Management Lan Configuration; Configuring Cluster Links - Brocade Communications Systems Brocade 8/12c Administrator's Manual
Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1132 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
3
Management LAN configuration
--initnode:
--initEE [<slotnumber>]:
--regEE [<slotnumber>]:
--reg -membernode <member node WWN> <member node certfile> <IP addr>:
(output truncated)
Management LAN configuration
Each encryption switch has one GbE management port. In the case of a DCX or DCX-4S with
FS8-18 blades installed, management ports are located on the CP blades. The management port
IP address is normally set as part of the hardware installation. A static IP address should be
assigned. To eliminate DNS traffic and potential security risks related to DHCP, DHCP should not be
used.
For encryption switches and blades, the management port is used to communicate with a key
management system, and a secure connection must be established between the management
port and the key management system. All switches you plan to include in an encryption group must
be connected to the key management system. Only IPv4 addressing is currently supported.
Configuring cluster links
Each encryption switch or FS8-18 blade has two gigabit Ethernet ports labeled Ge0 and Ge1. The
Ge0 and Ge1 ports connect encryption switches and FS8-18 blades to other encryption switches
and FS8-18 blades. These two ports are bonded together as a single virtual network interface. Only
one IP address is used. The ports provide link layer redundancy, and are collectively referred to as
the cluster link.
NOTE
Do not confuse the gigabit Ethernet ports with the management and console ports, which are also
RJ45 ports located close to the gigabit Ethernet ports.
All encryption switches or blades in an encryption group must be interconnected by their cluster
links through a dedicated LAN. Both ports of each encryption switch or blade must be connected to
the same IP network and the same subnet. Static IP addresses should be assigned. Neither VLANs
nor DHCP should be used.
1. Log in to the switch as Admin or FabricAdmin.
2. Configure the IP address using the ipaddrset command. Only Ge0 needs to be configured.
116
Initialize the node for configuration of encryption options.
Initialize the specified encryption engine.
Register a previously initialized encryption blade.
Register a member node with the system.
Always use ipaddrset -eth0 to configure the address. If an address is assigned to ge1 (-eth1), it
is accepted and stored, but it is ignored. Only IPv4 addresses are supported for cluster links.
The following example configures a static IP address and gateway address for the bonded
interface.
switch:admin> ipaddrset -eth0 --add 10.32.33.34/23
switch:admin> ipaddrset -gate --add 10.32.1.1
Fabric OS Encryption Administrator's Guide
53-1002159-03
Advertisement
Table of Contents
Troubleshooting
