Manualshelf

Brocade Web Tools Documentation Addendum - Supporting Fabric OS v5.3.0a (53-1000791-01, September 2007)

ManualsBrandsHP ManualsComputer AccessoriesHP DC SAN Director Switch 16-port 8Gb Fibre Channel Blade Option
11121314151617181920
Web Tools Documentation Addendum 3
53-1000791-01
Configuring an FCIP interswitch/interfabric link
1
Configuring an FCIP interswitch/interfabric link
Perform the following tasks in the order indicated to configure FCIP interswitch/interfabric link:
1. (Optional) “Configuring an IKE or IPSEC Policy” on page 3.
If you are planning to use IPSec, you must configure the policies first.
2. “Configuring Virtual Ports” on page 4.
3. “Interfaces, Routes, and Tunnels” on page 4.
Use the wizard to perform the following tasks:
a. Defining the IP interfaces of the GbE port.
b. Adding IP routes on the GbE port (optional).
c. Configuring FCIP tunnels.
4. “Enabling Persistently Disabled Ports” on page 7.
Enabling the two VE_ports at this juncture will merge the two fabrics. You must configure and
enable both the local and remote switch ports to use the FCIP ISL/IFL.
NOTE
Admin Domain membership is required to configure IP interfaces, routes, and tunnels.
Configuring an IKE or IPSEC Policy
Before you begin to create an FCIP interswitch/interfabric link, you need to determine whether to
implement an IKE/IPSec policy. Once you begin to create the tunnels with the wizard, you must
provide the IKE/IPSec policy information. If you choose not to implement an IKE/IPSec policy, you
can always choose No Policy from the drop-down menu in the FCIP tunnel wizard. You must create
an IKE policy and an IPSec policy to apply IPSec to an FCIP tunnel.
1. Open the Switch Administration window.
2. Select the IPSec Policies tab.
3. Select IKE or IPSEC subtab and click Create.
Diffie-Hellman (D-H) Diffie-Hellman key exchange is a cryptographic protocol
that allows two parties that have no prior knowledge of
each other to jointly establish a shared secret key over
an insecure communications channel. This key can then
be used to encrypt subsequent communications using a
symmetric key cipher
IKE 1 or 14
IPSec disabled
Security Association Lifetime This specifies the lifetime in seconds of the security
association and a new key will be renegotiated before
this value expires if PFS is on. The security association
will expire when either this value or the value lifetime is
reached.
Specify the number of
seconds
TABLE 1 IKE/IPSec Configuration Choices (Continued)
Field Description Choices