beautypg.com

Using a radius server – SANRAD I3.1.1205 User Manual

Page 142

background image

7-24

SANRAD V-Switch CLI User Manual

After assigning iSCSI initiators and assigning credentials to an identity, use the
CLI command acl identity details to view the list of iSCSI initiators.

acl identity details

You need to define one parameter to view an identity’s details:

S

WITCH

P

ARAMETER

D

EFINITION

S

TATUS

E

XAMPLE

-id

IDENTITY

NAME OF

ACL

MANDATORY

accounting

acl identity details –id accounting

Table 7-4: Identity

Details

Description:

Accounts allowed read-write
access to accounting records

Initiators: iqn.1991-05.microsoft:steven.

sanrad

iqn.com.cisco.steven

Credentials:

CHAP

Using a RADIUS Server

If you are working in

a V-Switch cluster,

the RADIUS server

must be configured

on both V Switches.

When CHAP user names and passwords are configured on the network in
a remote RADIUS server, use the CLI command acl identity add
chap

to direct a CHAP challenge to the RADIUS server and eliminate the

need to configure all user name + password pairs on the V-Switch. This
decreases configuration time and increase overall network security. Use
the CLI command ip radius add to add a RADIUS server address to
the V-Switch RADIUS client.

In Figure 7-16, a CHAP authentication challenge is sent to the V-Switch.
The V-Switch first checks if the user name is set for RADIUS
authentication. If it is, the CHAP challenge is passed on to the RADIUS
server. If it is not, the user name and password are compared against the
pairs configured in the V-Switch.