Send documentation comments to mdsfeedback-doc@cisco.com.
30-5
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 30 FC-SP and DHCHAP
Configuring DHCHAP Authentication
To configure the DHCHAP port authentication mode, follow these steps:
Step 1 From Fabric Manager, choose Switches > Interfaces > FC Physical. You see the FC-SP configuration
in the Information pane.
From Device Manager, choose Security > FC-SP. You see the FC-SP Configuration dialog box.
Step 2 Choose the FC-SP tab. You see the DHCHAP authentication mode for each interface.
Step 3 Set the Mode drop-down menu to the DHCHAP authentication mode you want to configure for that
interface.
Step 4 Click the Apply Changes icon in Fabric Manager or click Apply in Device Manager to save these
DHCHAP port mode settings.

Changing the DHCHAP Hash Algorithm

Cisco MDS switches support a default hash algorithm priority list of MD5 followed by SHA-1 for
DHCHAP authentication.
Tip If you change the hash algorithm priority list, then change it globally for all switches in the fabric.
Caution RADIUS and TACACS+ protocols always use MD5 for CHAP authentication. Using SHA-1 as the hash
algorithm may prevent RADIUS and TACACS+ usage—even if these AAA protocols are enabled for
DHCHAP authentication.
To change the DHCHAP hash algorithm priority list using Fabric Manager, follow these steps:
Step 1 Choose Switches > Security > FC-SP. You see the FC-SP configuration in the Information pane.
Step 2 Choose the General/Password tab. You see the DHCHAP general settings mode for each switch.
Step 3 Change the HashList for each switch in the fabric.
Step 4 Click the Apply Changes icon to save the updated hash algorithm priority list or click the Undo
Changes icon to discard any unsaved changes.

Changing DHCHAP Group Settings

All switches in the Cisco MDS Family support all DHCHAP groups specified in the standard: 0 (null
DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.
Tip If you change the DH group configuration, change it globally for all switches in the fabric.