Configuring iSCSI initiator-to-VT authentication
Fabric OS v5.2.0 or higher supports both one-way and mutual CHAP authentication for iSCSI
initiator-to-iSCSI VT target sessions. The authentication method (CHAP or none) is set on a
per-iSCSI VT basis.
To set up CHAP authentication, complete the following procedures:
•
•
Setting the user name and shared secret
This section explains how to set up a user name and shared secret for iSCSI initiator
authentication. When an iSCSI VT authenticates an iSCSI initiator, it checks the user name and
shared secret against all configured CHAP values.
To configure a user name and shared secret
1. Connect and log in to the switch.
2. Enter the iscsiCfg
Configuring iSCSI VT authentication
To enforce authentication of iSCSI initiators, set each iSCSI VT authentication to CHAP. The iSCSI
initiator can use any user name and shared secret for any iSCSI VT configured on the fabric.
To configure iSCSI VT authentication
1. Connect and log in to the switch.
2. Enter the iscsiCfg
3. To verify that CHAP is enabled for the iSCSI VT, enter the iscsiCfg
iSCSI Gateway Service Administrator's Guide
53-1000603-01
"Setting the user name and shared secret"
"Configuring iSCSI VT authentication"
create auth command with the -u and -s options as follows:
--
switch:admin> iscsicfg --create auth -u username0001 -s usersecret0001
The operation completed successfully.
modify tgt command with the -t and -a options as follows:
--
switch:admin> iscsicfg --modify tgt -t iqn.2006-10.com.example:disk001 -a CHAP
The operation completed successfully.
-t and -v options as follows:
switch:admin> iscsicfg --show tgt -t iqn.2006-10.com.example:disk001 -v
Number of records found: 1
Name:
iqn.2006-10.com.example:disk001
State/Status: Online/Defined
Auth. Method: CHAP
Configuring iSCSI initiator-to-VT authentication
show tgt command with the
--
3
31