CHAPTER
Send feedback to nx5000-docfeedback@cisco.com
1-1
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
1
Configuring FC-SP and DHCHAP
Fibre Channel Security Protocol (FC-SP) capabilities provide switch-to-switch and host-to-switch
authentication to overcome security challenges for enterprise-wide fabrics. Diffie-Hellman Challenge
Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication
between Cisco Nexus 5000 Series switches and other devices. DHCHAP consists of the CHAP protocol
combined with the Diffie-Hellman exchange.
This chapter includes the following sections:
• Information About Fabric Authentication, page 1-1
• DHCHAP, page 1-2
• Sample Configuration, page 1-10
• Default Settings, page 1-11
Information About Fabric Authentication
All Cisco Nexus 5000 Series switches enable fabric-wide authentication from one switch to another
switch, or from a switch to a host. These switch and host authentications are performed locally or
remotely in each fabric. As storage islands are consolidated and migrated to enterprise-wide fabrics new
security challenges arise. The approach of securing storage islands cannot always be guaranteed in
enterprise-wide fabrics. For example, in a campus environment with geographically distributed switches,
someone could maliciously interconnect incompatible switches or you could accidentally do so,
resulting in Inter-Switch Link (ISL) isolation and link disruption.
To Next Page
Loading...
