Setting switch ip security, Managing security associations – HP StorageWorks 2000fc G2 Modular Smart Array User Manual
Page 64
64
Managing switches
b. If you selected Static for Server Discovery, optionally enter up to three valid addresses in the DNS
Server Address boxes.
Use the DNS Search List to specify up to five DNS domain suffixes to be used by the DNS client when
attempting to resolve a host name into an IP address. For example, if the DNS Search List includes a
single domain name “servers.mycompany.com” and a client attempted to look up the host name
“myhost,” the DNS client will first request the IP address of the host name “myhost.” If that fails, it will
request the IP address of the host name, “myhost.servers.mycompany.com.”
4.
Under DNS Search List, complete the following:
a. From the Search List Discovery list, select a method of assigning IP addresses:
• Static—Select this option to manually configure the list of DNS domain suffixes to be searched.
• DHCP—Select this option to use Dynamic Host Configuration Protocol for IPv4. DHCP allows the
switch to dynamically receive an IP address from a pool of addresses, instead of requiring it to
have a static IP address. DHCP can also be used to distribute information that is not otherwise
discoverable; for example, the DNS domain used for name resolution. (If you select DHCP, the
Search List Domain Name boxes become unavailable.)
• DHCPv6—Select this option to use Dynamic Host Configuration Protocol for IPv6. DHCPv6 can
be used to statefully assign addresses if the network administrator needs more control over
addressing. DHCPv6 can also be used to distribute information that is not otherwise
discoverable; for example, the DNS domain used for name resolution. (If you select DHCPv6, the
Search List Domain Name boxes become unavailable.)
b. If you selected Static for Search List Discovery, optionally enter up to five valid domain names in the
Search List Domain Name boxes.
5.
To save your changes to the switch DNS properties and close this dialog box, click OK. To close this
dialog box without making changes, click Cancel.
Setting switch IP security
Network Internet Protocol security (IPsec) provides encryption-based security for IP version 4 (IPv4) and IP
version 6 (IPv6) communications through the use of security policies and associations.
IMPORTANT:
IP security configurations can be complex. It is possible to unintentionally configure policies
and associations that isolate a switch from all communication. If this happens, you can disable IP security
by placing the switch in maintenance mode, and correct the problem through the serial port interface.
Simple SAN Connection Manager provides the IPsec Configuration dialog box to help you configure IPsec,
which is used to encrypt and authenticate IPv4 and IPv6 packets. Use the IPsec Configuration dialog box to
create, edit, delete, copy, and paste IPsec associations (see
“Managing security associations”
and IPsec policies (see
Managing security associations
A security association defines the encryption algorithm and encryption key to apply when called by a
security policy. A security policy may call several associations at different times, but each association is
related to only one policy. The security association database (SAD) is the set of all security associations.
This section provides the following procedures for managing IPsec associations:
• “Creating an IPsec association,”
• “Editing an IPsec association,”
• “Deleting an IPsec association,”