To perform authentication with switch policy, the on and off policy modes are supported on the AG
switch. To perform authentication with device policy, the on, off, and passive modes are supported on
the AG switch.
Behavior of sending AG switch and receiving fabric switch with different policies configuredTABLE 2
Fabric switch with device
policy mode ON
Fabric switch with device
policy mode PASSIVE
Fabric switch with device
policy mode OFF
AG switch with
switch policy
mode on
Authorization negotiation -
accept
DH-CHAP/FCAP:
Success - N_Port
Failure - disable
Authorization negotiation -
accept
DH-CHAP/FCAP:
Success - N_Port
Failure - disable
Authorization negotiation -
reject
N_Port without
authentication
AG switch with
switch policy off
No negotiation
No light
No Negotiation
N_Port without authenctication.
No negotiation
N_Port without
authentication
Behavior of sending device (HBA) and receiving AG switch with different policies
configured
TABLE 3
AG switch with device
policy mode ON
AG switch with device
policy mode PASSIVE
AG switch with device
policy mode OFF
HBA authentication enabled Authorization negotiation
- accept
DH-CHAP
Success - F_Port
Failure - disable
Authorization negotiation -
accept
DH-CHAP
Success - F_Port
Failure - disable
Authorization negotiation
- reject
F_Port without
authentication
HBA authenticationdisabled No negotiation
No light
No negotiation
F_Port without
authentication
No negotiation
F_Port without
authentication
Supported Fabric OS commands
All Fabric OS commands for authentication policy apply to AG switches, including the following:
authutil -- policy
authutil --show
authutil --set
secauthsecret --set
secauthsecret --show
NOTE
Although authutil --authinit is not supported in AG mode, it is supported in native mode.

Supported Fabric OS commands

22 Access Gateway Administrator's Guide
53-1003126-02