Main Window With Security Tab, Authentication, Device Tab - HP 316095-B21 - StorageWorks Edge Switch 2/24 User Manual

Figure 94

Main window with Security tab, Authentication, Device tab

To have two connected switches authenticate each other locally, each switch must have its own user
ID, Node WWN, and CHAP secret, as well as the other switch's user ID and CHAP secret. The
switch can store more IDs and CHAP secrets if the switch has multiple connections with other
switches only. You can also store IDs and CHAP secrets of switches that have no physical
connections with this switch. This is not recommended because accessing one switch provides
access to all switches' CHAP secrets.
If you choose to have two connected switches authenticate each other through Radius server only,
all product IDs and CHAP secrets are stored on the Radius server and the product local database is
not required to carry the same data. In this case, the HAFM appliance does not communicate with
Radius server effectively. The Radius Only authentication method can cause more errors and
performance problems.
When the Radius Only option is selected, the HAFM appliance ensures that only the CHAP secret
for the switch is defined and stored in the local database. If not, a message displays indicating you
must type or generate a secret for the current switch before you enable E_port authentication.
If the CHAP secret is defined for the current switch, when clicking Apply, a message displays
indicating you have set E/N_port Authentication Method to Radius Only. If you have not properly
defined the secrets for all participating devices on the Radius Server, E/N_port authentication fails
and your fabric connectivity is broken.
HA-Fabric Manager user guide 155