Procedure
Step 1
Enable DHCHAP.
Step 2
Identify and configure the DHCHAP authentication modes.
Step 3
Configure the hash algorithm and DH group.
Step 4
Configure the DHCHAP password for the local switch and other switches in the fabric.
Step 5
Configure the DHCHAP timeout value for reauthentication.
Step 6
Verify the DHCHAP configuration.
DHCHAP Compatibility with Fibre Channel Features
When configuring the DHCHAP feature along with existing Cisco NX-OS features, consider these compatibility
issues:
• SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel,
DHCHAP authentication is performed at the physical interface level, not at the port channel level.
• Port security or fabric binding—Fabric-binding policies are enforced based on identities authenticated
by DHCHAP.
• VSANs—DHCHAP authentication is not done on a per-VSAN basis.
By default, the DHCHAP feature is disabled in all Cisco SAN switches.
About Enabling DHCHAP
By default, the DHCHAP feature is disabled in all Cisco SAN switches.
You must explicitly enable the DHCHAP feature to access the configuration and verification commands for
fabric authentication. When you disable this feature, all related configurations are automatically discarded.
Enabling DHCHAP
You can enable DHCHAP for a Cisco Nexus device.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
switch# configure terminal
switch(config)#
Step 1
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01 233
Configuring FC-SP and DHCHAP
Configuring DHCHAP Authentication
To Next Page
Loading...
