Brocade Communications Systems Brocade 8/12c Command Reference Manual page 620

22
policy
-auth algorithm
-pfs value
-dh group
-seclife seconds
EXAMPLES
To create a new policy:
To display a policy setting:
586
AES-128
Advanced encryption standard, 128-bit key.
AES-256
Advanced encryption standard, 256-bit key.
Specifies the authentication algorithm. The default is SHA-1. Algorithms include
the following:
SHA-1
Secure hash algorithm.
MD5
Message digest 5.
AES-XCBC
Advanced encryption standard. Valid only with IPSec.
Specifies the perfect forward secrecy. This operand is valid only with IKE policies.
Values are on (default) or off.
Specifies the Diffie-Hellman group used in PFS negotiation. This operand is valid
only with IKE policies. The default is 1. Values include the following:
1
Fastest as it uses 768 bit values, but least secure.
14
Slowest as it uses 2048 bit values, but most secure.
Security association lifetime in seconds. A new key is renegotiated before the
specified length of time expires. The valid range for seconds is 28800 to
250000000 or 0. The default is 28800.
switch:admin> policy --create ike 10 -enc 3des -auth md5
The following policy has been set:
IKE policy 10
-----------------------------------------
Authentication Algorithm: MD5
Encryption: 3DES
Perfect Forward Secrecy: 0
Diffie-Hellman Group: 1
SA Life (seconds): 28800
switch:admin> policy --show ipsec 1
IPSec policy 1
-----------------------------------------
Authentication Algorithm: SHA-1
Encryption: 3DES
SA Life (seconds): 28800
Fabric OS Command Reference
53-1001764-01