Reference Guide

440 Brocade Fabric OS Command Reference

53-1004112-02

ipSecConfig

Configures Internet Protocol security (IPSec) policies for Ethernet management interfaces.

Synopsis ipsecconfig --enable [default] --disable

ipsecconfig --add | --modify type [subtype] [arguments]

ipsecconfig --delete [type] arguments

ipsecconfig --flush manual-sa

ipsecconfig --show type [subtype] arguments

ipsecconfig --help [command_type subtype]

Description Use this command to configure the Internet Protocol Security (IPSec) feature for traffic flows on switch Ethernet

management interfaces, or to display the current configuration.

Internet Protocol security (IPSec) is a framework of open standards that provides private, secure communication

over Internet Protocol (IP) networks through the use of cryptographic security services.

IPSec uses different protocols to ensure the authentication, integrity, and confidentiality of the communication.

• Encapsulating Security Payload (ESP) provides confidentiality, data integrity and data source authentication of

IP packets, and protection against replay attacks.

• Authentication Header (AH) provides data integrity, data source authentication, and protection against replay

attacks, but unlike ESP, AH does not provide confidentiality.

IPSec can protect either the entire IP datagram or only the upper-layer protocols. The appropriate modes are

called tunnel mode and transport mode.

• In tunnel mode the IP datagram is fully encapsulated by a new IP datagram using the IPSec protocol.

• In transport mode only the payload of the IP datagram is handled by the IPSec protocol; it inserts the IPSec

header between the IP header and the upper-layer protocol header.

The IPSec key management supports Internet Key Exchange (IKE) or Manual key/SA entry.