Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

241

242

243

244

245

246

247

248

249

250

Table 53 shows merges that are not supported.

TABLE 53 Examples of strict fabric merges

Fabric-wide consistency policy setting Expected behavior

Fabric A Fabric B

Strict/Tolerant SCC:S;DCC:S SCC;DCC:S

Ports connecting switches are

disabled.

SCC;DCC:S SCC:S;DCC

SCC:S;DCC SCC:S

Strict/Absent SCC:S;DCC:S

SCC:S

DCC:S

Strict/Strict SCC:S DCC:S

Table 54 has a matrix of merging fabrics with tolerant and absent policies.

TABLE 54 Fabric merges with tolerant and absent combinations

Fabric-wide consistency policy setting Expected behavior

Fabric A Fabric B

Tolerant/Absent SCC;DCC

Error message logged.

Run the fddCfg command with the

--fabwideset "

policy_ID

" from any

switch with the desired

configuration to fix the conflict. The

secPolicyActivate command is

blocked until conflict is resolved.

DCC

SCC;DCC SCC

DCC SCC

Management interface security

You can secure an Ethernet management interface between two Brocade switches or Backbones by implementing IPsec and IKE

policies to create a tunnel that protects traffic flows. While the tunnel must have a Brocade switch or Backbone at each end, there may be

routers, gateways, and firewalls in between the two ends.

ATTENTION

Enabling secure IPsec tunnels does not provide IPsec protection for traffic flows on the external management interfaces of

intelligent blades in a chassis, nor does it support protection of traffic flows on FCIP interfaces.

Internet Protocol security (IPsec) is a framework of open standards that ensures private and secure communications over Internet

Protocol (IP) networks through the use of cryptographic security services. The goal of IPsec is to provide the following capabilities:

NOTE

The ipSecConfig --enable command is not supported in Fabric OS 8.0.0.

∙ Authentication -- Ensures that the sending and receiving end-users and devices are known and trusted by one another.

∙ Data Integrity -- Confirms that the data received was in fact the data transmitted.

∙ Data Confidentiality -- Protects the user data being transmitted, such as utilizing encryption to avoid sending data in clear text.

∙ Replay Protection -- Prevents replay attack in which an attacker resends previously-intercepted packets in an effort to

fraudulently authenticate or otherwise masquerade as a valid user.

∙ Automated Key Management --Automates the process, as well as manages the periodic exchange and generation of new keys.

Configuring Security Policies

Brocade Fabric OS Administration Guide, 8.0.1

53-1004111-02 247