Table of Contents
Advertisement
Chapter 31
Configuring FC-SP and DHCHAP
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
About DHCHAP
DHCHAP is an authentication protocol that authenticates the devices connecting to a switch. Fibre
Channel authentication allows only trusted devices to be added to a fabric, thus preventing unauthorized
devices from accessing the switch.
The terms FC-SP and DHCHAP are used interchangeably in this chapter.
Note
DHCHAP is a mandatory password-based, key-exchange authentication protocol that supports both
switch-to-switch and host-to-switch authentication. DHCHAP negotiates hash algorithms and DH
groups before performing authentication. It supports MD5 and SHA-1 algorithm-based authentication.
Configuring the DHCHAP feature requires the ENTERPRISE_PKG license (see
and Installing
DHCHAP Compatibility with Existing Cisco MDS Features
This sections identifies the impact of configuring the DHCHAP feature along with existing Cisco MDS
features:
•
•
•
•
•
Configuring DHCHAP Authentication
To configure DHCHAP authentication using the local password database, follow these steps:
Enable DHCHAP.
Step 1
Step 2
Identify and configure the DHCHAP authentication modes.
Configure the hash algorithm and DH group.
Step 3
Configure the DHCHAP password for the local switch and other switches in the fabric.
Step 4
Configure the DHCHAP timeout value for reauthentication.
Step 5
Verify the DHCHAP configuration.
Step 6
OL-6973-03, Cisco MDS SAN-OS Release 2.x
Licenses").
PortChannel interfaces—If DHCHAP is enabled for ports belonging to a PortChannel, DHCHAP
authentication is performed at the physical interface level, not at the PortChannel level.
FCIP interfaces—The DHCHAP protocol works with the FCIP interface just as it would with a
physical interface.
Port security or fabric binding—Fabric binding policies are enforced based on identities
authenticated by DHCHAP.
VSANs—DHCHAP authentication is not done on a per-VSAN basis.
High availability—DHCHAP authentication works transparently with existing HA features.
Chapter 3, "Obtaining
Cisco MDS 9000 Family Configuration Guide
About DHCHAP
31-3
Advertisement
Table of Contents
Need help?
Do you have a question about the DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor and is the answer not in the manual?
Questions and answers