Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)
Encryption Administrator’s Guide 89
53-1001341-02
I/O sync link configuration
3
There are additional considerations if blades are removed and replaced, or moved to a different
slot. On chassis-based systems, IP addresses are assigned to the slot rather than the blade, and
are saved in non-volatile storage on the control processor blades. IP addresses may be assigned
even if no blade is present. If an FS8-18 blade is installed in a slot that was previously configured
for a different type of blade with two IP ports (an FC4-16E blade, for example), the FS8-18 blade is
assigned the address specified for -eth0 in that slot.
To be sure the correct IP addresses are assigned, use the ipaddrshow command to display the IP
address assignments as shown in the following example.
switch:admin> ipaddrshow -slot 7
SWITCH
Ethernet IP Address: 10.33.54.207
Ethernet Subnetmask: 255.255.240.0
Fibre Channel IP Address: none
Fibre Channel Subnetmask: none
Gateway IP Address: 10.33.48.1
DHCP: Off
eth0: 10.33.54.208/20
eth1: none/none
Gateway: 10.33.48.1
NOTE
If you modify the IP address of the GbE ports (I/O sync links) after encryption is enabled on the
switch, you must reboot the encryption switch or issue a slotpoweroff/slotpoweron for the IP address
change to take effect. Failure to do so will prevent re-key operations from functioning in the HA
cluster or encryption group.
IP Address change of a node within an encryption group
Modifying the IP Address of a node that is part of an encryption group is disruptive in terms of
cluster operation. The change causes the encryption group to split and if the node was part of an
HA cluster, failover/failback capability is lost. Note that the ipaddrset command issues no warning
or prevents you from changing a node IP address that is part of a configured encryption group or
HA cluster. Follow the steps below to recover from the situation. Note that this recovery does not
affect existing host encryption I/O.
• If the node is the group leader, delete and recreate the encryption group with the node that
now has a new IP address. Refer to the sections“Deleting an encryption group” on page 165
and “Creating an encryption group” on page 95 for instructions.
• If the node is a member node, perform the following steps:
1. Log into the Group Leader as Admin or SecurityAdmin.
2. Eject and then de-register the node from the encryption group. Refer to the section
“Removing a node from an encryption group” on page 163 for instructions.
3. Reregister the node with the group leader and add the member node with new IP address
to the encryption group. Refer to the section “Basic encryption group configuration” on
page 95 for instructions.