Ssl debug and troubleshooting commands, Diagnostics – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 201

Advertising
background image

ServerIron ADX Security Guide

187

53-1002440-03

SSL debug and troubleshooting commands

6

SSL debug and troubleshooting commands

This section describes SSL debug and troubleshooting commands.

Diagnostics

You can run diagnostic tests on the SSL hardware devices to verify proper functionality. Please note
that the diagnostic tests should not be run while SSL traffic is being processed. Also, the system
should be reloaded after running the diagnostic test-suite. The diagnostic test-suite can be initiated
from the MP or from individual BPs.

To run diagnostics from the MP,

ssl diag ServerIronADX# ssl diag <BP-slot> <BP-cpu>

<BP-slot> and <BP-cpu> refer to the BP that the diagnostic test-suite is run from

SSL chip 1: All diag tests PASSED

SSL chip 2: All diag tests PASSED

SSL: Diags PASSED

The above command runs all diagnostic tests on all SSL hardware modules, and logs whether the
tests passed or failed in brief.

If additional information is needed, the diagnostic tests can be run from any BP wherein detailed
information is logged on the BP console.

To run diagnostics from the BP,

SSL operations submitted to the hardware can be run in 2 modes - Blocking and Non-blocking.
Blocking mode means that the CPU is polling for the result after submitting the operation to the
hardware, and Non-blocking mode means that the CPU receives a callback once the operation has
completed. The default mode is Blocking. To change the mode,

ServerIronADX1/1# ssl bp-diag mode [ blocking | non-blocking]

There are multiple SSL devices in the system. The default module is the first module (0). To select a
specific module,

ServerIronADX1/1# ssl bp-diag module <SSL device ID [0...5]>

SSL operations submitted to the hardware can be in 2 modes - Direct and Scatter-Gather. Direct
mode means that the data for any input/output variable is in one location, and Scatter-Gather
mode means that the data for any input/output variable could come from multiple non-contiguous
blocks. The default mode is Direct. To enable scatter-gather,

ServerIronADX1/1# ssl bp-diag scatter-gather [ enable | disable ]

ServerIronADX1/1# ssl bp-diag

all All diagnostic tests

crypto-3des Crypto 3DES Test

crypto-aes Crypto AES Test

crypto-hmac Crypto HMAC Test

crypto-mod-ex Crypto Mod-Ex Test

crypto-rc4 Crypto RC4 Test

key-mem Key Memory Test

load-ucode Load Microcode Test

random-num Random Number Generator Test

read-write-regs Read Write Registers Test

Advertising
Popular Brands
Popular manuals