B Configuring CHAP

CHAP Definition

In challenge handshake authentication protocol (CHAP), the authentication agent sends the client program a random value that is used only once and an ID value. Both the sender and peer share a predefined secret. The peer concatenates the random value, the ID, and the secret; it calculates a one-way hash using MD5 (Message-Digest algorithm 5). It sends the hash value to the authenticator, which in turn builds that same string on its side, calculates the MD5 checksum, and compares the result with the value received from the peer. If the values match, the peer is authenticated.

By transmitting only the hash, the secret cannot be reverse-engineered. The algorithm increases the ID value with each CHAP dialogue to protect against replay attacks.

Configuring CHAP Using CLI

The following sections describe the procedure for configuring CHAP from the command line interface (CLI).

CLI—Discovery Session—Bi-directional CHAP

To configure a bi-directional CHAP used during a discovery session:

1.On the router:

a.Enable CHAP on the port.

b.Create a secret (for example, secret_port).

c.Using the set chap command, choose the iSCSI node that represented the GE port.

d.Use the show iscsi command to find the iSCSI node name of the GE port.

FI0154601-00 C

B-1

Page 201
Image 201
Q-Logic 6140 manual Configuring Chap, CLI-Discovery Session-Bi-directional Chap