Brocade Communications Systems 53-1001763-02 사용자 설명서
164
Fabric OS Administrator’s Guide
53-1001763-02
Management interface security
7
has a matrix of merging fabrics with tolerant and absent policies.
Management interface security
You can secure an Ethernet management interface between two Brocade switches or
enterprise-class platforms by implementing IPsec and IKE policies to create a tunnel that protects
traffic flows. The tunnel has at each end a Brocade switch or enterprise-class platform. There may
be routers, gateways, and firewalls in between the two ends.
enterprise-class platforms by implementing IPsec and IKE policies to create a tunnel that protects
traffic flows. The tunnel has at each end a Brocade switch or enterprise-class platform. There may
be routers, gateways, and firewalls in between the two ends.
ATTENTION
Enabling secure IPsec tunnels does not provide IPsec protection for traffic flows on the external
management interfaces of intelligent blades in a chassis, nor does it support protection of traffic
flows on FCIP interfaces.
Enabling secure IPsec tunnels does not provide IPsec protection for traffic flows on the external
management interfaces of intelligent blades in a chassis, nor does it support protection of traffic
flows on FCIP interfaces.
Internet Protocol security (IPsec) is a framework of open standards that ensures private and secure
communications over Internet Protocol (IP) networks through the use of cryptographic security
services. The goal of IPsec is to provide the following capabilities:
communications over Internet Protocol (IP) networks through the use of cryptographic security
services. The goal of IPsec is to provide the following capabilities:
•
Authentication — Ensures that the sending and receiving end-users and devices are known and
trusted by one another.
trusted by one another.
•
Data Integrity — Confirms that the data received was in fact the data transmitted.
•
Data Confidentiality — Protects the user data being transmitted, such as utilizing encryption to
avoid sending data in clear text.
avoid sending data in clear text.
TABLE 39
Examples of strict fabric merges
Fabric-wide consistency policy setting
Expected behavior
Fabric A
Fabric B
Strict/Tolerant
SCC:S;DCC:S
SCC;DCC:S
Ports connecting switches are
disabled.
disabled.
SCC;DCC:S
SCC:S;DCC
Strict/Absent
SCC:S;DCC:S
SCC:S
DCC:S
Strict/Strict
SCC:S
DCC:S
TABLE 40
Fabric merges with tolerant/absent combinations
Fabric-wide consistency policy setting
Expected behavior
Fabric A
Fabric B
Tolerant/Absent
SCC;DCC
Error message logged.
Run fddCfg --fabwideset
“<policy_ID>” from any switch with
the desired configuration to fix the
conflict. The secPolicyActivate
command is blocked until conflict is
resolved.
Run fddCfg --fabwideset
“<policy_ID>” from any switch with
the desired configuration to fix the
conflict. The secPolicyActivate
command is blocked until conflict is
resolved.
DCC
SCC;DCC
SCC
DCC
SCC