Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentEncryption Switch

261

262

263

264

265

266

267

268

269

270

246 Fabric OS Encryption Administrator’s Guide (DPM)

53-1002720-02

Encryption group and HA cluster maintenance

IP Address: 10.32.33.145

Certificate: 10.32.33.145_my_cp_cert.pem

Current Master Key State: Saved

Current Master KeyID:

b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e

Alternate Master Key State: Not configured

Alternate Master KeyID:

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

EE Slot: 0

SP state: Online

Current Master KeyID:

b8:2a:a2:4f:c8:fd:12:e2:a9:25:d9:5b:58:2c:96:7e

Alternate Master KeyID:

00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

No HA cluster membership

a. If the node is in the DISCOVERED state and the security processor (SP) state is online (as

shown above), you can remove the node from the encryption group. Complete step 4 and

step 5, which completes the procedure.

b. If the node is not in the DISCOVERED state, and you want to remove the node from the

encryption group, you must first deregister the node. To do this, log in to the group leader

and enter the cryptocfg

--dereg -membernode command followed by the node WWN.

SecurityAdmin:switch> cryptocfg --dereg -membernode 10:00:00:05:1e:41:99:bc

Operation succeeded.

4. Reclaim the WWN of the member node.

a. Enter the cryptocfg

--reclaimWWN -membernode <node-WWN> command on the group

leader to reclaim the VI/VT WWN base for node to be removed.

When prompted, enter yes.

b. Enter the cryptocfg

--commit command on the group leader to propagate the change to

all nodes in the encryption group:

5. On the group leader, enter the cryptocfg

--eject -membernode command followed by the

node WWN.

SecurityAdmin:switch> cryptocfg --eject -membernode 10:00:00

:05:1e:55:3a:f0

WARNING: Before ejecting the membernode, ensure that the VI/VT WWN's

are reclaimed.

Refer to "cryptocfg --reclaimWWN" commands.

ARE YOU SURE (yes, y, no, n): [no] Node eject granted by protocol clients

[10:00:00:05:1e:55:3a:f0]

Eject node status: Operation Succeeded.

6. Deregister the member node to converge the encryption group.

SecurityAdmin:switch> cryptocfg --dereg -membernode 10:00:00:05:1e:55:3a:f0

7. Log in to the member node and execute the cryptocfg --reclaimWWN -cleanup command.