Chapter 36
Configuring FC-SP and DHCHAP
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
To configure the AAA authentication , follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# aaa authentication dhchap
default group TacacsServer1
switch(config)# aaa authentication dhchap
default local
switch(config)# aaa authentication dhchap
default group RadiusServer1
Displaying Protocol Security Information
Use the show fcsp commands to display configurations for the local database (see
36-6).
Example 36-1 Displays DHCHAP Configurations in FC Interfaces
switch# show fcsp interface fc1/9
fc1/9:
Example 36-2 Displays DHCHAP Statistics for an FC Interface
switch# show fcsp interface fc1/9 statistics
fc1/9:
Example 36-3 Displays the FC-SP WWN of the Device Connected through a Specified Interface
switch# show fcsp interface fc 2/1 wwn
fc2/1:
Example 36-4 Displays Hash Algorithm and DHCHAP Groups Configured for the Local Switch
switch# show fcsp dhchap
Supported Hash algorithms (in order of preference):
DHCHAP_HASH_MD5
DHCHAP_HASH_SHA_1
Supported Diffie Hellman group ids (in order of preference):
OL-16184-01, Cisco MDS SAN-OS Release 3.x
fcsp authentication mode:SEC_MODE_ON
Status: Successfully authenticated
fcsp authentication mode:SEC_MODE_ON
Status: Successfully authenticated
Statistics:
FC-SP Authentication Succeeded:5
FC-SP Authentication Failed:0
FC-SP Authentication Bypassed:0
fcsp authentication mode:SEC_MODE_ON
Status: Successfully authenticated
Other device's WWN:20:00:00:e0:8b:0a:5d:e7
Purpose
Enters configuration mode.
Enables DHCHAP to use the TACACS+ server group
(in this example, TacacsServer1) for authentication.
Enables DHCHAP for local authentication.
Enables DHCHAP to use the RADIUS server group
(in this example, RadiusServer1) for authentication.
Cisco MDS 9000 Family CLI Configuration Guide
DHCHAP
Example 36-1
through
36-9