Using a radius server – SANRAD I3.1.1205 User Manual
Page 142
7-24
SANRAD V-Switch CLI User Manual
After assigning iSCSI initiators and assigning credentials to an identity, use the
CLI command acl identity details to view the list of iSCSI initiators.
acl identity details
You need to define one parameter to view an identity’s details:
S
WITCH
P
ARAMETER
D
EFINITION
S
TATUS
E
XAMPLE
-id
IDENTITY
NAME OF
ACL
MANDATORY
accounting
acl identity details –id accounting
Table 7-4: Identity
Details
Description:
Accounts allowed read-write
access to accounting records
Initiators: iqn.1991-05.microsoft:steven.
sanrad
iqn.com.cisco.steven
Credentials:
CHAP
Using a RADIUS Server
If you are working in
a V-Switch cluster,
the RADIUS server
must be configured
on both V Switches.
When CHAP user names and passwords are configured on the network in
a remote RADIUS server, use the CLI command acl identity add
chap
to direct a CHAP challenge to the RADIUS server and eliminate the
need to configure all user name + password pairs on the V-Switch. This
decreases configuration time and increase overall network security. Use
the CLI command ip radius add to add a RADIUS server address to
the V-Switch RADIUS client.
In Figure 7-16, a CHAP authentication challenge is sent to the V-Switch.
The V-Switch first checks if the user name is set for RADIUS
authentication. If it is, the CHAP challenge is passed on to the RADIUS
server. If it is not, the user name and password are compared against the
pairs configured in the V-Switch.