Send documentation comments to mdsfeedback-doc@cisco.com.
30-8
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 30 FC-SP and DHCHAP
Configuring DHCHAP Authentication
Setting the DHCHAP Timeout Value
During the DHCHAP protocol exchange, if the MDS switch does not receive the expected DHCHAP
message within a specified time interval, authentication failure is assumed. The time ranges from 20 (no
authentication is performed) to 1000 seconds. The default is 30 seconds.
When changing the timeout value, consider the following factors:
•The existing RADIUS and TACACS+ timeout values.
•The same value must also be configured all switches in the fabric.
To change the DHCHAP timeout value using Fabric Manager, follow these steps:
Step 1 Choose Switches > Security > FC-SP in Fabric Manager. You see the FC-SP configuration in the
Information pane.
Step 2 Choose the General/Password tab. You see the DHCHAP general settings mode for each switch.
Step 3 Change the DHCHAP timeout value for each switch in the fabric.
Step 4 Click the Apply Changes icon to save the updated timeout value or click the Undo Changes icon to
discard any unsaved changes.
Configuring DHCHAP AAA Authentication
You can individually set authentication options. If authentication is not configured, local authentication
is used by default.
Enabling FC-SP on ISLs
There is a new ISL pop-up menu called Enable FC-SP that enables FC-SP on switches at either end of
the ISL. You are prompted for an FC-SP generic password, then asked to set FC-SP interface mode to
ON for affected ports. Right-click an ISL and click Enable FC-SP to access this feature.