D

3 – Planning Fabric Security

Device: HBA_1

WWN: 10:00:00:c0:dd:07:c3:4d

Security: Yes

Device: JBOD

Security: No

F_Port

FL_Port

 

E_Port Device: Switch_1

WWN: 10:00:00:c0:dd:07:e3:4c

Security: Yes

Device: HBA_2

Security: No

F_Port

Device: Switch_2

WWN: 10:00:00:c0:dd:07:e3:4e

Security: No

Figure 3-3. Security Example: Switches and HBAs

1.Create a security set (Security_Set_1) on Switch_1.

2.Create a port group (Group_Port) in Security_Set_1 with Switch_1, and HBA_1 as members. Because the JBOD is a loop device, it is excluded from the port group.

„You must specify HBAs by node worldwide name. Switches can be specified by port or node worldwide name. The type of switch worldwide name you use in the switch security database must be the same as that in the HBA security database. For example, if you specify a switch with a port worldwide name in the switch security database, you must also specify that switch in the HBA security database with the same port worldwide name.

„For CHAP authentication, create 32-character secrets. The switch secret must be shared with the HBA security database.

 

Port Group: Group_Port

 

 

Switch_1

Node WWN: 10:00:00:c0:dd:07:e3:4c

 

Authentication: CHAP

 

Secret: 0123456789abcdef0123456789abcdef

HBA_1

Node WWN: 10:00:00:c0:dd:07:c3:4d

 

Authentication: CHAP

 

Secret: fedcba9876543210fedcba9876543210fedcba

 

 

59043-03 A

3-13

Page 53
Image 53
Q-Logic 64 manual Node WWN 100000c0dd07c34d, Secret fedcba9876543210fedcba9876543210fedcba