HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual page 111

WARNING! If data input has not been completed and a failover occurs, the command is terminated
without completion and the entire user input is lost.
If data input has completed, the enter key pressed, and a failover occurs, data may or may not be
replicated to the other CP depending on the timing of the failover. Log in to the other CP after the failover
is complete and verify the data was saved. If data was not saved, run the command again.
ON: Setting the AUTH policy to ON means that strict authentication is enforced on all E_Ports. If the
connecting switch does not support authentication or the policy is switched to the OFF state, the ISL is
disabled.
During switch initialization, authentication begins automatically on all E_Ports. In order to enforce this
policy fabric wide, the fabric needs to have Fabric OS 5.3.0 or later switches only. The switch disables the
port if it is connected to a switch which does not support authentication. Regardless of the policy, the
E_Port is disabled if the DH-CHAP or FCAP protocol fails to authenticate each other.
ACTIVE: In this state the switch is more tolerant and can connect to a switch with any type of policy.
During switch initialization, authentication begins on all E_Ports, but the port is not disabled if the
connecting switch does not support authentication or the AUTH policy is turned to the OFF state.
The authentication begins automatically during the E_Port initialization. A switch with this policy can safely
connect to pre-6.0 switches, since it continues E_Port initialization if the connecting switch does not support
authentication. The switches with firmware pre-3.2.0 do not support FCAP/DH-CHAP authentication, so an
E_Port initializes without authentication. The switches with firmware version 3.2.0 and later respond to
authentication negotiation and participate in FCAP/DH-CHAP handshaking. Regardless of the policy, the
E_Port gets disabled if the DH-CHAP or FCAP protocol fails to authenticate each other.
PASSIVE (default): In the PASSIVE state the switch does not initiate authentication, but participates in
authentication if the connecting switch initiates authentication.
The switch will not start authentication on E_Ports, but accepts the incoming authentication requests, and
will not disable if the connecting switch does not support authentication or the policy is turned to the OFF
state. This is the safest policy for switches connecting to pre-5.3.0 switches. That means 5.3.0 and later
switches can have authentication enabled and this will not impact the pre-5.3.0 switches. By default the
pre-5.3.0 switches act as passive switches, since they accept incoming authentication requests. Regardless
of the policy, E_Port is disabled if the DH-CHAP or FCAP protocol fails to authenticate each other.
OFF: This setting turns off the policy. The switch will not support authentication and rejects any
authentication negotiation request from another switch. A switch with the policy turned OFF cannot be
connected to a switch with the policy turned ON. The ON state is strict and disables the port if any switch
rejects the authentication. DH-CHAP shared secrets must be configured before changing the policy from the
OFF to the ON state.
The behavior of the policy between two adjacent switches is defined as follows. If the policy is ON or
active, the switch will send an authentication negotiation request to the connecting switch. If the connecting
switch does not support authentication or the policy is OFF, the request will be rejected. Once the
authentication negotiation succeeds, the DH-CHAP authentication will be initiated. If DH-CHAP
authentication fails, the port is disabled and this is applicable in all modes of the policy.
Fabric OS 6.x administrator guide 111