Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual page 944

Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)

Hide thumbs Also See for AP776A - Nexus Converged Network Switch 5020:

Command reference manual (1640 pages)

Configuration manual (1486 pages)

Reference (886 pages)

Table of Contents

Sample FCIP Configuration

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Configure FCIP in Switch MDS A.

sw10.1.1.100(config)# feature fcip

sw10.1.1.100(config)# fcip profile 2

sw10.1.1.100(config-profile)# ip address 10.10.100.231

sw10.1.1.100(config-profile)# int fcip 2

sw10.1.1.100(config-if)# peer-info ipaddr 10.10.100.232

sw10.1.1.100(config-if)# use-profile 2

sw10.1.1.100(config-if)# no shut

sw10.1.1.100(config-if)# end

sw10.1.1.100#

Verify the configuration in Switch MDS A.

sw10.1.1.100# show crypto global domain ipsec security-association lifetime

Security Association Lifetime: 4500 megabytes/3600 seconds

sw10.1.1.100# show crypto map domain ipsec

Crypto Map "cmap-01" 1 ipsec

Interface using crypto map set cmap-01:

sw10.1.1.100# show crypto transform-set domain ipsec

Transform set: tfs-02 {esp-aes 128 esp-sha1-hmac}

sw10.1.1.100# show crypto spd domain ipsec

Policy Database for interface: GigabitEthernet7/1, direction: Both

sw10.1.1.100# show crypto ike domain ipsec

keepalive 3600

sw10.1.1.100# show crypto ike domain ipsec key

key ctct address 10.10.100.232

sw10.1.1.100# show crypto ike domain ipsec policy

Priority 1, auth pre-shared, lifetime 86300 secs, encryption 3des, hash md5, DH group 1

Enable IKE and IPsec in Switch MDS C.

sw11.1.1.100# conf t

sw11.1.1.100(config)# feature crypto ike

sw11.1.1.100(config)# feature crypto ipsec

Configure IKE in Switch MDS C.

sw11.1.1.100(config)# crypto ike domain ipsec

sw11.1.1.100(config-ike-ipsec)# key ctct address 10.10.100.231

sw11.1.1.100(config-ike-ipsec)# policy 1

sw11.1.1.100(config-ike-ipsec-policy)# encryption 3des

sw11.1.1.100(config-ike-ipsec-policy)# hash md5

sw11.1.1.100(config-ike-ipsec-policy)# exit

sw11.1.1.100(config-ike-ipsec)# end

sw11.1.1.100#

Cisco MDS 9000 Family CLI Configuration Guide

Peer = 10.10.100.232

IP ACL = acl1

permit ip 10.10.100.231 255.255.255.255 10.10.100.232 255.255.255.255

Transform-sets: tfs-02,

Security Association Lifetime: 3000 gigabytes/120 seconds

PFS (Y/N): Y

PFS Group: group5

GigabitEthernet7/1

will negotiate {tunnel}

udp any port eq 500 any

udp any any port eq 500

permit ip 10.10.100.231 255.255.255.255 10.10.100.232 255.255.255.255

Configuring IPsec Network Security

OL-18084-01, Cisco MDS NX-OS Release 4.x

Show Quick Links

Table of Contents

Troubleshooting

Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual page 944

Hide quick links:

Troubleshooting

Related Manuals for Cisco AP776A - Nexus Converged Network Switch 5020

Related Products for Cisco AP776A - Nexus Converged Network Switch 5020

This manual is also suitable for:

Table of Contents