6.5
Table Of Contents
- vSphere Command-Line Interface Concepts and Examples
- Contents
- About This Book
- vSphere CLI Command Overviews
- Introduction
- List of Available Host Management Commands
- Targets and Protocols for vCLI Host Management Commands
- Supported Platforms for vCLI Commands
- Commands with an esxcfg Prefix
- ESXCLI Commands Available on Different ESXi Hosts
- Trust Relationship Requirement for ESXCLI Commands
- Using ESXCLI Output
- Connection Options for vCLI Host Management Commands
- Connection Options for DCLI Commands
- vCLI Host Management Commands and Lockdown Mode
- Managing Hosts
- Managing Files
- Managing Storage
- Introduction to Storage
- Examining LUNs
- Detach a Device and Remove a LUN
- Reattach a Device
- Working with Permanent Device Loss
- Managing Paths
- Managing Path Policies
- Scheduling Queues for Virtual Machine I/O
- Managing NFS/NAS Datastores
- Monitor and Manage FibreChannel SAN Storage
- Monitoring and Managing Virtual SAN Storage
- Monitoring vSphere Flash Read Cache
- Monitoring and Managing Virtual Volumes
- Migrating Virtual Machines with svmotion
- Configuring FCoE Adapters
- Scanning Storage Adapters
- Retrieving SMART Information
- Managing iSCSI Storage
- iSCSI Storage Overview
- Protecting an iSCSI SAN
- Command Syntax for esxcli iscsi and vicfg-iscsi
- iSCSI Storage Setup with ESXCLI
- iSCSI Storage Setup with vicfg-iscsi
- Listing and Setting iSCSI Options
- Listing and Setting iSCSI Parameters
- Enabling iSCSI Authentication
- Set Up Ports for iSCSI Multipathing
- Managing iSCSI Sessions
- Managing Third-Party Storage Arrays
- Managing Users
- Managing Virtual Machines
- Managing vSphere Networking
- Introduction to vSphere Networking
- Retrieving Basic Networking Information
- Troubleshoot a Networking Setup
- Setting Up vSphere Networking with vSphere Standard Switches
- Setting Up Virtual Switches and Associating a Switch with a Network Interface
- Retrieving Information About Virtual Switches
- Adding and Deleting Virtual Switches
- Checking, Adding, and Removing Port Groups
- Managing Uplinks and Port Groups
- Setting the Port Group VLAN ID
- Managing Uplink Adapters
- Adding and Modifying VMkernel Network Interfaces
- Managing VMkernel Network Interfaces with ESXCLI
- Add and Configure an IPv4 VMkernel Network Interface with ESXCLI
- Add and Configure an IPv6 VMkernel Network Interface with ESXCLI
- Managing VMkernel Network Interfaces with vicfg-vmknic
- Add and Configure an IPv4 VMkernel Network Interface with vicfg-vmknic
- Add and Configure an IPv6 VMkernel Network Interface with vicfg-vmknic
- Setting Up vSphere Networking with vSphere Distributed Switch
- Managing Standard Networking Services in the vSphere Environment
- Setting the DNS Configuration
- Manage an NTP Server
- Manage the IP Gateway
- Setting Up IPsec
- Manage the ESXi Firewall
- Monitor VXLAN
- Monitoring ESXi Hosts
- Index
Procedure
1 (Optional) Set the authentication information for CHAP.
esxcli <conn_options> iscsi adapter auth chap set --direction=uni --chap_username=<name> --
chap_password=<pwd> --level=[prohibited, discouraged, preferred, required] --secret=<string>
--adapter=<adapter_name>
You can set per-target CHAP for static targets, per-adapter CHAP, or apply the command to the
discovery address.
Option Command
Per-adapter CHAP
esxcli iscsi adapter auth chap set
Per-discovery CHAP
esxcli iscsi adapter discovery sendtarget auth chap set
Per-target CHAP
esxcli iscsi adapter target portal auth chap set
The following example sets adapter-level CHAP.
esxcli <conn_options> iscsi adapter auth chap set --direction=uni --chap_username=User1 --
chap_password=MySpecialPwd --level=preferred --secret=uni_secret --adapter=vmhba33
2 (Optional) Set the authentication information for mutual CHAP by running esxcli iscsi adapter auth
chap set again with the -d option set to mutual option and a dierent authentication user name and
secret.
esxcli <conn_options> iscsi adapter auth chap set --direction=mutual --
mchap_username=<m_name> --mchap_password=<m_pwd> --level=[prohibited, required] --
secret=<string> --adapter=<adapter_name>
For <level>, specify prohibited or required.
Option Description
prohibited
The host does not use CHAP authentication. If authentication is enabled,
specify chapProhibited to disable it.
required
The host requires successful CHAP authentication. The connection fails if
CHAP negotiation fails. You can set this value for mutual CHAP only if
CHAP is set to chapRequired.
For direction, specify mutual.
I You are responsible for making sure that CHAP is set before you set mutual CHAP, and
for using compatible levels for CHAP and mutual CHAP. Use a dierent secret in CHAP and mutual
CHAP.
Enable Mutual iSCSI Authentication with ESXCLI
Mutual authentication is supported for software iSCSI and dependent hardware iSCSI, but not for
independent hardware iSCSI.
For information on iSCSI CHAP, see “Seing iSCSI CHAP,” on page 72.
Prerequisites
n
Verify that CHAP authentication is already set up when you start seing up mutual CHAP.
n
Verify that CHAP and mutual CHAP use dierent user names and passwords. The second user name
and password are supported for mutual authentication on the storage side.
n
Verify that CHAP and mutual CHAP use compatible CHAP levels.
Chapter 5 Managing iSCSI Storage
VMware, Inc. 95