EasyManuals Logo

HP SN3000B User Manual

HP SN3000B
584 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #187 background imageLoading...
Page #187 background image
Fabric OS Administrator’s Guide 149
53-1002446-01
Authentication policy for fabric elements
7
Secret key pairs for DH-CHAP
When you configure the switches at both ends of a link to use DH-CHAP for authentication, you
must also define a secret key pair—one for each end of the link. Use the secAuthSecret command
to perform the following tasks:
View the WWN of switches with a secret key pair.
Set the secret key pair for switches.
Remove the secret key pair for one or more switches.
Note the following characteristics of a secret key pair:
The secret key pair must be set up locally on every switch. The secret key pair is not distributed
fabric-wide.
If a secret key pair is not set up for a link, authentication fails. The “Authentication Failed”
(reason code 05h) error will be reported and logged.
The minimum length of a shared secret is 8 characters and the maximum length is 40
characters. If the E_Port is to carry in-flight encrypted traffic, a shared secret or at least 32
characters is recommended. See Chapter 14, “In-flight Encryption and Compression” for
details about in-flight encryption.
NOTE
When setting a secret key pair, note that you are entering the shared secrets in plain text. Use a
secure channel (for example, SSH or the serial console) to connect to the switch on which you are
setting the secrets.
Viewing the list of secret key pairs in the current switch database
1. Log in to the switch using an account with admin permissions, or an account with the O
permission for the Authentication RBAC class of commands.
2. Enter the secAuthSecret
--show command.
The output displays the WWN, domain ID, and name (if known) of the switches with defined
shared secrets:
WWN DId Name
-----------------------------------------------
10:00:00:60:69:80:07:52 Unknown
10:00:00:60:69:80:07:5c 1 switchA
Setting a secret key pair
1. Log in to the switch using an account with admin permissions, or an account with OM
permissions for the Authentication RBAC class of commands.
2. Enter the secAuthSecret
--set command.
The command enters interactive mode. The command returns a description of itself and
needed input; then it loops through a sequence of switch specification, peer secret entry, and
local secret entry.
To exit the loop, press Enter for the switch name; then type y.

Table of Contents

Other manuals for HP SN3000B

Preview: Troubleshooting Guide
Troubleshooting Guide138 pages
Preview: Reference Guide
Reference Guide70 pages
Preview: Quick Start Instructions
Quick Start Instructions8 pages
Preview: Specifications
Specifications18 pages
Preview: Quickspecs
Quickspecs20 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP SN3000B and is the answer not in the manual?

HP SN3000B Specifications

General IconGeneral
BrandHP
ModelSN3000B
CategorySwitch
LanguageEnglish

Related product manuals