Iscsi Initiator-To-Vt Authentication Configuration; Setting The User Name And Shared Secret; Binding User Names To An Iscsi Vt - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.1.x administrator guide (5697-0234, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
iSCSI initiator-to-VT authentication configuration
Fabric OS 5.2.0 or later supports both one-way and mutual CHAP authentication for iSCSI initiator-to-iSCSI
VT target sessions. The authentication method (CHAP or none) is set on a per-iSCSI VT basis.
Setting the user name and shared secret
Authentication depends on a user name and shared secret. When an iSCSI VT authenticates an iSCSI
initiator, it checks the user name and shared secret against all configured CHAP values. To enforce
authentication of iSCSI initiators, set each iSCSI VT authentication to CHAP. The iSCSI initiator can use any
user name and shared secret for any iSCSI VT configured on the fabric.
1.
Connect and log in to the switch.
2.
Enter the iscsiCfg
name and shared secret:
switch:admin> iscsicfg --create auth -u username0001 -s usersecret0001
The operation completed successfully.
3.
Enter the iscsiCfg
authentication method:
switch:admin> iscsicfg --modify tgt -t iqn.2006-10.com.brocade:example-disk001 -a
CHAP
The operation completed successfully.
4.
To verify that CHAP is enabled for the iSCSI VT, enter the iscsiCfg
-t and -v options:
switch:admin> iscsicfg --show tgt -t iqn.2006-10.com.brocade:example-disk001 -v
Number of records found: 1
Name: iqn.2006-10.com.brocade:example-disk001
State/Status: Online/Defined
Auth. Method: CHAP
Binding user names to an iSCSI VT
For additional security, you can bind specific user names to an iSCSI VT. When you do this, the specific
user name and CHAP secret combination is required for authentication during the iSCSI login phase. The
maximum number of user names that can be bound per iSCSI VT is 16.
1.
Connect and log in to the switch.
2.
Enter the isciCfg - -addusername tgt command with the -t and -u options to bind a user
name:
switch:admin> iscsicfg --addusername tgt -t iqn.2002-10.com.brocade:tgt -u
"isisctgt1;hello123"
This operation completed successfully
3.
Enter the iscsiCfg
4.
Enter the iscsiCfg
has been bound to the iSCSI VT:
switch:admin> iscsicfg --show tgt -t iqn.2002-10.com.brocade:tgt -v
Number of records found: 1
Name: iqn.2002-10.com.brocade:tgt1
CHAP Users
1. iscsitgt1
2. hello123
268 iSCSI Gateway services
create auth command with the -u and -s options to configure a user
--
modify tgt command with the -t and -a options to set CHAP as the
--
commit all command.
--
show tgt command with the -t and -v options to verify that a user name
--
CHAP Status
Online/Committed
Invalid
show tgt command with the
--
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
