Installation guide

3 – Planning

Fabric Security

59042-08 A 3-15

3.6.2.1

Security Example: Switches and HBAs

Consider the fabric shown in Figure 3-4. In this fabric, Switch_1, HBA_1, and

Switch_2 support security while the JBOD and HBA_2 do not. The objective is to

secure F_Ports and E_Ports in the fabric. To do this, configure security on the

devices that support security: Switch_1, Switch_2, and HBA_1.

Figure 3-4. Security Example: Switches and HBAs

1. Configure security on Switch_1. Create a security set (Security_Set_1) on

Switch_1.

a. Create a port group (Group_Port_1) in Security_Set_1 with Switch_1

and HBA_1 as members. The JBOD is a loop device, and is therefore,

excluded from the port group.

Port Group on Switch_1: Group_Port_1

Switch_1 Node WWN: 10:00:00:c0:dd:07:e3:4c

Authentication: CHAP

Primary Hash: MD5

Primary Secret: 0123456789abcdef

HBA_1 Node WWN: 10:00:00:c0:dd:07:c3:4d

Authentication: CHAP

Primary Hash: MD5

Primary Secret: fedcba9876543210

Device: Switch_1

WWN: 10:00:00:c0:dd:07:e3:4c

Security: Yes

Device: Switch_2

WWN: 10:00:00:c0:dd:07:e3:4e

Security: Yes

Device: HBA_1

WWN: 10:00:00:c0:dd:07:c3:4d

Security: Yes

E_Port

F_Port

FL_Port

Device: JBOD

Security: No

Device: HBA_2

WWN: 10:00:00:c0:dd:07:c3:4f

Security: No