CLI Guide

See also

restart mc

restart sc

show certificate

create chap-record

Description

.

The CHAP record can specify one name-secret pair to authenticate the originator only (one-way CHAP) or

two pairs to authenticate both the originator and the recipient (mutual CHAP).

For a login request from an initiator to a storage system, the initiator is the originator and the storage system

is the recipient. Because CHAP works during login, to make CHAP changes take effect you must reset any

active iSCSI host links.

In a peer connection, a storage system can act as the originator or recipient of a login request. As the

originator, with a valid CHAP record it can authenticate CHAP even if CHAP is disabled. This is possible

because the system will supply the CHAP secret requested by its peer and the connection will be allowed.

Minimum role manage

Syntax

The originator name, typically in IQN format. The name is case sensitive and can have a maximum of 223

bytes, including 0–9, lowercase a–z, hyphen, colon, and period

The secret that the recipient uses to authenticate the originator. The secret is case sensitive and can include

12–16 bytes. The value can include spaces and printable UTF-8 characters except: " <

Optional; for mutual CHAP only. The recipient name, typically in IQN format. The name is case sensitive and

can have a maximum of 223 bytes, including 0–9, lowercase a–z, hyphen, colon, and period. To determine a

storage system's IQN, use the show ports command to view the Target ID value for an iSCSI port. This

parameter and mutual-secret must be set together.

Examples Create a one-way CHAP record to enable a storage system to authenticate a host initiator.

See also

delete chap-records