Brocade Fabric OS Command Reference Manual Supporting Fabric OS v6.3.0 (53-1001337-01, July 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c Power Pack+ SAN Switch for BladeSystem c-Class

431

432

433

434

435

436

437

438

439

440

410 Fabric OS Command Reference

53-1001337-01

ipsecConfig

policy ike Creates or modifies an IKE policy configuration. No subtype is required with

this command. The command defines the following IKE policy parameters:

IKE version, IP address of the remote entity, IP address of the local entity,

encryption algorithm, hash algorithm, PRF algorithm, DH group,

authentication method, path and filename of the pre-shared key. The syntax

is as follows: ipsecConfig --add | --modify ike arguments.

arguments Valid arguments for policy ike include:

-tag name

Specifies a name for the IKE policy. This is a user-generated name. The

name must be between 1 and 32 characters in length, and may include

alphanumeric characters, dashes (-), and underscores (_). This operand

is required.

remote IP_address[/prefixlength]

Specifies the peer IPv4 or IPv6 address and prefix.

-id identifier Specifies the local identifier. The switch is identified by its IPv4 or IPv6

address.

-remoteid identifier

Specifies the peer identifier. The remote peer is identified by its IPv4 or

IPv6 address.

-enc algorithm Specifies the encryption algorithm. Valid encryption algorithms include

the following:

• 3des_cbc - 3DES algorithm

• blowfish_cbc - Blowfish algorithm

• aes128_cbc - AES 128-bit algorithm

• aes256_cbc - AES 256-bit algorithm

• null_enc - Null encryption algorithm (cleartext)

-hash algorithm Specifies the hash algorithm. Valid hash algorithms include the following:

• hmac_md5 - MD5 algorithm

• hmac_sha1 - SH1 algorithm

-prf algorithm Specifies the PFR algorithm. Valid PRF algorithms include the following:

• hmac_md5 - MD5 algorithm

• hmac_sha1 - SH1 algorithm

-auth psk|dss|rsasig

Specifies the authentication method as one of the following:

psk Authenticate using pre-shared keys.

dss Authenticate using digital signature standard.

rsasig Authenticate using an RSA signature.

-dh number Specifies the DH group number as one of the following:

1 Specifies DH group modp768.

2 Specifies DH group modp1024.

14 Specifies DH group modp2048.