Connectrix Brocade: How to configure Encryption and compression on Brocade switch?
Summary: This article describes how to configure encryption and compression on Brocade switch.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Description:
Encryption provides security for frames while they are in flight between two switches. Compression provides better bandwidth use on the ISLs, especially over long distance.
Purpose:
The encryption and compression features allow frames to be encrypted or compressed at the egress point of an ISL between two Brocade switches, and then to be decrypted or decompressed at the ingress point of the ISL. Frames are never left in an encrypted or compressed state when delivered to an end device.
Points to be considered:
Step 1: Run "portencompshow" to see the switch ports if they have Encryption and Compresson configured/Active
Step 2: Run "authutil --show" to see which authentication protocol is configured
Step 3: Run "authutil --set -a dhchap" OR "authutil --set -a fcap" to set the an authentication protocol
Step 4: Set DH (since i used "dhchap") group to 4 using "authutil --set -g "4""
Encryption and compression can be enabled at the same time, or you can enable either encryption or compression selectively.
Enabling Encryption:
Encryption provides security for frames while they are in flight between two switches. Compression provides better bandwidth use on the ISLs, especially over long distance.
Purpose:
The encryption and compression features allow frames to be encrypted or compressed at the egress point of an ISL between two Brocade switches, and then to be decrypted or decompressed at the ingress point of the ISL. Frames are never left in an encrypted or compressed state when delivered to an end device.
Points to be considered:
- These features use port-based Encryption and Compression. By default, these features are initially disabled for all ports on a switch.
- The devices at either end of the ISL must run Fabric OS v7.0.0 or later software.
- On Both VF and Non-VF modes,E_Ports, EX_Ports in the user-created logical switch, base switch, or default and XISL (VF mode) switches can support Encryption and Compression,
- ICL ports do not support
- No license is required to configure and enable Encryption or Compression.
- Both ends of the ISL ports can run at any speed, but must be 16 Gbps-capable.
- These features are supported only on the Brocade 6510 and 6520 switches, and 7840 extension switches, 16 Gbps Blade Server SAN I/O Modules, and the Brocade DCX 8510 Backbone family
- They are compatible with E_Ports or EX_Ports with trunking, QoS, or long distance features enabled.
- Fabric OS supports up to 32 Gbps of data encryption and 32 Gbps of data compression per 16 Gbps capable
Step 1: Run "portencompshow" to see the switch ports if they have Encryption and Compresson configured/Active
Step 2: Run "authutil --show" to see which authentication protocol is configured
Step 3: Run "authutil --set -a dhchap" OR "authutil --set -a fcap" to set the an authentication protocol
Step 4: Set DH (since i used "dhchap") group to 4 using "authutil --set -g "4""
Step 5: Authentication protocol check :
a. If DH-CHAP is the configured authentication protocol, use the "secAuthSecret --set" and exchange the secret key when prompted to enter the WWN for the remote switch and secret strings for the local switch and the remote switch.
b. If FCAP is the configured authentication protocol, use the "seccertutil" command to generate the public or private key, the CSR, and the passphrase and then import certificates(CA and switch) at both the ends of ISL.
Step 6: Activate the configured authentication using "authutil --policy -sw active" to set the switch policy mode to Active.
Encryption and compression can be enabled at the same time, or you can enable either encryption or compression selectively.
Enabling Encryption:
- #switch> portdisable 5
- #switch> portcfgencrypt --enable 5
- #switch> portenable 5
- #switch> portdisable 5
- #switch> portcfgcompress --enable 5
- #switch> portenable 5
switch> portcfgshow 5
Area Number: 0
Octet Speed Combo: 1(16G|8G|4G|2G)
Speed Level: AUTO(SW)
AL_PA Offset 13: OFF
Trunk Port ON
Long Distance OFF
Compression: ON
Encryption: ON
Area Number: 0
Octet Speed Combo: 1(16G|8G|4G|2G)
Speed Level: AUTO(SW)
AL_PA Offset 13: OFF
Trunk Port ON
Long Distance OFF
Compression: ON
Encryption: ON
Additional Information
For more detailed explanation on this topic, you can refer Fabric OS Admin or CLI guide.
Please watch this video which is also published on YouTube:
Please watch this video which is also published on YouTube:
Affected Products
Connectrix, Connectrix B-Series HardwareProducts
Connectrix B-Series HardwareArticle Properties
Article Number: 000021853
Article Type: How To
Last Modified: 18 Apr 2022
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.