Device authentication configuration, Configuring dh-chap shared secrets – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

224

Network OS NETCONF Operations Guide

53-1003231-02

Device authentication configuration

17

FC AUTH and SCC policy parameters are defined in the brocade-fc-auth YANG module. For details,
refer to the Network OS YANG Reference Manual.

Device authentication configuration

Configuring a Brocade VDX 6730 switch to access a SAN fabric connected through an FC router
involves the following steps.

1. Configure the matching shared secret pairs on the VDX 6730 and on the FC router.

2. Configure the authentication policy on the VDX 6730 switch (the FC router configuration is

fixed).

3. Activate the authentication policy.

Setting up secret keys can quickly become an administrative challenge as your fabric size
increases. As a minimum, key pairs must be installed on all connected fabric entities. However,
when connections change, you must install new key pairs to accommodate these changes. If you
anticipate this situation, you may install key pairs for all possible connections up front, thus
enabling links to change arbitrarily while still maintaining a valid key pair for any new connection.

Configuring DH-CHAP shared secrets

To configure the DH-CHAP shared secrets, issue the // custom
action, located in the urn:brocade.com:mgmt:brocade-fc-auth namespace. Provide the following
information as shown in the example:

•

In the element, include the World Wide Name (WWN) of the peer.

•

In the element, specify the secret of the peer that authenticates the peer to the
local switch.

•

In the element, specify the local secret that authenticates the local switch to the
peer.

NOTE

Only the following non-alphanumeric characters are valid for the secret key:
@, $, %, ^, &, *, (, ), _, +, -, <, >, {, }, [, ], ;, ', and :

10:00:00:05:1e:7a:c3:00

12345678

87654321