Disabling encryption on Brocade FC switches

Contributors netapp-ranuk

You might need to disable encryption on Brocade FC switches.

Steps
  1. Send an AutoSupport message from both sites indicating the beginning of maintenance.

    cluster_A::> autosupport invoke -node * -type all -message MAINT=4h
    cluster_B::> autosupport invoke -node * -type all -message MAINT=4h
  2. Verify the operation of the MetroCluster configuration from Cluster A.

    1. Confirm the MetroCluster configuration and that the operational mode is normal:
      metrocluster show

      cluster_A::> metrocluster show
    2. Perform a MetroCluster check:
      metrocluster check run

      cluster_A::> metrocluster check run
    3. Display the results of the MetroCluster check:
      metrocluster check show

      cluster_A::> metrocluster check show
  3. Check the status of both switches:

    fabric show

    switch_A_1:admin> fabric show
    switch_B_1:admin> fabric show
  4. Disable both switches:

    switchdisable

    switch_A_1:admin> switchdisable
    switch_B_1:admin> switchdisable
  5. Check the available paths for the nodes on each cluster:

    sysconfig

    cluster_A::> system node run -node node-name -command sysconfig -a
    cluster_B::> system node run -node node-name -command sysconfig -a

    As the switch fabric is now disabled, the System Storage Configuration should be Single-Path HA.

  6. Check the aggregate status for both clusters.

    cluster_A::> aggr status
    cluster_B::> aggr status

    System output should show the aggregates are mirrored and normal for both clusters:

    mirrored,normal
  7. Repeat the following substeps from the admin prompt on both switches.

    1. Show which ports are encrypted:
      portenccompshow

      switch_A_1:admin> portenccompshow
    2. Disable encryption on the encrypted ports:
      portcfgencrypt – disable port-number

      switch_A_1:admin> portcfgencrypt --disable 40
      switch_A_1:admin> portcfgencrypt --disable 41
      switch_A_1:admin> portcfgencrypt --disable 42
      switch_A_1:admin> portcfgencrypt --disable 43
    3. Set the authentication type to all:

      authUtil --set -a all

      switch_A_1:admin> authUtil --set -a all
    4. Set the authentication policy on the switch. to off:
      authutil --policy -sw off

      switch_A_1:admin> authutil --policy -sw off
    5. Set the authentication Diffie-Hellman group to * :
      authutil --set -g *

      switch_A_1:admin> authUtil --set -g *
    6. Delete the secret key database:
      secAuthSecret --remove -all

      switch_A_1:admin> secAuthSecret --remove -all
    7. Confirm that encryption is disabled on the ports:
      portenccompshow

      switch_A_1:admin> portenccompshow
    8. Enable the switch:
      switchenable

      switch_A_1:admin> switchenable
    9. Confirm the status of the ISLs:
      islshow

      switch_A_1:admin> islshow
  8. Check the available paths for the nodes on each cluster:

    sysconfig

    cluster_A::> system node run -node * -command sysconfig -a
    cluster_B::> system node run -node * -command sysconfig -a

    The system output should indicate that System Storage Configuration has changed back to Quad-Path HA.

  9. Check the aggregate status for both clusters.

    cluster_A::> aggr status
    cluster_B::> aggr status

    The system should show that the aggregates are mirrored and normal for both clusters as shown in the following system output:

    mirrored,normal
  10. Verify the operation of the MetroCluster configuration from Cluster A.

    1. Perform a MetroCluster check:
      metrocluster check run

      cluster_A::> metrocluster check run
    2. Display the results of the MetroCluster check:
      metrocluster check show

      cluster_A::> metrocluster check show
  11. Send an AutoSupport message from both sites indicating the end of maintenance.

    cluster_A::> autosupport invoke -node node-name -type all -message MAINT=END
    cluster_B::> autosupport invoke -node node-name -type all -message MAINT=END