
Send documentation comments to mdsfeedback-doc@cisco.com.
30-3
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 30 FC-SP and DHCHAP
Configuring DHCHAP Authentication
DHCHAP Compatibility with Existing Cisco MDS Features
This sections identifies the impact of configuring the DHCHAP feature along with existing Cisco MDS
features:
•PortChannel interfaces—If DHCHAP is enabled for ports belonging to a PortChannel, DHCHAP
authentication is performed at the physical interface level, not at the PortChannel level.
•FCIP interfaces—The DHCHAP protocol works with the FCIP interface just as it would with a
physical interface.
•Port security or fabric binding—Fabric binding policies are enforced based on identities
authenticated by DHCHAP.
•VSANs—DHCHAP authentication is not done on a per-VSAN basis.
•High availability—DHCHAP authentication works transparently with existing HA features.
Configuring DHCHAP Authentication
To configure DHCHAP authentication using the local password database, follow these steps:
Step 1 Enable DHCHAP.
Step 2 Identify and configure the DHCHAP authentication modes.
Step 3 Configure the hash algorithm and DH group.
Step 4 Configure the DHCHAP password for the local switch and other switches in the fabric.
Step 5 Configure the DHCHAP timeout value for reauthentication.
Step 6 Verify the DHCHAP configuration.
Enabling DHCHAP
By default, the DHCHAP feature is disabled in all switches in the Cisco MDS 9000 Family.
You must explicitly enable the DHCHAP feature to access the configuration and verification commands
for fabric authentication. When you disable this feature, all related configurations are automatically
discarded.
To enable DHCHAP and FC-SP, follow these steps:
Step 1 From Fabric Manager, choose Switches > Security > FC-SP. You see the FC-SP configuration in the
Information pane.
From Device Manager, choose Security > FC-SP. You see the FC-SP Enable dialog box. Click Ye s to
enable FC-SP and DHCHAP for this switch.
Step 2 Choose the Control tab in Fabric Manager. You see the FC-SP enable state for all switches in the fabric.
Step 3 Set the Command drop-down menu to enable for all switches that you want to enable FC-SP on.