Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, April 2009)

Fabric OS Command Reference 527
53-1001186-01
policy
2
policy
Displays or modifies the encryption and authentication algorithms for security policies.
Synopsis policy option type number [-enc method] [-auth algorithm] [-pfs value] [-dh group] [-seclife seconds]
Description Use this command to display or modify the encryption and authentication algorithms for security
policies. You can configure a maximum of 32 Internet key exchange (IKE) and 32 Internet protocol
security (IPSec) policies.
Each FCIP tunnel is configured separately and may have the same or different IKE and IPSec
policies.
Policies cannot be altered. To change the parameters associated with a current IKE or IPSec policy,
that policy must be deleted and re-created with new parameters.
A policy cannot be deleted while an active FCIP tunnel is using it.
Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may
be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command
Availability" for details.
Operands The following operands are required:
option Specifies the action to take. Actions include:
--create Creates the policy.
--delete Deletes the policy.
--show Displays the policy.
type Specifies the policy type. Types include:
ike Internet key exchange.
ipsec Internet protocol security.
number Specifies the numeric ID of the policy. Valid values are 1 to 32, and ALL with
the --show option.
Optional
Operands
-enc method Specifies the encryption algorithm. The default is AES-128. Methods include:
3DES Triple data encryption standard, 168-bit key.
AES-128 Advanced encryption standard, 128-bit key.
AES-256 Advanced encryption standard, 256-bit key.
-auth algorithm Specifies the authentication algorithm. The default is SHA-1. Algorithms
include:
SHA-1 Secure hash algorithm.
MD5 Message digest 5.
AES-XCBC Advanced encryption standard. Valid only with IPSec.
-pfs value Specifies the perfect forward secrecy. This operand is valid only with IKE
policies. Values are on (default) or off.