Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)
Secure Fabric OS Administrator’s Guide 1-3
Publication Number 53-1000244-01
1
sectelnet
The sectelnet client is a secure form of telnet that encrypts passwords only. It is available from your
switch supplier. Fabric OS v4.4.0, v5.0.1, v5.1.0, and v5.2.0 include the sectelnet server; the sectelnet
client must be installed on the workstation computer.
The sectelnet client can be used as soon as a digital certificate is installed on the switch. sectelnet access
is configurable by the Telnet policy.
Telnet
Standard telnet is not available when secure mode is enabled.
To remove all telnet access to the fabric, disable telnet through the telnetd option of the configure
command. This configure option does not require disabling the switch. For more information about the
configure command, see the Fabric OS Command Reference Manual.
Switch-to-Switch Authentication
Switch-to-switch authentication supports the following:
• “Using PKI” on page 1-3
• “Using DH-CHAP” on page 1-4
Using PKI
Secure Fabric OS can use digital certificates based on public key infrastructure (PKI) and switch
WWNs and the SLAP or FCAP protocols to identify the authorized switches and prevent the addition of
unauthorized switches to the fabric. A PKI certificate installation utility (PKICert) is provided for
generating certificate signing requests (CSRs) and installing digital certificates on switches. For
information about how to use the PKICert utility, see “Using the PKICert Utility to Obtain CSR” on
page 2-8.
Support for FCAP is provided in Secure Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 and is used
instead of SLAP when both switches support it. PKI authentication automatically uses SLAP when a
switch does not support FCAP.
on
N
ote
A secure edge fabric that is connected to a Fibre Channel router (such as the SilkWorm 7500) can use
only DH-CHAP authentication.
N
ote
Fabric OS v4.4.0, v5.0.1, v5.1.0, and v5.2.0 also use PKI digital certificates. Secure Fabric OS and
secure sockets layer (SSL) use different digital certificates and different methods of obtaining and
installing the certificates. PKI digital certificates are used for the secure fabric, and SSL digital
certificates are not. The methods described in this manual are specific to Secure Fabric OS. See the
Fabric OS Administrator’s Guide for information about SSL and digital certificates.