Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 5
Registered: ‎02-08-2010

dh-chap on brocade

Hi,

a customer who have Brocade 300 want to use DH-CHAP.

How to activate it, configure it... ? What is the command that we used for this ?

And i want to understand how to configure it on an HBA server (emulex, qlogic...) ?

Anyone has used it ?

Thanks

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: dh-chap on brocade

You'll be looking at the authutil command to activate and configure.

You need HBA's which support this (Brocade 415 425 815 and 825, QLA2300 and LP11000).

And more inportant its not mandatory. There are two modes off and passive. In off the switch doesn't care if the security bit in the FLOGI is set.

In passive it will use the bit when its set in FLOGI and reject the Nport if the PSK is incorrect.

When not set the Nport is granted access.

Perhaps you want to look at DCC and SCC policies for securing your fabric.

Occasional Contributor
Posts: 5
Registered: ‎02-08-2010

Re: dh-chap on brocade

ok

But how on the server could you configure HBA (if compatible) to insert password....

I cannot find document from emulex or qlogic which explain how to implement DH-CHAP.

I think that too few persorn has implemented this : no ?

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: dh-chap on brocade

I don't know how, my best guess would be by using accompanied management software/utils perhaps even after buying a additional licence

I don't know of anyone (company) who has implemented this. If it is security you are after, perhaps its worth to take a look at the security policies that can be enabed on your switch (like DCC). Those don't depend on supported HBA and are entirely SAN based.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook