Installation guide
3 – Planning
Fabric Security
59096-02 C 3-21
A
1. Configure the Radius_1 host as a RADIUS server on Switch_1 and
Switch_2 to authenticate device logins. Specify the server IP address and
the secret with which the switches will authenticate with the server.
Configure the switches so that devices authenticate through the switches
only if the RADIUS server is unavailable.
2. Configure security on Switch_1. Create a security set (Security_Set_1) on
Switch_1.
a. Create a port group (Group_Port_1) in Security_Set_1 with Switch_1
and HBA_1 as members. The JBOD is a loop device, and is therefore,
excluded from the port group.
Radius_1 Configuration on Switch_1 and Switch_2
Device Authentication
Order
RadiusLocal – Authenticate devices using the RADIUS
server security database first. If the RADIUS server is
unavailable, then use the local switch security database.
Total Servers 1 – Enables support for one RADIUS server
Device Authentication
Server
True – Enables Radius_1 to authenticate device logins.
Server IP Address 10.20.30.40
Secret 1234567890123456 – 16-character ASCI string (MD5
hash)
Port Group on Switch_1: Group_Port_1
Switch_1 Node WWN: 10:00:00:c0:dd:07:e3:4c
Authentication: CHAP
Primary Hash: MD5
Primary Secret: 0123456789abcdef
HBA_1 Node WWN: 10:00:00:c0:dd:07:c3:4d
Authentication: CHAP
Primary Hash: MD5
Primary Secret: fedcba9876543210