Dhchap Hash Algorithm; Configuring The Dhchap Hash Algorithm - Cisco Nexus 5000 Series Configuration Manual

Configuring DHCHAP Authentication
Command or Action
Step 6
fcsp auto-active timeout-period
Example:
switch(config-if)# fcsp auto-active 10
Step 7 fcsp auto-active
Example:
switch(config-if)# fcsp auto-active

DHCHAP Hash Algorithm

Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP
authentication.
If you change the hash algorithm configuration, then change it globally for all switches in the fabric.
RADIUS and TACACS+ protocols always use MD5 for CHAP authentication. Using SHA-1 as the hash
Caution
algorithm may prevent RADIUS and TACACS+ usage, even if these AAA protocols are enabled for
DHCHAP authentication.

Configuring the DHCHAP Hash Algorithm

You can configure the hash algorithm.
DETAILED STEPS
Command or Action
Step 1 configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
fcsp dhchap hash [md5] [sha1]
Example:
switch(config)# fcsp dhchap hash md5 sha1
Step 3
no fcsp dhchap hash sha1
Example:
switch(config)# no fcsp dhchap hash sha1
Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1)
244
Purpose
Changes the DHCHAP authentication mode to auto-active for the
selected interfaces. The timeout period value (in minutes) sets how
often reauthentication occurs after the initial authentication.
Changes the DHCHAP authentication mode to auto-active for the
selected interfaces. Reauthentication is disabled (default).
The reauthorization interval configuration is the same as
Note
setting it to zero (0).
Purpose
Enters global configuration mode.
Configures the use of the the MD5 or SHA-1 hash
algorithm.
Reverts to the factory default priority list of the MD5
hash algorithm followed by the SHA-1 hash algorithm.
Configuring FC-SP and DHCHAP
OL-27583-01