Send feedback to nx5000-docfeedback@cisco.com
1-3
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 1 Configuring FC-SP and DHCHAP
DHCHAP
DHCHAP is a mandatory password-based, key-exchange authentication protocol that supports both
switch-to-switch and host-to-switch authentication. DHCHAP negotiates hash algorithms and DH
groups before performing authentication. It supports MD5 and SHA-1 algorithm-based authentication.
To configure DHCHAP authentication using the local password database, perform this task:
Step 1 Enable DHCHAP.
Step 2 Identify and configure the DHCHAP authentication modes.
Step 3 Configure the hash algorithm and DH group.
Step 4 Configure the DHCHAP password for the local switch and other switches in the fabric.
Step 5 Configure the DHCHAP timeout value for reauthentication.
Step 6 Verify the DHCHAP configuration.
This section includes the following topics:
• DHCHAP Compatibility with Fibre Channel Features, page 1-3
• About Enabling DHCHAP, page 1-4
• Enabling DHCHAP, page 1-4
• About DHCHAP Authentication Modes, page 1-4
• Configuring the DHCHAP Mode, page 1-5
• About the DHCHAP Hash Algorithm, page 1-6
• Configuring the DHCHAP Hash Algorithm, page 1-6
• About the DHCHAP Group Settings, page 1-6
• Configuring the DHCHAP Group Settings, page 1-6
• About the DHCHAP Password, page 1-7
• Configuring DHCHAP Passwords for the Local Switch, page 1-7
• About Password Configuration for Remote Devices, page 1-8
• Configuring DHCHAP Passwords for Remote Devices, page 1-8
• About the DHCHAP Timeout Value, page 1-8
• Configuring the DHCHAP Timeout Value, page 1-9
• Configuring DHCHAP AAA Authentication, page 1-9
• Displaying Protocol Security Information, page 1-9
DHCHAP Compatibility with Fibre Channel Features
This section identifies the impact of configuring the DHCHAP feature along with existing Cisco NX-OS
features:
• SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel,
DHCHAP authentication is performed at the physical interface level, not at the port channel level.
• Port security or fabric binding—Fabric-binding policies are enforced based on identities
authenticated by DHCHAP.
To Next Page
Loading...
