Table of Contents
Advertisement
For each initiator allowed to access the node, use Set
AccessEntry [Target] [Initiator IQN] to write the initiator
into the allowed initiator list.
Exhibit 6 - Access Control Lists
CHAP Configuration
To add an additional layer of security against unauthorized
access to iSCSI LUNs, CHAP authentication can be configured
after an Access Control entry has been created for that
initiator-target pair. Access Control must be configured for all
nodes except the discovery node, the discovery node cannot
have Access Control Lists (ACLs) but can be configured for
CHAP.
Discovery CHAP
Create a CLI session.
Use iSCSICHAPMode to configure the CHAP mode of the
target desired, where one-way authenticates an initiator
challenge from the host to the XstreamCORE and two-
way additionally sends a challenge back from the
XstreamCORE to the host.
(Two-way CHAP only) Configure the iSCSI CHAP Out
Account Name and CHAP Out Secret using the set
iSCSICHAP Discovery Out command.
Configure the iSCSI CHAP In Account Name and CHAP In
Secret using the set iSCSICHAP Discovery In command.
See the help text for iSCSICHAP for examples of setting
up discovery CHAP.
Target CHAP
Create a CLI session.
Set the target's ACL using the steps in the
Lists
section.
Use iSCSICHAPMode to configure the CHAP mode of the
target, where one-way authenticates an initiator
challenge from the host to the XstreamCORE and two-
way additionally sends a challenge back from the
XstreamCORE to the host.
(Two-way CHAP only) Configure the iSCSI CHAP Out
Account Name and CHAP Out Secret using the set
iSCSICHAP [target] Out command.
Configure the iSCSI CHAP In Account Name and CHAP In
Secret using the set iSCSICHAP [target] In command.
See the help text for iSCSICHAP for examples of setting
up target CHAP.
Access Control
Advertisement
Table of Contents
