Selecting a peer public key management option – Brocade Communications Systems ServerIron ADX 12.4.00 User Manual

Page 74

Advertising
background image

62

ServerIron ADX Global Server Load Balancing Guide

53-1002437-01

Secure GSLB

1

9. After the key-exchange (fingerprint) takes place, the key must be saved on both the controller

and site ServerIron ADX using the crypto key-exchange save-peer-key command. Notice there is
an erase-peer-key option also.

SLB-Ctrl-ServerIronADX(config)#crypto key-exchange ?

A.B.C.D IP address of peer

erase-peer-key Erase peer public key in flash

passive

save-peer-key Save peer public key into flash

SLB-Ctrl-ServerIronADX(config)#crypto key-exchange save-peer-key

To verify the communication state and public fingerprint key entry being exchanged, enter a
command such as in the following:

Syntax: show gslb security peer

Syntax: show gslb security key-fingerprint

Selecting a peer public key management option

After the key exchange is completed, there are three key-management options provided to you.

Select the desired option based on the level of security required, balanced with an acceptable level
of administration overhead for the key exchange.

To select the one-time option, enter the following command.

Secure-ServerIronADX(config)#gslb auth-encrypt-communication peer-pub-key-expire

one-time

If you do not set a peer-pub-key-expire, the default value is 180 seconds.

Syntax: [no] gslb auth-encrypt-communication peer-pub-key-expire [one-time | never | <timeout>]

SLB-ServerIronADX(config)#show gslb security peer

Public key for peer 2.2.2.1

Valid duration(seconds): 30000000

loaded from flash 0

Peer authentication handshake done 1

key get from peer 2.2.2.1

fingerprint:

63743f5c a1b77dbf 68adbb8e 46379203 9647c77c

Public key for peer 2.2.2.3

Valid duration(seconds): 30000000

loaded from flash 1

Peer authentication handshake done 1

key get from peer 2.2.2.3

fingerprint:

f16b1cdc 547b3e5c ac77f284 b2ebe711 8f4b9722

SLB-ServerIronADX#sh gslb security key-fingerprint

Key fingerprint index: 1

Peer IP address for this key 2.2.2.3

f16b1cdc 547b3e5c ac77f284 b2ebe711 8f4b9722

Valid duration(seconds): 29999965

Advertising
Popular Brands
Popular manuals