Configuring FC-SP and DHCHAP
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
About the DHCHAP Hash Algorithm
Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP
authentication.
If you change the hash algorithm configuration, then change it globally for all switches in the fabric.
RADIUS and TACACS+ protocols always use MD5 for CHAP authentication. Using SHA-1 as the hash
Caution
algorithm may prevent RADIUS and TACACS+ usage, even if these AAA protocols are enabled for
DHCHAP authentication.
Configuring the DHCHAP Hash Algorithm
To configure the hash algorithm, perform this task:
Procedure
Step 1
OL-16597-01
Command or Action
switch(config)# interface fc
slot/port - slot/port
switch(config-if)# fcsp on
switch(config-if)# no fcsp on
switch(config-if)# fcsp
auto-active 0
switch(config-if)# fcsp
auto-active timeout-period
switch(config-if)# fcsp
auto-active
Command or Action
switch# configuration terminal
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
About the DHCHAP Hash Algorithm
Purpose
Selects a range of interfaces and enters the interface
configuration mode.
Sets the DHCHAP mode for the selected interfaces to be in
the on state.
Reverts to the factory default of auto-passive for these three
interfaces.
Changes the DHCHAP authentication mode for the selected
interfaces to auto-active. Zero (0) indicates that the port does
not perform reauthentication.
The reauthorization interval configuration is the
Note
same as the default behavior.
Changes the DHCHAP authentication mode to auto-active
for the selected interfaces. The timeout period value (in
minutes) sets how often reauthentication occurs after the
initial authentication.
Changes the DHCHAP authentication mode to auto-active
for the selected interfaces. Reauthentication is disabled
(default).
The reauthorization interval configuration is the
Note
same as setting it to zero (0).
Purpose
Enters configuration mode.
629