Values
switch# show crypto global domain ipsec security-association lifetime
Security Association Lifetime: 450 gigabytes/3600 seconds

Sample FCIP Configuration

Figure 30-5
data between MDS A and MDS C.
Figure 30-5
MDS C
To configure IPsec for the FCIP scenario shown in
Enable IKE and IPsec in Switch MDS A.
Step 1
sw10.1.1.100# conf t
sw10.1.1.100(config)# crypto ike enable
sw10.1.1.100(config)# crypto ipsec enable
Configure IKE in Switch MDS A.
Step 2
sw10.1.1.100(config)# crypto ike domain ipsec
sw10.1.1.100(config-ike-ipsec)# key ctct address 10.10.100.232
sw10.1.1.100(config-ike-ipsec)# policy 1
sw10.1.1.100(config-ike-ipsec-policy)# encryption 3des
sw10.1.1.100(config-ike-ipsec-policy)# hash md5
sw10.1.1.100(config-ike-ipsec-policy)# end
sw10.1.1.100#
Configure the ACLs in Switch MDS A.
Step 3
sw10.1.1.100# conf t
sw10.1.1.100(config)# ip access-list acl1 permit ip 10.10.100.231 0.0.0.0 10.10.100.232
0.0.0.0
OL-6973-03, Cisco MDS SAN-OS Release 2.x
IKE transaction stats: 0 num
Inbound SA stats: 0 num, 512 max
Outbound SA stats: 0 num, 512 max
focuses on implementing IPsec for one FCIP link (Tunnel 2). Tunnel 2 carries encrypted
IP Security Usage in an FCIP Scenario
FCIP
Tunnel 2
10.10.100.232
MDS A
10.10.100.231
Figure
30-5, follow these steps:
Cisco MDS 9000 Family Configuration Guide
Sample FCIP Configuration
30-29

Advertisement

Table of Contents
loading

Table of Contents