Generating a secret key – Dell POWEREDGE M1000E User Manual

Page 407

Advertising
background image

Fabric OS Administrator’s Guide

407

53-1002745-02

Encryption and compression examples

14

Example of enabling encryption and compression on an E_Port

This example configures and enables encryption and compression on a given port. The commands
in this example are shown entered on the Brocade 6510 named ‘myswitch’. The same commands
must also be entered on the peer switch.

NOTE

Authentication and a secret key must be configured and established before configuring encryption.

Authentication setup

This first part of the example shows a command sequence that sets up authentication in
preparation for in-flight encryption. Specifically, it configures the DH-CHAP protocol for
authentication, sets the DH group to group 4, and activates authentication:

myswitch:admin> authutil --show
AUTH TYPE

HASH TYPE

GROUP TYPE

----------------------------------------
fcap,dhchap

sha1,md5

0,1,2,3,4

Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF

myswitch:admin> authutil --set -a dhchap
Authentication is set to dhchap.
myswitch:admin> authutil --set -g "4"
DH Group was set to 4.

Secret Key setup

Next, you set a secret key. For this you need to get the WWN of the peer switch.

myswitch:admin> secauthsecret --set

This command is used to set up secret keys for the DH-CHAP authentication.
The minimum length of a secret key is 8 characters and maximum 40
characters. Setting up secret keys does not initiate DH-CHAP
authentication. If switch is configured to do DH-CHAP, it is performed
whenever a port or a switch is enabled.

Warning: Please use a secure channel for setting secrets. Using
an insecure channel is not safe and may compromise secrets.

Following inputs should be specified for each entry.

1. WWN for which secret is being set up.
2. Peer secret: The secret of the peer that authenticates to peer.
3. Local secret: The local secret that authenticates peer.

Press enter to start setting up secrets >

Enter peer WWN, Domain, or switch name (Leave blank when done):
10:00:00:05:1e:e5:cb:00
Enter peer secret:
Re-enter peer secret:
Enter local secret:
Re-enter local secret:

Enter peer WWN, Domain, or switch name (Leave blank when done):

Advertising
Popular Brands
Popular manuals