Brocade Fabric OS Command Reference Manual Supporting Fabric OS v6.3.0 (53-1001337-01, July 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c Power Pack+ SAN Switch for BladeSystem c-Class

161

162

163

164

165

166

167

168

169

170

140 Fabric OS Command Reference

53-1001337-01

cryptoCfg

- Group leader node name: the node WWN

- Encryption group state: CONVERGED = Encryption group formed successfully.

CONVERGING = Encryption group partially formed, member nodes may still be in discovery

process. DEGRADED = Nodes lost connection with the group.

• For each node, the display includes the following:

- Node Name: the node WWN

- State: DISCOVERED = The node is part of the encryption group.

DISCOVERING = The node is in the process of discovery.

- Role: GroupLeader or MemberNode

- IP address: the node IP address

- Certificate: the node CP certificate name (user-defined)

- Current master key (or primary link key) state: Not configured, Saved, Created, Propagated,

Valid, or Invalid.

- Current master key ID (or primary link key ID): Shows key ID or zero if not configured.

- Alternate master key (or secondary link key) state: Not configured, Saved, Created,

Propagated, Valid, or Invalid.

- Alternate master key ID (or secondary link key ID): Shows key ID or zero if not configured.

• For each encryption engine, the command displays the following:

- EE slot number: the encryption engine slot number

- SP state: refer to the appendix in the Fabric OS Encryption Administrator’s Guide

- Current master key ID (if RKM is configured) or primary link key ID (if LKM is configured).

- Alternate master key ID (if RKM is configured) or secondary link keyID (if LKM is

configured).

- HA cluster name to which this encryption engine belongs, or “No HA cluster membership”.

- Media Type: DISK, TAPE, or MEDIA NOT DEFINED.

Use --show -egstatus with the -stat or -cfg option to display configuration or status information for

all nodes in the encryption group. This command displays a superset of information included in the

-groupcfg, -groupmember and -hacluster show commands. Refer to these commands for a

description of display details.

Note All encryption engines s in the encryption group must be interconnected through a dedicated local

area network (LAN), preferably on the same subnet and on the same VLAN using the GbE ports on

the encryption switch or blade. The two GbE ports of each member node (Eth0 and Eth1) should be

connected to the same IP Network, the same subnet, and the same VLAN. Configure the GbE ports

(I/O sync links) with an IP address for the eth0 Ethernet interface, and also configure a gateway for

these I/O sync links. Refer to the ipAddrSet help page for instructions on configuring the Ethernet

interface.

These I/O sync link connections must be established before you enable the EEs for encryption. If

these configuration steps are not performed, you cannot create an HA cluster, perform a first-time

encryption, or initiate a re-keying session.

Operands The cryptoCfg group configuration function has the following operands:

--help -groupcfg Displays the synopsis for the group configuration function. This command is

valid on all nodes.