Manualshelf

Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)

ManualsBrandsHP ManualsStorageHP SN6000C 8Gb 32-port Fibre Channel Switch
301302303304305306307308309310
Send comments to nx5000-docfeedback@cisco.com
23-3
Nexus 5000 Series Switch Fabric Manager Software Configuration Guide
OL-16598-01
Chapter 23 Configuring FC-SP and DHCHAP
DHCHAP
To configure DHCHAP authentication using the local password database, perform this task:
Step 1 Enable DHCHAP.
Step 2 Identify and configure the DHCHAP authentication modes.
Step 3 Configure the hash algorithm and DH group.
Step 4 Configure the DHCHAP password for the local switch and other switches in the fabric.
Step 5 Configure the DHCHAP timeout value for reauthentication.
Step 6 Verify the DHCHAP configuration.
This section includes the following topics:
DHCHAP Compatibility with Fibre Channel Features, page 23-3
About Enabling DHCHAP, page 23-4
Enabling DHCHAP, page 23-4
About DHCHAP Authentication Modes, page 23-4
Configuring the DHCHAP Mode, page 23-5
About the DHCHAP Hash Algorithm, page 23-6
Configuring the DHCHAP Hash Algorithm, page 23-6
About the DHCHAP Group Settings, page 23-6
Configuring the DHCHAP Group Settings, page 23-6
About the DHCHAP Password, page 23-7
Configuring DHCHAP Passwords for the Local Switch, page 23-7
About Password Configuration for Remote Devices, page 23-8
Configuring DHCHAP Passwords for Remote Devices, page 23-8
About the DHCHAP Timeout Value, page 23-8
Configuring the DHCHAP Timeout Value, page 23-9
Configuring DHCHAP AAA Authentication, page 23-9
Enabling FC-SP on ISLs, page 23-9
DHCHAP Compatibility with Fibre Channel Features
This section identifies the impact of configuring the DHCHAP feature along with existing Cisco NX-OS
features:
SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel,
DHCHAP authentication is performed at the physical interface level, not at the port channel level.
Port security or fabric binding—Fabric-binding policies are enforced based on identities
authenticated by DHCHAP.
VSANs—DHCHAP authentication is not done on a per-VSAN basis.