Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)

Send comments to nx5000-docfeedback@cisco.com

23-6

Nexus 5000 Series Switch Fabric Manager Software Configuration Guide

OL-16598-01

Chapter 23 Configuring FC-SP and DHCHAP

DHCHAP

About the DHCHAP Hash Algorithm

Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for

DHCHAP authentication.

Tip If you change the hash algorithm configuration, then change it globally for all switches in the fabric.

Caution RADIUS and TACACS+ protocols always use MD5 for CHAP authentication. Using SHA-1 as the hash

algorithm may prevent RADIUS and TACACS+ usage, even if these AAA protocols are enabled for

DHCHAP authentication.

Configuring the DHCHAP Hash Algorithm

To configure the hash algorithm using Fabric Manager, perform this task:

Step 1 Choose Switches > Security, and then choose FC-SP.

Step 2 Click the General/Password tab.

You see the DHCHAP general settings mode for each switch as shown in Figure 23-4.

Figure 23-4 General/ Password Tab

Step 3

Change the DHCHAP HashList for each switch in the fabric.

Step 4 Click the Apply Changes icon to save the updated hash algorithm priority list.

About the DHCHAP Group Settings

All Nexus 5000 Series switches support all DHCHAP groups specified in the standard: 0 (null DH group,

which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.

Tip If you change the DH group configuration, change it globally for all switches in the fabric.

Configuring the DHCHAP Group Settings

To change the DH group settings using Fabric Manager, perform this task: