Disabling encryption on Brocade FC switches

Contributors netapp-ranuk netapp-ivanad Download PDF of this page

You might need to disable encryption on Brocade FC switches.

Steps
  1. Send an AutoSupport message from both sites indicating the beginning of maintenance.

    cluster_A::> autosupport invoke -node * -type all -message MAINT=4h
    cluster_B::> autosupport invoke -node * -type all -message MAINT=4h
  2. Verify the operation of the MetroCluster configuration from Cluster A.

    1. Confirm the MetroCluster configuration and that the operational mode is normal:
      metrocluster show

      cluster_A::> metrocluster show
    2. Perform a MetroCluster check:
      metrocluster check run

      cluster_A::> metrocluster check run
    3. Display the results of the MetroCluster check:
      metrocluster check show

      cluster_A::> metrocluster check show
  3. Check the status of both switches:

    fabric show

    switch_A_1:admin> fabric show
    switch_B_1:admin> fabric show
  4. Disable both switches:

    switchdisable

    switch_A_1:admin> switchdisable
    switch_B_1:admin> switchdisable
  5. Check the available paths for the nodes on each cluster:

    sysconfig

    cluster_A::> system node run -node node-name -command sysconfig -a
    cluster_B::> system node run -node node-name -command sysconfig -a

    As the switch fabric is now disabled, the System Storage Configuration should be Single-Path HA.

  6. Check the aggregate status for both clusters.

    cluster_A::> aggr status
    cluster_B::> aggr status

    System output should show the aggregates are mirrored and normal for both clusters:

    mirrored,normal
  7. Repeat the following substeps from the admin prompt on both switches.

    1. Show which ports are encrypted:
      portenccompshow

      switch_A_1:admin> portenccompshow
    2. Disable encryption on the encrypted ports:
      portcfgencrypt – disable port-number

      switch_A_1:admin> portcfgencrypt --disable 40
      switch_A_1:admin> portcfgencrypt --disable 41
      switch_A_1:admin> portcfgencrypt --disable 42
      switch_A_1:admin> portcfgencrypt --disable 43
    3. Set the authentication type to all:

      authUtil --set -a all

      switch_A_1:admin> authUtil --set -a all
    4. Set the authentication policy on the switch. to off:
      authutil --policy -sw off

      switch_A_1:admin> authutil --policy -sw off
    5. Set the authentication Diffie-Hellman group to * :
      authutil --set -g *

      switch_A_1:admin> authUtil --set -g *
    6. Delete the secret key database:
      secAuthSecret --remove -all

      switch_A_1:admin> secAuthSecret --remove -all
    7. Confirm that encryption is disabled on the ports:
      portenccompshow

      switch_A_1:admin> portenccompshow
    8. Enable the switch:
      switchenable

      switch_A_1:admin> switchenable
    9. Confirm the status of the ISLs:
      islshow

      switch_A_1:admin> islshow
  8. Check the available paths for the nodes on each cluster:

    sysconfig

    cluster_A::> system node run -node * -command sysconfig -a
    cluster_B::> system node run -node * -command sysconfig -a

    The system output should indicate that System Storage Configuration has changed back to Quad-Path HA.

  9. Check the aggregate status for both clusters.

    cluster_A::> aggr status
    cluster_B::> aggr status

    The system should show that the aggregates are mirrored and normal for both clusters as shown in the following system output:

    mirrored,normal
  10. Verify the operation of the MetroCluster configuration from Cluster A.

    1. Perform a MetroCluster check:
      metrocluster check run

      cluster_A::> metrocluster check run
    2. Display the results of the MetroCluster check:
      metrocluster check show

      cluster_A::> metrocluster check show
  11. Send an AutoSupport message from both sites indicating the end of maintenance.

    cluster_A::> autosupport invoke -node node-name -type all -message MAINT=END
    cluster_B::> autosupport invoke -node node-name -type all -message MAINT=END