Cisco MDS 9000 Series Configuration Manual page 287

Configuring Cisco TrustSec Fibre Channel Link Encryption
Sets the GCM mode for the interface.
Configuring AES-GMAC
To configure AES-GMAC mode, follow these steps:
Procedure
Step 1 switch# configure terminal
Enters the configuration mode.
Step 2
switch(config)# interface fc x/y
Configures the FC interface on slot x, port y.
Note
Step 3 switch(config-if)# fcsp esp manual
Enters the ESP configuration submode to configure the ESP settings on each port.
Step 4
switch(config-if-esp)# mode gmac
Sets the GMAC mode for the interface.
Step 5
switch(config-if-esp)# no mode gmac
(Optional) Removes the GMAC mode from the interface and applies the default AES-GCM mode.
Example
Note • The ESP modes are set only after a SA is configured to either the ingress or the egress hardware.
• An ESP mode change always needs a port flap because the change is not seamless if it is done
• Only ISLs with FC-SP port mode turned on and available on ESP capable switches or blades
• You can modify an existing ESP configuration provided the selected ISLs are enabled.
Selecting a portchannel would apply the configuration on all members of the portchannel.
If SA has not been configured, ESP is turned off and encapsulation does not occur.
after you configure the port; although the configurations are not rejected.
are displayed.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Configuring AES-GMAC
269