HAFM SW 08.08.00 HP StorageWorks HA-Fabric Manager User Guide (AA-RS2CH-TE, August 2006)
HA-Fabric Manager user guide 187
Figure 114 Security Center Devices tab
For two connected switches to authenticate each other locally, each switch must have its own user
ID, node WWN, and CHAP Secret, as well as the other switch’s user ID and CHAP Secret. The
switch can store more IDs and CHAP Secrets if it has multiple connections with other switches only.
You can also store IDs and CHAP Secrets of switches that have no physical connections with this
switch. This is not recommended because accessing one switch provides access to all switches’
CHAP Secrets.
For two connected switches to authenticate each other through the RADIUS server only, all product
IDs and CHAP Secrets are stored on the RADIUS server and the product local database is not
required to maintain the same data. In this case, the HAFM appliance does not communicate with
the RADIUS server effectively. The Radius Only authentication method can cause more errors and
performance problems.
When you select the Radius Only option, the HAFM appliance ensures that only the CHAP Secret
for the switch is defined and stored in the local database. If not, a message is displayed, indicating
that you must type or generate a secret for the current switch before you enable E_Port
authentication.
If the CHAP Secret is defined for the current switch, when you click Apply, a message is displayed,
indicating that you have set E/N_Port Authentication Method to Radius Only. If you have not
properly defined the secrets for all participating devices on the RADIUS Server, E/N_Port
authentication fails and your fabric connectivity is lost.