Reference Guide (Supporting software release 4.1.0.0-040GR and later) User guide
Table Of Contents
- Table of Contents
- About This Document
- Introduction
- Common Commands
- User Exec Commands
- Privileged Exec Commands
- Global Configuration Commands
- Crypto-isakmp Instance
- Crypto-group Instance
- Crypto-peer Instance
- Crypto-ipsec Instance
- Crypto-map Instance
- Crypto-trustpoint Instance
- Interface Instance
- Spanning tree-mst Instance
- Extended ACL Instance
- Standard ACL Instance
- Extended MAC ACL Instance
- DHCP Server Instance
- DHCP Class Instance
- RADIUS Server Instance
- Wireless Instance
- RTLS Instance
- SOLE Instance
184 Brocade Mobility RFS7000-GR Controller CLI Reference Guide
53-1001945-01
Global Configuration Commands
5
Parameters
ipsec
(security-association|
transform-set)
Configures IPSEC policies.
• security-association – Security association parameter used to define its
lifetime.
• lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It
can be defined in either:
kilobytes – Volume-based key duration. Minimum is 500 KB and
maximum is 2147483646 KB.
seconds – Time-based key duration. Minimum is 90 seconds and
maximum is 2147483646 seconds
• transform-set [set name] – Uses the crypto ipsec transform-set command to
define the transform configuration for securing data.
• ah-sha-hmac
• esp-3des
• esp-aes
• esp-aes-192
• esp-aes-256
• esp-sha-hmac
The transform-set is then assigned to a crypto map using the map’s set
transform-set command. See Crypto-map Instance on page 281.
isakmp
[client|keepalive|key|
peer|policy]
Configure Internet Security Association and Key Management Protocol (ISAKMP)
policy.
• client configuration (group) (default) – This leads to
config-crypto-group instance.
For more details see Crypto-group Instance on page 251.
• keepalive <10-3600> – Sets a keepalive interval for use with remote peers. It
defines the number of seconds between DPD messages.
• key [0|2|word] [address|hostname] – Sets a pre-shared key for remote peer.
• 0 – Password is specified UNENCRYPTED.
• 2 – Password is encrypted with password-encryption secret
• WORD – User provided password.
• address <A.B.C.D>– Defines shared key with IP address.
• <A.B.C.D> – The peer IP address.
• hostname – Defines shared key with hostname.
• peer [address|dn|hostname] – Sets a remote peer.
• address – The IP address acts as an identity of remote peer.
• dn – The identity of remote peer is Distinguished Name.
• hostname – The identity of remote peer is hostname.
• policy <1-10000> – Set policy for an ISAKMP protection suite.
key
[export|generate|import|
zeroize]
Authentication key management.
• export rsa<name> URL [sftp] – Exports a keypair related configuration.
• generate rsa<name> <1024-2048> – Generates a keypair.
• <1024-2048> – Size of keypair in bit.
• import rsa<name> URL [tftp|ftp] – Imports keypair related configuration.
• zeroize rsa<name> – Deletes a keypair.
• rsa<identifier> – RSA keypair identifier associated with keypair.
• URL – URL for sending the key to. It can be one of the following:
• sftp://<user>@<IP>/path/file