Management lan configuration, Configuring cluster links – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

146

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Management LAN configuration

3

switch:admin> cryptocfg --help -nodecfg
Usage: cryptocfg
--help -nodecfg:

Display the synopsis of node parameter configuration.

--initnode:
Initialize the node for configuration of encryption options.
--initEE [<slotnumber>]:
Initialize the specified encryption engine.
--regEE [<slotnumber>]:
Register a previously initialized encryption blade.
--reg -membernode <member node WWN> <member node certfile> <IP addr>:
Register a member node with the system.
--reg -groupleader <group leader WWN> <group leader certfile> <IP addr>:
Register a group leader node with the system.
(output truncated)

Management LAN configuration

Each encryption switch has one GbE management port. In the case of a DCX Backbone chassis
with FS8-18 blades installed, management ports are located on the CP blades. The management
port IP address is normally set as part of the hardware installation. A static IP address should be
assigned. To eliminate DNS traffic and potential security risks related to DHCP, DHCP should not be
used.

For encryption switches and blades, the management port is used to communicate with a key
management system, and a secure connection must be established between the management
port and the key management system. All switches you plan to include in an encryption group must
be connected to the key management system. Only IPv4 addressing is currently supported. All
nodes, including the key management system, must use the same version of IP addressing.

Configuring cluster links

Each encryption switch or FS8-18 blade has two gigabit Ethernet ports labeled Ge0 and Ge1. The
Ge0 and Ge1 ports connect encryption switches and FS8-18 blades to other encryption switches
and FS8-18 blades. These two ports are bonded together as a single virtual network interface. Only
one IP address is used. The ports provide link layer redundancy, and are collectively referred to as
the cluster link.

NOTE

Do not confuse the gigabit Ethernet ports with the management and console ports, which are also
RJ-45 ports located close to the gigabit Ethernet ports.

All encryption switches or blades in an encryption group must be interconnected by their cluster
links through a dedicated LAN. Both ports of each encryption switch or blade must be connected to
the same IP network and the same subnet. Static IP addresses should be assigned. Neither VLANs
nor DHCP should be used.

1. Log in to the switch as Admin or FabricAdmin.

2. Configure the IP address using the ipAddrSet command. Only Ge0 needs to be configured.

Always use ipAddrSet

-

eth0 to configure the address. If an address is assigned to ge1 (

-

eth1),

it is accepted and stored, but it is ignored. Only IPv4 addresses are supported for cluster links.