Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 198

Advertising
background image

184

Brocade Mobility RFS7000-GR Controller CLI Reference Guide

53-1001945-01

Global Configuration Commands

5

Parameters

ipsec
(security-association|
transform-set)

Configures IPSEC policies.

security-association – Security association parameter used to define its
lifetime.

lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It
can be defined in either:
kilobytes – Volume-based key duration. Minimum is 500 KB and

maximum is 2147483646 KB.

seconds – Time-based key duration. Minimum is 90 seconds and

maximum is 2147483646 seconds

transform-set [set name] – Uses the crypto ipsec transform-set command to
define the transform configuration for securing data.

ah-sha-hmac

esp-3des

esp-aes

esp-aes-192

esp-aes-256

esp-sha-hmac

The transform-set is then assigned to a crypto map using the map’s set
transform-set command. See

Crypto-map Instance on page 281

.

isakmp
[client|keepalive|key|
peer|policy]

Configure Internet Security Association and Key Management Protocol (ISAKMP)
policy.

client configuration (group) (default) – This leads to

config-crypto-group

instance.

For more details see

Crypto-group Instance on page 251

.

keepalive <10-3600> – Sets a keepalive interval for use with remote peers. It
defines the number of seconds between DPD messages.

key [0|2|word] [address|hostname] – Sets a pre-shared key for remote peer.

0 – Password is specified UNENCRYPTED.

2 – Password is encrypted with password-encryption secret

WORD – User provided password.

address <A.B.C.D>– Defines shared key with IP address.

<A.B.C.D> – The peer IP address.

hostname – Defines shared key with hostname.

peer [address|dn|hostname] – Sets a remote peer.

address – The IP address acts as an identity of remote peer.

dn – The identity of remote peer is Distinguished Name.

hostname – The identity of remote peer is hostname.

policy <1-10000> – Set policy for an ISAKMP protection suite.

key
[export|generate|import|
zeroize]

Authentication key management.

export rsa<name> URL [sftp] – Exports a keypair related configuration.

generate rsa<name> <1024-2048> – Generates a keypair.

<1024-2048> – Size of keypair in bit.

import rsa<name> URL [tftp|ftp] – Imports keypair related configuration.

zeroize rsa<name> – Deletes a keypair.

rsa<identifier> – RSA keypair identifier associated with keypair.

URL – URL for sending the key to. It can be one of the following:

sftp://<user>@<IP>/path/file

Advertising
Popular Brands
Popular manuals