A
3 – Planning Fabric Security
1.Create a security set (Security_Set_1) on Switch_1.
a.Create a port group (Group_Port_1) in Security_Set_1 with Switch_1, HBA_1, and JBOD as members.
| Port Group on Switch_1: Group_Port_1 |
| |
Switch_1 | Node WWN: 10:00:00:c0:dd:07:e3:4c |
| Authentication: CHAP |
| Primary Hash: MD5 |
| Primary Secret: 0123456789abcdef |
HBA_1 | Node WWN: 10:00:00:c0:dd:07:c3:4d |
| Authentication: CHAP |
| Primary Hash: MD5 |
| Primary Secret: fedcba9876543210 |
JBOD | Node WWN: 10:00:00:d1:ee:18:d4:5e |
| Authentication: None |
| Node WWN: 10:00:00:d1:ee:18:d4:5f |
| Authentication: None |
| Node WWN: 10:00:00:d1:ee:18:d4:5g |
| Authentication: None |
|
|
Switch_1 and all devices and switches connected to Switch_1 must be included in the group even if the switch or devices does not support authentication. Others wise, the Switch_1 port will isolate.
You must specify HBAs by node worldwide name. Switches can be specified by port or node worldwide name. The type of switch worldwide name you use in the switch security database must be the same as that in the HBA security database. For example, if you specify a switch with a port worldwide name in the switch security database, you must also specify that switch in the HBA security database with the same port worldwide name.
For CHAP authentication, create
