Set Up Target Authentication; Sansurfer - All Targets Reconnected - IBM DS3000 Introduction And Implementation Manual

7065iSCSI_Config1.fm
Figure 16-61 SANsurfer - All targets reconnected
For even more security in the iSCSI connection, target authentication can also be enabled.

16.10.2 Set up target authentication

Target authentication with the QLogic iSCSI HBAs requires initiator authentication to be
already configured as we just described.
1. Stop applications that may be accessing the logical drives on the DS3300 and logout from
all the targets connected to each initiator port as described in steps 1 on page 372 to 4 on
page 374. SANsurfer should show no sessions active on the targets. Keep SANsurfer
open, because it will be required again soon.
2. Use the Storage Manager CLI (set iscsiTarget) command as shown in one of the
following examples. In Example 16-5, the command forces iSCSI sessions to use target
authentication with the correct CHAP secret specified, as it by default disables
authenticationMethod none. In Example 16-6, iSCSI sessions are permitted both with and
without target authentication, since authenticationMethod=none is specified along with
authenticationMethod=chap. You should use the appropriate format of the command for
your configuration, depending on whether you want target authentication to be
compulsory. See 12.1, "Authentication" on page 270 for more information.
Example 16-5 SMcli - set and enforce target authentication
amazon:~ # SMcli -n DS3300 -c "set iscsiTarget
<\"iqn.1992-01.com.lsi:1535.00000000000000000000000000000000\">
authenticationMethod=chap chapSecret=\"a01234567890t\";" -S
amazon:~ #
380
IBM System Storage DS3000: Introduction and Implementation Guide
Draft Document for Review August 30, 2007 12:59 am