Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment5428 - SN Router
31323334353637383940
1-22
Cisco SN 5428-2 Storage Router Software Configuration Guide
78-15471-01
Chapter 1 Before Configuring SN 5428-2 Storage Router Software
Authentication Overview
maintenance interface is lost and if the secondary maintenance interface connection is assigned and
connected, the IP address moves to the secondary Gigabit Ethernet interface, which then allows
management access.
Authentication Overview
Authentication is a software service that is available in each SN 5428-2. It provides a method of
identifying users (including login and password dialog, challenge and response, and messaging support)
prior to receiving access to the requested object, function, or network service. The SN 5428-2 supports
three types of authentication:
iSCSI authenticationprovides an authentication mechanism to authenticate IP hosts that request
access to storage. An IP host, acting as an iSCSI initiator, can also verify the identity of an iSCSI
target assigned to a SCSI routing instance, which responds to the request, resulting in a two-way
authentication.
Enable authenticationprovides a mechanism to authenticate users requesting Administrator mode
access to an SN 5428-2 management session via the CLI enable command or an FTP session.
Login authenticationprovides a mechanism to authenticate users requesting access to the
SN 5428-2 in Monitor mode via the login process from a Telnet session, SSH session or the
SN 5428-2 console.
Authentication is provided by an AAA (authentication, authorization, and accounting) subsystem
configured in each SN 5428-2. AAA is Ciscos architectural framework for configuring a set of three
independent security functions in a consistent and modular manner: authentication, authorization, and
accounting. The SN 5428-2 Storage Router software implements the authentication function.
AAA authentication is configured by defining a list of authentication services. iSCSI authentication,
which uses a AAA authentication services list, can be enabled for specific SCSI routing instances in an
SN 5428-2.
When iSCSI authentication is enabled, IP hosts (with iSCSI drivers) must provide user name and
password information each time an iSCSI TCP connection is established. With two-way authentication,
the SCSI routing instance to which an iSCSI target has been assigned responds to the authentication
request with an assigned username and password. iSCSI authentication uses the iSCSI CHAP (Challenge
Handshake Authentication Protocol) authentication method.
See Chapter 9, Configuring Authentication, for more information about configuring authentication
services.
SN 5428-2 Cluster Management Overview
You can configure Cisco SN 5428-2 Storage Routers in a cluster to allow the storage routers to back each
other up in case of failure.
Note A storage router can participate in a cluster only if it is deployed for SCSI routing.
An SN 5428-2 Storage Router can be configured in a cluster with one other SN 5428-2, or with an
SN 5428, connected as follows:
Connected to the same hosts
Connected to the same storage systems