3 – Planning Fabric Security

D

2.Create a Management Server group (Group_1) in Security_Set_2 with Switch_2 and HBA_2 or APP_2 as its member.

„You must specify HBAs by node worldwide name. Switches can be specified by port or node worldwide name. The type of switch worldwide name you use in the switch security database must be the same as that in the HBA security database. For example, if you specify a switch with a port worldwide name in the switch security database, you must also specify that switch in the HBA security database with the same port worldwide name.

„For MD5 authentication, create 32-character hex secrets.

 

MS Group: Group_1

 

 

Switch_2

Node WWN: 10:00:00:c0:dd:07:c3:4e

 

CT Authentication: MD5

 

Secret: 9876543210fedcba9876543210fedcba

HBA_2 or APP_2 Node WWN: 10:00:00:c0:dd:07:c3:4d CT Authentication: MD5

Secret: fedcba9876543210fedcba9876543210

3.Configure security on HBA_2 or APP_2 using the appropriate management tool. Logins between the Switch_2 and HBA_2 or APP_2 will be challenged (MD5) for their respective secrets. Therefore, the secrets that you configured for HBA_2 or APP_2 on Switch_2 must also be configured on HBA_2 or APP_2.

4.Save Security_Set_2 and prepare to activate it. Activating a security set does not affect currently logged-in ports. Therefore, to apply the security policy that you designed in the security database, you must offline the secured ports, activate the security set, then place the secured ports back online.

3-16

59043-03 A

Page 56
Image 56
Q-Logic 64 manual MS Group Group1