Table of Contents
Advertisement
Configuring DHCHAP Authentication
Step 6
Step 7
DHCHAP Hash Algorithm
Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP
authentication.
If you change the hash algorithm configuration, then change it globally for all switches in the fabric.
RADIUS and TACACS+ protocols always use MD5 for CHAP authentication. Using SHA-1 as the hash
Caution
algorithm may prevent RADIUS and TACACS+ usage, even if these AAA protocols are enabled for
DHCHAP authentication.
Configuring the DHCHAP Hash Algorithm
You can configure the hash algorithm.
Procedure
Step 1
Step 2
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
236
Command or Action
fcsp auto-active timeout-period
Example:
switch(config-if)# fcsp
auto-active 10
fcsp auto-active
Example:
switch(config-if)# fcsp
auto-active
Command or Action
configure terminal
Example:
switch# configure terminal
switch(config)#
fcsp dhchap hash [md5] [sha1]
Example:
switch(config)# fcsp dhchap hash md5
sha1
Purpose
Changes the DHCHAP authentication mode to auto-active
for the selected interfaces. The timeout period value (in
minutes) sets how often reauthentication occurs after the
initial authentication.
Changes the DHCHAP authentication mode to auto-active
for the selected interfaces. Reauthentication is disabled
(default).
The reauthorization interval configuration is the
Note
same as setting it to zero (0).
Purpose
Enters global configuration mode.
Configures the use of the the MD5 or SHA-1
hash algorithm.
Configuring FC-SP and DHCHAP
OL-30895-01
Advertisement
Table of Contents
