Investigating IBM Fibre Channel Endpoint Security
![]()
You can check whether the connections between your FCP devices and remote ports use authentication and encryption.
About this task
- The capabilities of your FCP device, which depend on your adapter hardware with its FCP channels.
- The status of your connections between your FCP devices and remote ports.
Procedure
Display the IBM Fibre Channel Endpoint Security
information for your environment by issuing an lszdev command. Use command
options to read the fc_security attributes for your Fibre Channel hosts and
LUNs as shown in the following example:
# lszdev zfcp -a -c TYPE,ID,ATTR:fc_security TYPE ID ATTR:fc_security zfcp-host 0.0.5150 Authentication, Encryption zfcp-lun 0.0.5150:0x500507630400120c:0x4081402000000000 Authentication zfcp-lun 0.0.5150:0x500507630401120c:0x4081402000000000 Encryption
In the output,
zfcp-host lines show information for your FCP devices:- Authentication
- The FCP device supports authentication.
- Encryption
- The FCP device supports encryption.
- unsupported
- The FCP device does not support IBM Fibre Channel Endpoint Security.
- none
- The FCP device does not report any IBM Fibre Channel Endpoint Security capabilities.
- unknown
- The IBM Fibre Channel Endpoint Security capabilities of the FCP device are not known.
In the output,
zfcp-lun lines show the current state of IBM Fibre Channel Endpoint Security of the connection between the
FCP device and the FC remote port used to access the LUN:- Authentication
- The connection was authenticated.
- Encryption
- The connection uses encryption.
- unsupported
- The connection does not support IBM Fibre Channel Endpoint Security because the FCP device does not support it.
- none
- The connection has no IBM Fibre Channel Endpoint Security.
- unknown
- The IBM Fibre Channel Endpoint Security state of the connection is not known.
Tip: If the output is lengthy, use the lszdev device selection filter
to narrow the scope to the devices of interest.
Alternatively, you can use the lszfcp command with the
-a option to display the IBM Fibre Channel
Endpoint Security information for FCP devices. With the lszfcp
-m option, you can also display the information for your connections. For example, issue the following
command:# lszfcp -HPam
Instead
of using commands, you can read the information directly from sysfs. For example, for an FCP channel
that provides an FCP device with device-bus ID
0.0.5150
# cat /sys/bus/ccw/drivers/zfcp/0.0.5150/fc_security Authentication, EncryptionFor a remote port
0x500507630401120c that is connected through this FCP
device:# cat /sys/bus/ccw/drivers/zfcp/0.0.5150/0x500507630401120c/fc_security EncryptionBoth sysfs attributes are read-only.