storage:brocade_adv
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
storage:brocade_adv [2025/03/28 16:42] manu [configuring security policies] |
storage:brocade_adv [2025/05/02 16:13] (current) manu [Configuring XISL] |
||
|---|---|---|---|
| Line 114: | Line 114: | ||
| https://techdocs.broadcom.com/us/en/fibre-channel-networking/fabric-os/fabric-os-commands/9-2-x/Fabric-OS-Commands/lfCfg.html | https://techdocs.broadcom.com/us/en/fibre-channel-networking/fabric-os/fabric-os-commands/9-2-x/Fabric-OS-Commands/lfCfg.html | ||
| + | ===== Configuring QOS ===== | ||
| + | |||
| + | Quality Of Service can easily activated per zone | ||
| + | |||
| + | You can enable high or low priority traffic, based on a priority ID. | ||
| + | The id range is from 1 through 5 for high-priority traffic, which corresponds to VCs 10 through 14. For low-priority traffic, the id range is from 1 through 2, which corresponds to VCs 8 and 9. The id is optional; if it is not specified, the virtual channels are allocated through a round-robin scheme. | ||
| + | |||
| + | Example of High priority zone with ID 2 | ||
| + | QOSH2_myzone1 | ||
| + | |||
| + | For low priority 1 | ||
| + | QOSL1_myzone2 | ||
| + | |||
| + | After enabling zone, your ISL have to be configured for QOS: | ||
| + | <cli prompt='>'> | ||
| + | sw0:admin> portcfgqos --enable 3 | ||
| + | </cli> | ||
| ===== Configuring Virtual Fabric ===== | ===== Configuring Virtual Fabric ===== | ||
| Line 483: | Line 500: | ||
| 1606 buffers required for 100km at 8G and framesize of 512 bytes | 1606 buffers required for 100km at 8G and framesize of 512 bytes | ||
| </cli> | </cli> | ||
| + | |||
| + | ==== ISL settings for DWDM ==== | ||
| + | |||
| + | {{storage:isl_dwdm_parameters.png?600|}} | ||
| ===== Connect to a switch without password ===== | ===== Connect to a switch without password ===== | ||
| Line 1067: | Line 1088: | ||
| <cli prompt='>'> | <cli prompt='>'> | ||
| switch:admin> distribute -p "FCS;PWD" -d "*" | switch:admin> distribute -p "FCS;PWD" -d "*" | ||
| + | </cli> | ||
| + | |||
| + | ===== configuring crypto policies ===== | ||
| + | |||
| + | <cli prompt='>'> | ||
| + | switch:admin> setcryptocfg --show | ||
| + | SSH Crypto: | ||
| + | SSH Cipher : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc | ||
| + | SSH Kex : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 | ||
| + | SSH MAC : hmac-sha1,hmac-sha2-256,hmac-sha2-512 | ||
| + | TLS Ciphers: | ||
| + | HTTPS : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4 | ||
| + | HTTPS_TLS_v1.3 : TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 | ||
| + | RADIUS : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4 | ||
| + | LDAP : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4 | ||
| + | SYSLOG : ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4 | ||
| + | RSA : ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM | ||
| + | FA : ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM | ||
| + | TLS Protocol: | ||
| + | HTTPS : Any | ||
| + | RADIUS : Any | ||
| + | LDAP : Any | ||
| + | SYSLOG : Any | ||
| + | RSA : TLSv1.2 | ||
| + | FA : TLSv1.2 | ||
| + | X509v3: | ||
| + | Validation : Basic | ||
| + | Compliance: | ||
| + | CryptoVersion : 9.2.1 | ||
| + | FIPS Inside : Disabled | ||
| + | BootUp Selftests : Disabled | ||
| + | |||
| + | switch:admin> seccryptocfg --lstemplates | ||
| + | |||
| + | List of templates: | ||
| + | default_cc | ||
| + | default_generic | ||
| + | default_strong | ||
| + | default_fips | ||
| + | |||
| + | switch:admin> seccryptocfg --show default_strong | ||
| + | [Ver] 0.2 | ||
| + | [SSH] | ||
| + | Enc:aes128-ctr,aes192-ctr,aes256-ctr | ||
| + | Kex:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,curve25519-sha256 | ||
| + | Mac:hmac-sha2-256,hmac-sha2-512 | ||
| + | [AAA] | ||
| + | RAD_Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM | ||
| + | LDAP_Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM | ||
| + | RAD_Protocol:TLSv1.2 | ||
| + | LDAP_Protocol:TLSv1.2 | ||
| + | [LOG] | ||
| + | Syslog_Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM | ||
| + | Syslog_Protocol:TLSv1.2 | ||
| + | [HTTPS] | ||
| + | Ciphers:ECDSA:ECDH:RSA:AES:!3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!ARIAGCM:!CAMELLIA:!CHACHA20:!SSLv3:!TLSv1:!AESCCM | ||
| + | Protocol:TLSv1.3 | ||
| + | Ciphers_tlsv1.3:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256 | ||
| + | [X509v3] | ||
| + | Validation:Basic | ||
| </cli> | </cli> | ||
storage/brocade_adv.1743176548.txt.gz ยท Last modified: 2025/03/28 16:42 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
