HP StorageWorks Fabric OS 6.1.x administrator guide (5697-0234, November 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

111

112

113

114

115

116

117

118

119

120

Fabric OS 6.1.x administrator guide 119

Since the F_Port authentication requires DH-CHAP protocol, selecting the PASSIVE mode will be blocked if

only FCAP protocol is selected as the authentication protocol. Similarly de-selecting the DH-CHAP protocol

from the authentication protocol list will be blocked if the device authentication is set to PASSIVE.

Auth policy restrictions

Fabric OS 5.1.0 implementation of DH-CHAP/FCAP does not support integration with RADIUS. All fabric

element authentication configurations are performed on a local switch basis.

Device authentication policy supports devices that are connected to the switch in point-to-point manner and

is visible to the entire fabric. The following are not supported:

• Public loop devices

• Single private devices

• Private loop devices

• Mixed public and private devices in loop

• NPIV devices

• FICON channels

• Configupload/download will not be supported for the following AUTH attributes: auth type, hash

type, group type.

Supported configurations

The following HBAs support authentication:

• Emulex LP11000 (Tested with Storport Miniport 2.0 windows driver)

• Qlogic QLA2300 (Tested with Solaris 5.04 driver)

Selecting authentication protocols

Use the authUtil command to perform the following tasks:

• Display the current authentication parameters

• Select the authentication protocol used between switches

• Select the Diffie-Hellman (DH) group for a switch

Run the authUtil command on the switch you want to view or change. Options for specifying which DH

group you want to use include:

• 00 – DH Null option

• 01 – 1024 bit key

• 02 – 1280 bit key

• 03 - 1536 bit key

• 04 – 2048 bit key

This section illustrates using the authUtil command to display the current authentication parameters and

to set the authentication protocol to DH-CHAP.

To view the current authentication parameter settings for a switch:

1. Log in to the switch using an account assigned to the admin role.

2. On a switch running Fabric OS 6.0, type authUtil --show.

Output similar to the following is displayed:

AUTH TYPE HASH TYPE GROUP TYPE

--------------------------------------

fcap,dhchap sha1,md5 0, 1, 2, 3, 4

Switch Authentication Policy: PASSIVE

Device Authentication Policy: OFF

To set the authentication protocol used by the switch to DH-CHAP:

1. Log in to the switch using an account assigned to the admin role.