Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)

ManualsBrandsHP ManualsStorageHP SN6000C 8Gb 32-port Fibre Channel Switch

311

312

313

314

315

316

317

318

319

320

Send comments to nx5000-docfeedback@cisco.com

23-7

Nexus 5000 Series Switch Fabric Manager Software Configuration Guide

OL-16598-01

Chapter 23 Configuring FC-SP and DHCHAP

DHCHAP

Step 1 Expand Switches > Security, and then choose FC-SP.

Step 2 Click the General/Password tab.

Step 3 Change the DHCHAP GroupList for each switch in the fabric.

Step 4 Click the Apply Changes icon to save the updated hash algorithm priority list.

About the DHCHAP Password

DHCHAP authentication in each direction requires a shared secret password between the connected

devices. To do this, you can use one of three configurations to manage passwords for all switches in the

fabric that participate in DHCHAP:

• Configuration 1—Use the same password for all switches in the fabric. This is the simplest

configuration. When you add a new switch, you use the same password to authenticate that switch

in this fabric. It is also the most vulnerable configuration if someone from the outside maliciously

attempts to access any one switch in the fabric.

• Configuration 2—Use a different password for each switch and maintain that password list in each

switch in the fabric. When you add a new switch, you create a new password list and update all

switches with the new list. Accessing one switch yields the password list for all switches in that

fabric.

• Configuration 3—Use different passwords for different switches in the fabric. When you add a new

switch, multiple new passwords corresponding to each switch in the fabric must be generated and

configured in each switch. Even if one switch is compromised, the password of other switches are

still protected. This configuration requires considerable password maintenance by the user.

Note All passwords are restricted to 64 alphanumeric characters and can be changed, but not deleted.

Tip We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to

use a local password database, you can continue to do so using Configuration 3 and using the Cisco MDS

9000 Family Fabric Manager to manage the password database.

Configuring DHCHAP Passwords for the Local Switch

To configure the DHCHAP password for the local switch using Fabric Manager, perform this task:

Step 1 Expand Switches > Security, and then choose FC-SP.

You see the FC-SP configuration in the Information pane.

Step 2 Click the Local Passwords tab.

Step 3 Click the Create Row icon to create a new local password.

You see the Create Local Passwords dialog box.

Step 4 (Optional) Check the switches that you want to configure the same local password on.

Step 5 Select the switch WNN and fill in the Password field.