Chapter 1 1 Configuring Fc-Sp And Dhchap; Information About Fc-Sp And Dhchap; Fabric Authentication - Cisco Nexus 6000 Series Configuration Manual

Configuring FC-SP and DHCHAP
This chapter describes how to configure the Fibre Channel Security Protocol (FC-SP) and the Diffie-Hellman
Challenge Handshake Authentication Protocol (DHCP).
This chapter includes the following sections:
•

Information About FC-SP and DHCHAP

The Fibre Channel Security Protocol (FC-SP) capabilities provide switch-to-switch and host-to-switch
authentication to overcome security challenges for enterprise-wide fabrics. The Diffie-Hellman Challenge
Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between
Cisco SAN switches and other devices. DHCHAP consists of the CHAP protocol combined with the
Diffie-Hellman exchange.

Fabric Authentication

All Cisco SAN switches enable fabric-wide authentication from one switch to another switch, or from a switch
to a host. These switch and host authentications are performed locally or remotely in each fabric. As storage
islands are consolidated and migrated to enterprise-wide fabrics, new security challenges arise. The approach
of securing storage islands cannot always be guaranteed in enterprise-wide fabrics. For example, in a campus
environment with geographically distributed switches, someone could maliciously or accidentally interconnect
incompatible switches, resulting in Inter-Switch Link (ISL) isolation and link disruption.
OL-27932-01
Information About FC-SP and DHCHAP, page 135
Cisco Nexus 6000 Series NX-OS SAN Switching Configuration Guide, Release 6.x
11
C H A P T E R
135