Reference Guide

440 Brocade Fabric OS Command Reference
53-1004112-02
ipSecConfig
ipSecConfig
Configures Internet Protocol security (IPSec) policies for Ethernet management interfaces.
Synopsis ipsecconfig --enable [default] --disable
ipsecconfig --add | --modify type [subtype] [arguments]
ipsecconfig --delete [type] arguments
ipsecconfig --flush manual-sa
ipsecconfig --show type [subtype] arguments
ipsecconfig --help [command_type subtype]
Description Use this command to configure the Internet Protocol Security (IPSec) feature for traffic flows on switch Ethernet
management interfaces, or to display the current configuration.
Internet Protocol security (IPSec) is a framework of open standards that provides private, secure communication
over Internet Protocol (IP) networks through the use of cryptographic security services.
IPSec uses different protocols to ensure the authentication, integrity, and confidentiality of the communication.
Encapsulating Security Payload (ESP) provides confidentiality, data integrity and data source authentication of
IP packets, and protection against replay attacks.
Authentication Header (AH) provides data integrity, data source authentication, and protection against replay
attacks, but unlike ESP, AH does not provide confidentiality.
IPSec can protect either the entire IP datagram or only the upper-layer protocols. The appropriate modes are
called tunnel mode and transport mode.
In tunnel mode the IP datagram is fully encapsulated by a new IP datagram using the IPSec protocol.
In transport mode only the payload of the IP datagram is handled by the IPSec protocol; it inserts the IPSec
header between the IP header and the upper-layer protocol header.
The IPSec key management supports Internet Key Exchange (IKE) or Manual key/SA entry.