Administrator Guide
replication operations, such as creating replication sets, initiating replications, or suspending replication operations. The system that does
not have CHAP enabled will be unable to perform any replication operations, including modifying and deleting the peer connection. For full
replication functionality for both systems, set up CHAP for a peer connection (see the following procedure).
If the two systems have CHAP records for each other with the same secret, they can perform all replication operations whether or not
CHAP is enabled on either system. In other words, even if CHAP is enabled on neither system, only one system, or both systems, either
system can work with peer connections, replication sets, and replications.
If you want to use Challenge Handshake Authentication Protocol (CHAP) for the iSCSI connection between peer systems, see the
following procedure to set up CHAP. In a peer connection, both systems will alternately act as an initiator and target of a login request.
Peer connections support one-way CHAP only.
Set up CHAP for a peer connection using the CLI
1. If you have not already configured CHAP, run query peer-connection from either the local system or the remote system to
ensure that they have connectivity.
2. If you have an existing peer connection, stop I/O to it.
3. On the local system, use the create chap-record command to create a CHAP record for one-way CHAP to allow access by the
remote system.
4. On the remote system, use the create chap-record command to create a CHAP record for one-way CHAP to the local system.
Note that the same CHAP record used from the local system may also be used here but the configuration is still one-way CHAP.
5. On each system, enable CHAP by running: set iscsi-parameters chap on
CAUTION: Enabling or disabling CHAP will cause all iSCSI host ports in the system to be reset and restarted. This
may prevent iSCSI hosts from being able to reconnect if their CHAP settings are incorrect.
6. Wait one minute for the commands to complete before attempting to use the peer connection.
7. Run query peer-connection from the local system and then from the remote system to ensure communication can be initiated
from either system.
• If both succeed, you can create, set, or perform replication on that peer connection.
• If either fails, it is likely that you must fix a CHAP configuration issue and then repeat these steps as appropriate. If you need to
modify a CHAP record, use the set chap-record command.
Modifying a peer connection
You can change the name of a current peer connection or the port address of the remote system from either the local system or the
remote system without changing the peer connection configurations. For example, you could configure a peer connection and then move
one of the peers to a different network.
Changing the peer connection name will not affect the network connection so any running replications will not be interrupted.
NOTE:
Changing the remote port address will modify the network connection, which is permitted only if no replications
are running and new replications are prevented from running. For the peer connection, stop any running replications and
either suspend its replication sets or make sure its network connection is offline. After you have modified the peer
connection, you can resume replication sets. If CHAP is enabled on one system within a peer connection, be sure that
CHAP is configured properly on the corresponding peer system before initiating this operation. For more information
about configuring CHAP, see CHAP and replication.
Modify a peer connection
1. In the Replications topic, select the peer connection to be modified in the Peer Connections table.
2. Select Action > Modify Peer Connection. The Modify Peer Connection panel appears.
3. Change one of the following. You cannot change both:
• Select New Name, then enter a new name for the peer connection. The name is case sensitive and can have a maximum of 32
bytes. It cannot already exist in the system or include the following: " , < \
• Select New Remote Address (FC-WWN or iSCSI-IP), then enter a new address for the remote system.
120
Working in the Replications topic