About The Dhchap Group Settings; Configuring The Dhchap Group Settings; About The Dhchap Password - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual
Cli software configuration guide
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Configuration manual (1486 pages) ,
- Reference (886 pages) ,
- Command reference manual (792 pages)
Table of Contents
Advertisement
About the DHCHAP Group Settings
Step 2
Step 3
About the DHCHAP Group Settings
All Cisco Nexus 5000 Series switches support all DHCHAP groups specified in the standard: 0 (null DH
group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.
If you change the DH group configuration, change it globally for all switches in the fabric.
Configuring the DHCHAP Group Settings
To change the DH group settings, perform this task:
Procedure
Step 1
Step 2
Step 3
About the DHCHAP Password
DHCHAP authentication in each direction requires a shared secret password between the connected devices.
To do this, you can use one of three configurations to manage passwords for all switches in the fabric that
participate in DHCHAP:
• Configuration 1—Use the same password for all switches in the fabric. This is the simplest configuration.
• Configuration 2—Use a different password for each switch and maintain that password list in each
• Configuration 3—Use different passwords for different switches in the fabric. When you add a new
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
630
Command or Action
switch(config)# fcsp dhchap hash [md5]
[sha1]
switch(config)# no fcsp dhchap hash
sha1
Command or Action
switch# configuration terminal
switch(config)# fcsp dhchap dhgroup [0 | 1
| 2 | 3 | 4]
switch(config)# no fcsp dhchap dhgroup [0
| 1 | 2| 3 | 4]
When you add a new switch, you use the same password to authenticate that switch in this fabric. It is
also the most vulnerable configuration if someone from the outside maliciously attempts to access any
one switch in the fabric.
switch in the fabric. When you add a new switch, you create a new password list and update all switches
with the new list. Accessing one switch yields the password list for all switches in that fabric.
switch, multiple new passwords corresponding to each switch in the fabric must be generated and
configured in each switch. Even if one switch is compromised, the password of other switches are still
protected. This configuration requires considerable password maintenance by the user.
Configuring FC-SP and DHCHAP
Purpose
Configures the use of the the MD5 or SHA-1 hash
algorithm.
Reverts to the factory default priority list of the
MD5 hash algorithm followed by the SHA-1 hash
algorithm.
Purpose
Enters configuration mode.
Prioritizes the use of DH groups in the
configured order.
Reverts to the DHCHAP factory default order
of 0, 4, 1, 2, and 3.
OL-16597-01
Advertisement
Chapters
Table of Contents
Troubleshooting
