Configuring Dh-Chap Secret - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.1.x administrator guide (5697-0234, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
fabrics. Secure Fabric OS is an optional licensed product that provides customizable security restrictions
through local and remote management channels on an HP fabric.
Although Secure Fabric OS is not supported in Fabric OS 6.0, you can still connect a 6.0 switch to an
edge switch that participates in a Secure Fabric OS.
The FC-FC Routing Service uses only the DH-CHAP shared secrets to provide switch-to-switch authentication
when connecting to a Secure Fabric OS fabric. You can set up DH-CHAP on the edge fabric, but it is not a
prerequisite for FCR to work.
To determine whether an EX_Port or VEX_Port is connected to a Secure Fabric OS fabric, enter the
portShow, portCfgEXPort, or portCfgVEXPort command, as described in the Fabric OS
Command Reference. Note that you should issue these commands only after the IFLs have been configured
for the EX_ and VEX_Ports and the FCIP tunnels are up and running. For more details, see
interfabric
link" on page 305 and
Configuring DH-CHAP secret
While Secure Fabric OS supports the SLAP, FCAP and DH-CHAP authentication protocols to communicate
with each switch, Fabric OS 6.0 supports only DH-CHAP.
The 400 MP Router and 4/256 SAN Director or DC Director with an FR4- 1 8i blade do not initiate
DH-CHAP authentication requests; rather, they respond to DH-CHAP requests only from the edge switch to
which they are connected—in this case, the Secure Fabric OS switch.
As soon as you connect the 400 MP Router and 4/256 SAN Director or DC Director with an FR4- 1 8i
blade to a Secure Fabric OS switch, DH-CHAP authentication is initiated.
The DH-CHAP secrets are configured both on the Secure Fabric OS switch and the 400 MP Router and
4/256 SAN Director or DC Director with an FR4- 1 8i blade. Each entry specifies the WWN of the peer to
which it is connected. For example, on the 4/256 SAN Director or DC Director with an FR4- 1 8i blade,
specify the WWN of the Secure Fabric OS switch and the secrets. On the Secure Fabric OS switch, specify
the WWN of the front domain (EX_Port or VEX_Port) and the secrets. To view the front domain WWN,
issue the portCfgEXPort command on the Fibre Channel router side.
The WWN of the front domain (EX_Port or VEX_Port) that is connected to the Secure Fabric OS switch
should be present in the Switch Connection Controls (SCC) list. See the Secure Fabric OS Administrator's
Guide for details about the SCC and other Secure Fabric OS features.
To configure a DH-CHAP secret word:
1.
Log in to the 400 MP Router, 4/256 SAN Director or DC Director with an FR4- 1 8i blade with
administrative privileges.
2.
At the Telnet prompt, enter the secAuthSecret command. The secret must be between 8 and 40
characters long.
Setting up secret keys does not initiate DH-CHAP authentication. DH-CHAP authentication is performed
whenever a port or a switch is enabled.
3.
Follow the instructions provided on screen.
a. Type the port or switch WWN.
NOTE:
Use only the WWN as the input. The Domain ID or switch name is not acceptable.
b. Type and confirm the peer secret.
c. Type and confirm the local secret.
After you have added all of the DH-CHAP secret information, press Enter to indicate that you have
4.
completed the secret key setup.
304 Using the FC-FC Routing Service
"Configuring FCIP tunnels
(optional)" on page 303.
"Configuring an
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
