DHCHAP
Command or Action
Step 6
switch(config-if)# fcsp auto-active
timeout-period
Step 7
switch(config-if)# fcsp auto-active
About the DHCHAP Hash Algorithm
Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP
authentication.
If you change the hash algorithm configuration, then change it globally for all switches in the fabric.
RADIUS and TACACS+ protocols always use MD5 for CHAP authentication. Using SHA-1 as the hash
Caution
algorithm may prevent RADIUS and TACACS+ usage, even if these AAA protocols are enabled for
DHCHAP authentication.
Configuring the DHCHAP Hash Algorithm
To configure the hash algorithm, perform this task:
SUMMARY STEPS
1. switch# configuration terminal
2. switch(config)# fcsp dhchap hash [md5] [sha1]
3. switch(config)# no fcsp dhchap hash sha1
DETAILED STEPS
Command or Action
Step 1
switch# configuration terminal
Step 2
switch(config)# fcsp dhchap hash [md5] [sha1]
Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide
204
Purpose
The reauthorization interval configuration is the same as the
Note
default behavior.
Changes the DHCHAP authentication mode to auto-active for the selected
interfaces. The timeout period value (in minutes) sets how often
reauthentication occurs after the initial authentication.
Changes the DHCHAP authentication mode to auto-active for the selected
interfaces. Reauthentication is disabled (default).
Note
The reauthorization interval configuration is the same as setting
it to zero (0).
Purpose
Enters configuration mode.
Configures the use of the the MD5 or SHA-1 hash algorithm.
Configuring FC-SP and DHCHAP
OL-xxxxx-xx