Manualshelf

HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

ManualsBrandsHP ManualsComputer AccessoriesHP 8/40 SAN Switch 8-port Upgrade E-LTU
401402403404405406407408409410
410 Configuring and monitoring FCIP tunneling
For example, to delete the IPSec policy number 10:
Configuring FCIP Tunnels
You can create only one FCIP tunnel on a given pair of IP address interfaces (local and remote). You can
create multiple FCIP tunnels on a single IP interface if either the local or remote IP interface is unique and
does not have any other FCIP tunnel on it. When the GbE port has a valid SFP and is physically connected
to any other GbE port, the status output from the switchShow command is online.
Due to an IPSec RASlog limitation, you may not be able to determine an incorrect configuration that causes
an IPSec tunnel not to become active. This misconfiguration can occur on either end of the tunnel. As a
result, you must correctly match the encryption method, authentication algorithm, and other configurations
for on each end of the tunnel.
NOTE: The procedures in this section demonstrate configuring FCIP tunnels for remote switches.
The same procedures apply to local switches and need to be performed there as well.
See the Fabric OS Command Reference Manual for detailed information on using the commands in this
section.
Following are the steps for configuring an FCIP tunnel:
1. Enabling persistently disabled ports” on page 402
2. Defining the IP interface of each virtual port” on page 403
3. Configuring the GbE ports” on page 404
4. Adding IP routes on a GbE port” on page 404
5. Verifying IP connectivity” on page 406
6. Verifying the FCIP tunnel configuration” on page 413
Before you begin configuring FCIP tunnels, verify that you have an FCIP license installed. See ”Maintaining
licensed software features” on page 36.
Enabling persistently disabled ports
Ports on the 400 MP Router and the B-Series MP Router blade are disabled by default. Before you can
configure FCIP tunnels, you must persistently enable the ports.
CAUTION: VEX_Port Users: If the fabric is already connected, you must leave the ge0 and ge1 ports
disabled until after you have configured the VEX_Port; this will prevent unintentional merging of the two
fabrics.
To enable a persistently disabled port
1. Enter the portCfgShow command to view ports that are persistently disabled.
2. After identifying the ports, enter the portCfgPersistentEnable command to enable the ports.
3. Disable the port during FCIP configuration by entering the portDisable [slot/]port command.
switch:admin06> policy --delete ipsec 10
The policy has been successfully deleted.