Cisco Nexus 5000 Series Switch CLI Software Configuration Guide (OL-16597-01, July 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5010 with FCoE Storage Services License Converged Network Switch

671

672

673

674

675

676

677

678

679

680

About the DHCHAP Timeout Value

During the DHCHAP protocol exchange, if the Cisco Nexus 5000 Series switch does not receive the expected

DHCHAP message within a specified time interval, authentication failure is assumed. The time ranges from

20 (no authentication is performed) to 1000 seconds. The default is 30 seconds.

When changing the timeout value, consider the following factors:

• The existing RADIUS and TACACS+ timeout values.

• The same value must also be configured on all switches in the fabric.

Configuring the DHCHAP Timeout Value

To configure the DHCHAP timeout value, perform this task:

Procedure

PurposeCommand or Action

Enters configuration mode.switch# configuration terminal

Step 1

Configures the reauthentication timeout to the

specified value. The unit is seconds.

switch(config)# fcsp timeout timeout

Step 2

Reverts to the factory default of 30 seconds.

switch(config)# no fcsp timeout timeout

Step 3

Configuring DHCHAP AAA Authentication

You can configure AAA authentication to use a RADIUS or TACACS+ server group. If AAA authentication

is not configured, local authentication is used by default.

Displaying Protocol Security Information

Use the show fcsp commands to display configurations for the local database.

The following example shows how to display the DHCHAP configuration for the specified interface:

switch# show fcsp interface fc2/4

fc2/4:

fcsp authentication mode:SEC_MODE_ON

Status: Successfully authenticated

The following example shows how to display DHCHAP statistics for the specified interface:

switch# show fcsp interface fc2/4 statistics

The following example shows how to display the FC-SP WWN of the device connected to the specified

interface:

switch# show fcsp interface fc2/1 wwn

The following example shows how to display the hash algorithm and DHCHAP groups configured in the

switch:

switch# show fcsp dhchap

The following example shows how to display the DHCHAP local password database:

switch# show fcsp dhchap database

Use the ASCII representation of the device WWN to configure the switch information on RADIUS and

TACACS+ servers.

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

632 OL-16597-01

Configuring FC-SP and DHCHAP

About the DHCHAP Timeout Value