Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 6520

221

222

223

224

225

226

227

228

229

230

either DH-CHAP secrets or PKI certificates depending

on the protocol selected. Otherwise, ISLs will be

segmented during next E-port bring-up.

ARE YOU SURE (yes, y, no, n): [no] y

Auth Policy is set to ACTIVE

NOTE

This authentication-policy change will not affect online EX_Ports.

Re-authenticating E_Ports

Use the authUtil --authinit command to re-initiate the authentication on selected ports. It provides

flexibility to initiate authentication for specified E_Ports, a set of E_Ports, or all E_Ports on the switch.

This command does not work on loop, NPIV and FICON devices, or on ports configured for in-flight

encryption. The command authUtil can re-initiate authentication only if the device was previously

authenticated. If the authentication fails because shared secrets do not match, the port is disabled.

This command works independently of the authentication policy; this means you can initiate the

authentication even if the switch is in PASSIVE mode. This command is used to restart authentication

after changing the DH-CHAP group, hash type, or shared secret between a pair of switches.

ATTENTION

This command may bring down E_Ports if the DH-CHAP shared secrets are not installed correctly.

1. Log in to the switch using an account with admin permissions, or an account with OM permissions

for the Authentication RBAC class of commands.

2. Enter the authUtil --authinit command.

Example for specific ports on the switch

switch:admin> authutil --authinit 2,3,4

Example for all E_Ports on the switch

switch:admin> authutil --authinit allE

Example for Backbones using the slot/port format

switch:admin> authutil --authinit 1/1, 1/2

Device authentication policy

Device authentication policy can also be categorized as an F_Port, node port, or an HBA

authentication policy. Fabric-wide distribution of the device authentication policy is not supported

because the device authentication requires manual interaction in setting the HBA shared secrets and

switch shared secrets, and most of the HBAs do not support the defined DH groups for use in the DH-

CHAP protocol.

NOTE

Authentication is supported from Brocade fabric switches in native mode to Access Gateway switches

and from Access Gateway switches to HBAs. For more information, refer to the Access Gateway

Administrator's Guide.

Re-authenticating E_Ports

224 Fabric OS Administrators Guide

53-1003130-01