Policy – Dell POWEREDGE M1000E User Manual

Page 632

Advertising
background image

600

Fabric OS Command Reference

53-1001764-02

policy

2

policy

Displays or modifies the encryption and authentication algorithms for security policies.

Synopsis

policy option type number [-enc method] [-auth algorithm] [-pfs value] [-dh group] [-seclife seconds]

Description

Use this command to display or modify the encryption and authentication algorithms for security
policies. You can configure a maximum of 32 Internet key exchange (IKE) and 32 Internet protocol
security (IPSec) policies.

Each FCIP tunnel is configured separately and may have the same or different IKE and IPSec
policies.

Policies cannot be altered. To change the parameters associated with a current IKE or IPSec policy,
that policy must be deleted and re-created with new parameters.

A policy cannot be deleted while an active FCIP tunnel is using it.

Note

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may
be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command
Availability" for details.

Operands

The following operands are required:

option

Specifies the action to take. Actions include:

--

create

Creates the policy.

--

delete

Deletes the policy.

--

show

Displays the policy.

type

Specifies the policy type. Types include:

ike

Internet key exchange.

ipsec

Internet protocol security.

number

Specifies the numeric ID of the policy. Valid values are 1 to 32, and ALL with
the --show option.

Optional

Operands

-enc method

Specifies the encryption algorithm. The default is AES-128. Methods include:

3DES

Triple data encryption standard, 168-bit key.

AES-128

Advanced encryption standard, 128-bit key.

AES-256

Advanced encryption standard, 256-bit key.

-auth algorithm

Specifies the authentication algorithm. The default is SHA-1. Algorithms
include:

SHA-1

Secure hash algorithm.

MD5

Message digest 5.

AES-XCBC

Advanced encryption standard. Valid only with IPSec.

-pfs value

Specifies the perfect forward secrecy. This operand is valid only with IKE
policies. Values are on (default) or off.

Advertising
Popular Brands
Popular manuals