164 Fabric OS Administrator’s Guide
53-1001763-02
Management interface security
7
Table 40 has a matrix of merging fabrics with tolerant and absent policies.

Management interface security

You can secure an Ethernet management interface between two Brocade switches or
enterprise-class platforms by implementing IPsec and IKE policies to create a tunnel that protects
traffic flows. The tunnel has at each end a Brocade switch or enterprise-class platform. There may
be routers, gateways, and firewalls in between the two ends.
ATTENTION
Enabling secure IPsec tunnels does not provide IPsec protection for traffic flows on the external
management interfaces of intelligent blades in a chassis, nor does it support protection of traffic
flows on FCIP interfaces.
Internet Protocol security (IPsec) is a framework of open standards that ensures private and secure
communications over Internet Protocol (IP) networks through the use of cryptographic security
services. The goal of IPsec is to provide the following capabilities:
Authentication — Ensures that the sending and receiving end-users and devices are known and
trusted by one another.
Data Integrity — Confirms that the data received was in fact the data transmitted.
Data Confidentiality — Protects the user data being transmitted, such as utilizing encryption to
avoid sending data in clear text.
TABLE 39 Examples of strict fabric merges
Fabric-wide consistency policy setting Expected behavior
Fabric A Fabric B
Strict/Tolerant SCC:S;DCC:S SCC;DCC:S Ports connecting switches are
disabled.
SCC;DCC:S SCC:S;DCC
Strict/Absent SCC:S;DCC:S
SCC:S
DCC:S
Strict/Strict SCC:S DCC:S
TABLE 40 Fabric merges with tolerant/absent combinations
Fabric-wide consistency policy setting Expected behavior
Fabric A Fabric B
Tolerant/Absent SCC;DCC Error message logged.
Run fddCfg --fabwideset
“<policy_ID>” from any switch with
the desired configuration to fix the
conflict. The secPolicyActivate
command is blocked until conflict is
resolved.
DCC
SCC;DCC SCC
DCC SCC