Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎05-26-2010

How can I implement FC-SP between switch and hba?

Hi,

I have to implement a secure authentication (FC-SP, with DH-Chap) between fc switch and hbas. The hbas are from Emulex and Qlogic. Do anyone now, how I can do this? 

 

Thanks and kind regards

Christian

 

External Moderator
Posts: 4,973
Registered: ‎02-23-2004

Re: How can I implement FC-SP between switch and hba?

@christian.baldauf

 

did you take a look in Admin Guide ?

 

here is a chapterfor Autonthication Policy and how to configure DH-Chap

 

http://www.brocade.com/content/html/en/administration-guide/fos-740-admin/GUID-4837ED15-943F-49EF-9B99-5828E9007BC8.html

 

 

TechHelp24
New Contributor
Posts: 2
Registered: ‎05-26-2010

Re: How can I implement FC-SP between switch and hba?

Hallo Antonio,

 

thank you for your quick answer. The authentication between the swichtes is not the problem, this is implemented now. But how can I do the authentication between the host hbas (vSphere and Windows Server) and the switches. I do not find any information how to configure the hbas for this feature. Yes, Emulex and Qlogic are supporting this feature, but there are no infos, how I can do that.

 

Kind regards

Christian

Brocade Moderator
Posts: 302
Registered: ‎03-29-2011

Re: How can I implement FC-SP between switch and hba?

Hi Christian,

 

per the below you need to set the device policy to passive:

 

http://www.brocade.com/content/html/en/administration-guide/fos-740-admin/GUID-B943168B-F9A8-4737-85CD-FE1E72809DB5.html

 

For the Qlogic BR (former brocade you can use the GUI (HCM)) the following CLI to setup security (AdminGuide_BRSeriesAdapters)

 

Issue the following QLogic BCU CLI commands to view or configure security

authentication for the ports:

bcu auth - -algo <port_id> <md|sha1|ms|sm>

bcu auth - -policy <port_id> <on|off>

bcu auth - -secret <port_id> <secret string>

bcu auth - -show <port_id>

bcu auth - -stats <port_id>

bcu auth - -statsclr <port_id>

 

Now, for example, took a look at emulex LPE12000 and from the following (Emulex Drivers for Windows for LightPulse Adapters User Guide ) it looks like the authentication needs to be enabled in the drivers.

 

EnableAUTH enables fabric authentication. This parameter requires the authentication to be supported by the fabric. Authentication is enabled if this value is set to 1.

 

More configuration options in the Emulex One Command Manager CLI at (Emulex OneCommand Manager Command Line Interface for LightPulse Adapters User Guide )

 

These commands configure a DHCHAP connection between an FC port and a switch port. Authentication commands apply
only to LPe12000-series adapters.

 

AuthConfigList
DeleteAuthConfig
GetAuthConfig
GetAuthStatus
InitiateAuth
SetAuthConfig
SetPassword

 

I have provided some example on the HBA configurations, further depends on HBA, OS and drivers versions.

 




If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution".


Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.