HP StoreFabric SN6500B Administrator's Manual page 27
Brocade access gateway administrator's guide v7.1.0 (53-1002743-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (666 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
For details on installing FCAP certificates and creating DHCAP secrets on the switch in AG or native
mode, refer to the Fabric OS Administrator's Guide or Fabric OS Command Reference.
For general information on authentication, refer to the section on authentication policy for fabric
elements in the Configuring Security Policies chapter of the Fabric OS Administrator's Guide.
Supported policy modes
The following switch and device policy modes are supported by Access Gateway:
•
•
•
To perform authentication with switch policy, the on and off policy modes are supported on the AG
switch. To perform authentication with device policy, the on, off, and passive modes are supported
on the AG switch.
Table 2
receiving fabric switch.
Access Gateway Administrator's Guide
53-1002743-01
On - Strict authentication will be enforced on all ports. The ports on the AG connected to the
switch or device will disable if the connecting switch or device does not support authentication
or the policy mode is set to off. During AG initialization, authentication initiates on all ports
automatically.
Off - The AG switch does not support authentication and rejects any authentication negotiation
request from the connected fabric switch or HBA. A fabric switch with the policy mode set to off
should not be connected to an AG switch with policy mode set to on since the on policy is strict.
This will disable the port if any switch rejects the authentication. You must configure DH-CHAP
shared secrets or install FCAP certificates on the AG and connected fabric switch before
switching from a policy off mode to policy on mode. Off is the default mode for both switch and
device policy.
Passive - The AG does not initiate authentication when connected to a device, but participates
in authentication if the connecting device initiates authentication. The AG will not initiate
authentication on ports, but accepts incoming authentication requests. Authentication will not
disable AG F_Ports if the connecting device does not support authentication or the policy mode
is set to off. Passive mode is the safest mode to use for devices connected to an AG switch if
the devices do not support authentication.
on page 8 describes the authentication behavior between a sending AG switch and
Fabric OS features in Access Gateway mode
1
7
Advertisement
Table of Contents
