Table of Contents
Advertisement
3 – Planning
Fabric Security
b.
2.
Configure security on HBA_1 using the appropriate management tool.
Logins between the Switch_1 and HBA_1 will be challenged for their
respective secrets. Therefore, the secrets for Switch_1 and HBA_1 that you
configured on Switch_1 must also be configured on HBA_1.
3.
Save Security_Set_1 on Switch_1 and prepare to activate it. Activating a
security set does not affect currently logged-in ports. Therefore, to apply the
security policy that you designed in the security database, you must offline
the secured ports, activate the security set, then place the secured ports
back online.
3-16
You must specify HBAs by node worldwide name. Switches can
be specified by port or node worldwide name. The type of switch
worldwide name you use in the switch security database must be
the same as that in the HBA security database. For example, if
you specify a switch with a port worldwide name in the switch
security database, you must also specify that switch in the HBA
security database with the same port worldwide name.
For CHAP authentication, create 32-character hexadecimal or
16-character ASCI secrets. The switch secret must be shared
with the HBA security database.
Create an ISL group (Group_ISL_1) in Security_Set_1 with Switch_1
and Switch_2 as members. The Switch_1 secret must be shared with
the Switch_2 security database.
ISL Group on Switch_1: Group_ISL_1
Switch_1
Node WWN: 10:00:00:c0:dd:07:e3:4c
Authentication: CHAP
Primary Hash: MD5
Primary Secret: 0123456789abcdef
Binding: None
Switch_2
Node WWN: 10:00:00:c0:dd:
Authentication: CHAP
Primary Hash: MD5
Primary Secret: abcdef abcdef012
Binding: None
0
07:e3:4e
59042-08 A
Advertisement
Table of Contents
