Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
11121314151617181920
Secure Fabric OS Administrator’s Guide 3
53-1000244-02
1
sectelnet
The sectelnet client is a secure form of telnet that encrypts passwords only. It is available from your
switch supplier. Fabric OS v4.4.0, v5.0.1, v5.1.0, and v5.2.0 include the sectelnet server; the
sectelnet client must be installed on the workstation computer.
The sectelnet client can be used as soon as a digital certificate is installed on the switch. sectelnet
access is configurable by the Telnet policy.
Telnet
Standard telnet is not available when secure mode is enabled.
To remove all telnet access to the fabric, disable telnet through the telnetd option of the configure
command. This configure option does not require disabling the switch. For more information about
the configure command, see the Fabric OS Command Reference Manual.
Switch-to-Switch Authentication
Switch-to-switch authentication supports the following:
Using PKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Using DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
NOTE
A secure edge fabric that is connected to a Fibre Channel router (such as the Brocade 7500) can
use only DH-CHAP authentication.
USING PKI
Secure Fabric OS can use digital certificates based on public key infrastructure (PKI) and switch
WWNs and the SLAP or FCAP protocols to identify the authorized switches and prevent the addition
of unauthorized switches to the fabric. A PKI certificate installation utility (PKICert) is provided for
generating certificate signing requests (CSRs) and installing digital certificates on switches. For
information about how to use the PKICert utility, see “Using the PKICert Utility to Obtain CSR” on
page 13.
Support for FCAP is provided in Secure Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, v5.2.0, and v5.3.0
and is used instead of SLAP when both switches support it. PKI authentication automatically uses
SLAP when a switch does not support FCAP
NOTE
Fabric OS v4.4.0, v5.0.1, v5.1.0, v5.2.0, and v5.3.0 also use PKI digital certificates. Secure Fabric
OS and secure sockets layer (SSL) use different digital certificates and different methods of
obtaining and installing the certificates. PKI digital certificates are used for the secure fabric, and
SSL digital certificates are not. The methods described in this manual are specific to Secure Fabric
OS. See the Fabric OS Administrator’s Guide for information about SSL and digital certificates.