Brocade Fabric OS Command Reference Manual Supporting Fabric OS v6.3.0 (53-1001337-01, July 2009)
Fabric OS Command Reference 419
53-1001337-01
ipsecConfig
2
To display all IPsec transforms:
switch:admin> ipsecconfig --show policy ips transform -a
policy-A-B action:auto_ipsec mode:transport
local:10.33.69.132 remote:10.33.74.13
sa-proposal:ipsec-esp-a-b
ike-policy:remote-B
To display all IPsec traffic selectors:
switch:admin> ipsecconfig --show policy ips selector -a
slt-A-B-any local:10.33.69.132 remote:10.33.74.13
direction:outbound upper-layer-protocol:any
transform-used:policy-A-B
slt-B-A-any local:10.33.74.13 remote:10.33.69.132
direction:inbound upper-layer-protocol:any
transform-used:policy-A-B
Using the help command
To use the --help command with arguments to display the syntax of specific types and subtypes:
switch:admin>ipsecconfig --help add policy ips selector
Usage: ipsecConfig --add policy ips selector ARGUMENTS
ARGUMENTS
-tag <name> selector name
-direction <in|out> traffic flow direction
-local <addr> source IPv4 or IPv6 address
-remote <addr> peers IPv4 or IPv6 address
-transform <name> transform name
[-protocol <name>] protocol nam
switch:admin> ipsecconfig
--help modify policy ike
Usage: ipsecConfig --modify policy ike ARGUMENTS
ARGUMENTS
-tag <name> ike policy name
-remote <addr> peers ipaddress
-id <identifier> local identifier
-remoteid <identifier> peers identifier
-enc <ALGORITHM> encryption algorithm
-hash <ALGORITHM> hash algorithm
-prf <ALGORITHM> prf algorithm
-dh <number> dh group number
ENCRYPTION ALGORITHM
3des_cbc, aes128_cbc, aes256_cbc, null_enc
HASH ALGORITHM
hmac_md5, hmac_sha1, aes_xcbc
PRF ALGORITHM
hmac_md5, hmac_sha1, aes_xcbc
DH-GROUP
modp768(1), modp1024(2), modp2048(14), modp8192(18)