Brocade Fabric OS Command Reference Manual Supporting Fabric OS v7.0.0 (April 2011)
Fabric OS Command Reference 585
53-1001764-01
policy
22
policy
Displays or modifies the encryption and authentication algorithms for security policies.
SYNOPSIS policy option type number
[-enc method]
[-auth algorithm]
[-pfs value]
[-dh group]
[-seclife seconds]
DESCRIPTION Use this command to display or modify the encryption and authentication algorithms for security policies.
You can configure a maximum of 32 Internet key exchange (IKE) and 32 Internet protocol security
(IPSec) policies.
Each FCIP tunnel is configured separately and may have the same or different IKE and IPSec policies.
Policies cannot be altered. To change the parameters associated with a current IKE or IPSec policy, that
policy must be deleted and re-created with new parameters.
A policy cannot be deleted while an active FCIP tunnel is using it.
NOTES The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.
OPERANDS The following operands are required:
option
Specifies the action to take. Actions include the following:
--create
Creates the policy.
--delete
Deletes the policy.
--show
Displays the policy.
type
Specifies the policy type. Types include the following:
ike
Internet key exchange.
ipsec
Internet protocol security.
number
Specifies the numeric ID of the policy. Valid values are 1 to 32, and ALL with the
--show option.
The following operands are optional:
-enc method
Specifies the encryption algorithm. The default is AES-128. Methods include the
following:
3DES
Triple data encryption standard, 168-bit key.