Cisco MDS 9000 Series Configuration Manual page 281

Configuring Cisco TrustSec Fibre Channel Link
Encryption
This chapter provides an overview of the Cisco TrustSec Fibre Channel (FC) Link Encryption feature and
describes how to configure and set up link-level encryption between switches.
The chapter includes the following sections:
•
•
•
•
•
Cisco TrustSec FC Link Encryption Terminology
The following Cisco TrustSec FC Link Encryption-related terms are used in this chapter:
• Galois Counter Mode (GCM)—A block cipher mode of operation providing confidentiality and data-origin
• Galois Message Authentication Code (GMAC)—A block cipher mode of operation providing only
• Security Association (SA)—A connection that handles the security credentials and controls how they
• Key—A 128-bit hexadecimal string that is used for frame encryption and decryption. The default value
• Salt —A 32-bit hexadecimal number that is used during encryption and decryption. The same salt must
• Security Parameters Index (SPI) number—A 32-bit number that identifies the SA to be configured to
Support for AES Encryption
The Advanced Encryption Standard (AES) is the symmetric cipher algorithm that provides a high-level of
security, and can accept different key sizes.
Cisco TrustSec FC Link Encryption Terminology, on page 263
Support for AES Encryption, on page 263
About Cisco TrustSec FC Link Encryption, on page 264
Viewing Cisco TrustSec FC Link Encryption Information, on page 270
Cisco TrustSec FC Link Encryption Best Practices, on page 271
authentication.
data-origin authentication. It is the authentication-only variant of GCM.
propagate between switches. The SA includes parameters such as salt and keys.
is zero.
be configured on both sides of the connection to ensure proper communication. The default value is zero.
the hardware. The range is from 256 to 65536.
C H A P T E R
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
14
263