Reference (Supporting Fabric OS v7.3.0) Owner manual
Table Of Contents
- Contents
- About This Document
- Using Fabric OS Commands
- Fabric OS Commands
- aaaConfig
- ad
- ag
- agAutoMapBalance
- agShow
- aliAdd
- aliCreate
- aliDelete
- aliRemove
- aliShow
- appLoginHistory
- aptPolicy
- auditCfg
- auditDump
- authUtil
- bannerSet
- bannerShow
- bcastShow
- bladeCfgGeMode
- bladeDisable
- bladeEnable
- bladeSwap
- bootLunCfg
- bottleneckMon
- bpPortLoopbackTest
- bpTurboRamTest
- bufOpMode
- ceePortLedTest
- ceePortLoopbackTest
- ceeTurboRamTest
- cfgActvShow
- cfgAdd
- cfgClear
- cfgCreate
- cfgDelete
- cfgDisable
- cfgEnable
- cfgRemove
- cfgSave
- cfgShow
- cfgSize
- cfgTransAbort
- cfgTransShow
- chassisBeacon
- chassisCfgPerrThreshold
- chassisDisable
- chassisDistribute
- chassisEnable
- chassisName
- chassisShow
- classConfig
- cliHistory
- cmsh
- configDefault
- configDownload
- configList
- configRemove
- configShow
- configUpload
- configure
- configureChassis
- creditRecovMode
- cryptoCfg
- dataTypeShow
- date
- dbgShow
- defZone
- diagClearError
- diagDisablePost
- diagEnablePost
- diagHelp
- diagPost
- diagRetry
- diagShow
- distribute
- dlsReset
- dlsSet
- dlsShow
- dnsConfig
- enclosureShow
- errClear
- errDelimiterSet
- errDump
- errFilterSet
- errModuleShow
- errShow
- ethIf
- exit
- extnCfg
- fabRetryShow
- fabRetryStats
- fabricLog
- fabricName
- fabricPrincipal
- fabricShow
- fabStatsShow
- fanDisable
- fanEnable
- fanShow
- faPwwn
- fastBoot
- fcipHelp
- fcipLedTest
- fcipPathTest
- fcoe
- fcoeLoginCfg
- fcoeLoginGroup
- fcPing
- fcpLogClear
- fcpLogDisable
- fcpLogEnable
- fcpLogShow
- fcpProbeShow
- fcpRlsProbe
- fcpRlsShow
- fcrBcastConfig
- fcrConfigure
- fcrEdgeShow
- fcrFabricShow
- fcrIclPathBWMonitor
- fcrLsan
- fcrLsanCount
- fcrLsanMatrix
- fcrPhyDevShow
- fcrProxyConfig
- fcrProxyDevShow
- fcrResourceShow
- fcrRouterPortCost
- fcrRouteShow
- fcrXlateConfig
- fddCfg
- fdmiCacheShow
- fdmiShow
- femDump
- ficonCfg
- ficonClear
- ficonCupSet
- ficonCupShow
- ficonHelp
- ficonShow
- fipsCfg
- firmwareCommit
- firmwareDownload
- firmwareDownloadStatus
- firmwareKeyShow
- firmwareRestore
- firmwareShow
- firmwareSync
- flow
- fmMonitor
- fosConfig
- fosExec
- frameLog
- fspfShow
- fwAlarmsFilterSet
- fwAlarmsFilterShow
- fwClassInit
- fwConfigReload
- fwFruCfg
- fwHelp
- fwMailCfg
- fwPortDetailShow
- fwSamShow
- fwSet
- fwSetToCustom
- fwSetToDefault
- gePortErrShow
- h
- haDisable
- haDump
- haEnable
- haFailover
- haRedundancy
- haShow
- haSyncStart
- haSyncStop
- help
- historyLastShow
- historyMode
- historyShow
- i
- iclCfg
- ifModeSet
- ifModeShow
- iflShow
- interfaceShow
- iodReset
- iodSet
- iodShow
- ipAddrSet
- ipAddrShow
- ipFilter
- ipSecConfig
- islShow
- itemList
- killTelnet
- ldapCfg
- lfCfg
- licenseAdd
- licenseIdShow
- licensePort
- licenseRemove
- licenseShow
- licenseSlotCfg
- linkCost
- logicalGroup
- login
- logout
- lsanZoneShow
- lsCfg
- lsDbShow
- mapsConfig
- mapsDb
- mapsHelp
- mapsPolicy
- mapsRule
- mapsSam
- memShow
- motd
- msCapabilityShow
- msConfigure
- msPlatShow
- msPlatShowDBCB
- msPlClearDB
- msPlMgmtActivate
- msPlMgmtDeactivate
- msTdDisable
- msTdEnable
- msTdReadConfig
- myId
- nbrStateShow
- nbrStatsClear
- nodeFind
- nsAliasShow
- nsAllShow
- nsCamShow
- nsDevLog
- nsShow
- nsZoneMember
- nsZoneShow
- passwd
- passwdCfg
- pathInfo
- pdShow
- perfAddEEMonitor
- perfCfgClear
- perfCfgRestore
- perfCfgSave
- perfClearAlpaCrc
- perfDelEEMonitor
- perfHelp
- perfMonitorClear
- perfMonitorShow
- perfResourceShow
- perfSetPortEEMask
- perfShowAlpaCrc
- perfShowPortEEMask
- perfTTmon
- portAddress
- portAlpaShow
- portBeacon
- portBufferCalc
- portBufferShow
- portCamShow
- portCfg
- portCfgAlpa
- portCfgAutoDisable
- portCfgCompress
- portCfgCreditRecovery
- portCfgDefault
- portCfgDPort
- portCfgEncrypt
- portCfgEport
- portCfgEportCredits
- portCfgEXPort
- portCfgFaultDelay
- portCfgFec
- portCfgFillword
- portCfgFlogiLogout
- portCfgFportBuffers
- portCfgGE
- portCfgGeMediaType
- portCfgGport
- portCfgISLMode
- portCfgLongDistance
- portCfgLossTov
- portCfgLport
- portCfgNonDfe
- portCfgNPIVPort
- portCfgNPort
- portCfgOctetSpeedCombo
- portCfgPersistence
- portCfgPersistentDisable
- portCfgPersistentEnable
- portCfgQoS
- portCfgShow
- portCfgSpeed
- portCfgTrunkPort
- portCfgVEXPort
- portCmd
- portDebug
- portDecom
- portDisable
- portDPortTest
- portEnable
- portEncCompShow
- portErrShow
- portFencing
- portFlagsShow
- portLedTest
- portLogClear
- portLogConfigShow
- portLogDisable
- portLogDump
- portLogDumpPort
- portLogEnable
- portLogEventShow
- portLoginShow
- portLogPdisc
- portLogReset
- portLogResize
- portLogShow
- portLogShowPort
- portLogTypeDisable
- portLogTypeEnable
- portLoopbackTest
- portMirror
- portName
- portPeerBeacon
- portPerfShow
- portRouteShow
- portShow
- portStats64Show
- portStatsClear
- portStatsShow
- portSwap
- portSwapDisable
- portSwapEnable
- portSwapShow
- portTest
- portTestShow
- portThConfig
- portTrunkArea
- portZoneShow
- powerOffListSet
- powerOffListShow
- psShow
- rasAdmin
- rasMan
- reboot
- relayConfig
- roleConfig
- routeHelp
- rtLogTrace
- secActiveSize
- secAuthSecret
- secCertUtil
- secDefineSize
- secGlobalShow
- secHelp
- secPolicyAbort
- secPolicyActivate
- secPolicyAdd
- secPolicyCreate
- secPolicyDelete
- secPolicyDump
- secPolicyFCSMove
- secPolicyRemove
- secPolicySave
- secPolicyShow
- secStatsReset
- secStatsShow
- sensorShow
- serDesTuneMode
- setContext
- setDbg
- setVerbose
- sfpShow
- shellFlowControlDisable
- shellFlowControlEnable
- slotPowerOff
- slotPowerOn
- slotShow
- snmpConfig
- snmpTraps
- spinFab
- sshUtil
- statsClear
- stopPortTest
- supportFfdc
- supportFtp
- supportInfoClear
- supportSave
- supportShow
- supportShowCfgDisable
- supportShowCfgEnable
- supportShowCfgShow
- switchBeacon
- switchCfgPersistentDisable
- switchCfgPersistentEnable
- switchCfgSpeed
- switchCfgTrunk
- switchDisable
- switchEnable
- switchName
- switchShow
- switchStatusPolicySet
- switchStatusPolicyShow
- switchStatusShow
- switchUptime
- switchViolation
- syslogdFacility
- syslogdIpAdd
- syslogdIpRemove
- syslogdIpShow
- sysMonitor
- sysShutDown
- tempShow
- thConfig
- thMonitor
- timeOut
- topologyShow
- traceDump
- trunkDebug
- trunkShow
- tsClockServer
- tsTimeZone
- turboRamTest
- upTime
- uRouteShow
- usbStorage
- userConfig
- version
- wwn
- wwnAddress
- zone
- zoneAdd
- zoneCreate
- zoneDelete
- zoneHelp
- zoneObjectCopy
- zoneObjectExpunge
- zoneObjectRename
- zoneObjectReplace
- zoneRemove
- zoneShow
- Primary FCS Commands
- Command Availability
188 Fabric OS Command Reference
53-1003131-01
cryptoCfg
2
• For each node, the display includes the following parameters:
- Node Name: the node WWN
- State: DISCOVERED = The node is part of the encryption group. DISCOVERING = The node is
in the process of discovery.
- Role: GroupLeader or MemberNode
- IP address: the node IP address
- Certificate: the node CP certificate name (user-defined)
- Current master key (or primary link key) state: Not configured, Saved, Created, Propagated,
Valid, or Invalid.
- Current master key ID (or primary link key ID): Shows key ID or zero if not configured.
- Alternate master key (or secondary link key) state: Not configured, Saved, Created,
Propagated, Valid, or Invalid.
- Alternate master key ID (or secondary link key ID): Shows key ID or zeroif not configured.
• For each encryption engine, the command displays the following parameters:
- EE slot number: the encryption engine slot number
- SP state: refer to the appendix in the Fabric OS Encryption Administrator's Guide. Current
master key ID (if DPM is configured) or primary link key ID (if LKM is configured).
- Alternate master key ID (if DPM is configured) or secondary link keyID (if LKM is configured).
- HA cluster name to which this encryption engine belongs, or "No HA cluster membership".
- Media Type: DISK, TAPE, or MEDIA NOT DEFINED.
Use the --show -egstatus command with the -stat or -cfg option to display configuration or status
information for all nodes in the encryption group. This command displays a superset of information
included in the -groupcfg, -groupmember and -hacluster show commands. Refer to these commands
for a description of display details.
NOTES All encryption engines in the encryption group must be interconnected through a dedicated local area
network (LAN), preferably on the same subnet and on the same VLAN using the GbE ports on the
encryption switch or blade. The two GbE ports of each member node (Eth0 and Eth1) should be
connected to the same IP Network, the same subnet, and the same VLAN. Configure the GbE ports (I/O
sync links) with an IP address for the eth0 Ethernet interface, and also configure a gateway for these I/O
sync links. Refer to the ipAddrSet help page for instructions on configuring the Ethernet interface.
These I/O sync link connections must be established before you enable the EEs for encryption. If these
configuration steps are not performed, you cannot create an HA cluster, perform a first-time encryption,
or initiate a rekeying session.
OPERANDS The cryptoCfg group configuration function has the following operands:
--help -groupcfg
Displays the synopsis for the group configuration function. This command is valid
on all nodes.
--create -encgroup
Creates an encryption group. The node on which this command is invoked
becomes the group leader. You must specify a name when creating an encryption
group. If stale encryption configurations exist on the node, this command displays
a warning and prompts for confirmations to delete the configurations before
creating the encryption group. A "no" response aborts the operation.
encryption_group_name
Specifies the name of the encryption group to be created. The name can be up to
15 characters long and include alphanumeric characters and underscores. White
space, hyphens, and other special characters are not permitted.