01-19-2011 10:46 AM
a customer who have Brocade 300 want to use DH-CHAP.
How to activate it, configure it... ? What is the command that we used for this ?
And i want to understand how to configure it on an HBA server (emulex, qlogic...) ?
Anyone has used it ?
01-19-2011 11:50 AM
You'll be looking at the authutil command to activate and configure.
You need HBA's which support this (Brocade 415 425 815 and 825, QLA2300 and LP11000).
And more inportant its not mandatory. There are two modes off and passive. In off the switch doesn't care if the security bit in the FLOGI is set.
In passive it will use the bit when its set in FLOGI and reject the Nport if the PSK is incorrect.
When not set the Nport is granted access.
Perhaps you want to look at DCC and SCC policies for securing your fabric.
01-20-2011 09:16 AM
But how on the server could you configure HBA (if compatible) to insert password....
I cannot find document from emulex or qlogic which explain how to implement DH-CHAP.
I think that too few persorn has implemented this : no ?
01-20-2011 09:26 AM
I don't know how, my best guess would be by using accompanied management software/utils perhaps even after buying a additional licence
I don't know of anyone (company) who has implemented this. If it is security you are after, perhaps its worth to take a look at the security policies that can be enabed on your switch (like DCC). Those don't depend on supported HBA and are entirely SAN based.