Manualshelf

Instruction Manual

ManualsBrandsHP ManualsStorage3000 Enterprise Virtual Array
201202203204205206207208209210
Enabling bi-directional CHAP during discovery and bi-directional CHAP during normal ses-
sion, page 216
CHAP restrictions
The mpx100/100b CHAP secret restrictions
Maximum length of 100 characters.
Minimum length of 1 character.
No restriction on the type of characters that can be entered.
Microsoft Initiator CHAP secret restrictions
Maximum length of 16 characters.
Minimum length of 12 characters.
No restriction on the type of characters that can be entered.
When an initiator uses iSNS for target discovery, only normal session CHAP applies.
Linux version 3.6.3 CHAP restrictions
CHAP setup with Linux iSCSI Initiator version 3.6.3 is not supported with the mpx100/100b because
the Linux iSCSI driver omits CHAP security negotiations at login.
ATTO Macintosh Chap restrictions
The ATTO Macintosh iSCSI Initiator does not support CHAP at this time.
Recommended CHAP policies
The same CHAP secret should not be configured for authentication of multiple initiators or multiple
targets.
Any CHAP secret used for initiator authentication must not be configured for the authentication of
any target; and any CHAP secret used for target authentication must not be configured for authen-
tication of any initiator.
CHAP should be configured after the initial iSCSI Initiator/target login to validate initiator/target
connectivity. The first initiator/target login also creates a discovered iSCSI Initiator entry on the
mpx100/100b that will be used in the CHAP setup.
iSCSI session types
iSCSI defines two types of sessions:
DiscoverySCSI discovery allows an initiator to find the targets to which it has access.
Normal operational sessionA normal operational session is unrestricted.
CHAP is enforced on both the discovery and normal operational session.
The mpx100/100b CHAP modes
The mpx100/100b supports two CHAP modes:
Setting up authentication208