Setting up secret keys, Setting the authentication policy parameters, Activating the authentication policy – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

• The world wide name (WWN) of the peer.
• The secret of the peer that authenticates the peer to the local switch.
• The local secret that authenticates the local switch to the peer.

NOTE
Only the following non-alphanumeric characters are valid for the secret key:@ $ % ^ & * ( ) _ + - < > { }
[ ] ; ' :

switch# fcsp auth-secret dh-chap node 10:00:00:05:1e:7a:c3:00 peer-secret 12345678

local-secret 87654321

Shared secret is configured successfully.

To display the device (WWN) for which the shared secret is configured, use the show fcsp auth-secret
dh-chap command in privileged EXEC mode.

switch# show fcsp auth-secret dh-chap 10:00:00:05:1e:7a:c3:00

To remove the shared secrets, use the no fcsp auth-secret command in privileged EXEC mode.

switch# no fcsp auth-secret dh-chap node 10:00:00:05:1e:7a:c3:00

Shared secret successfully removed

Setting up secret keys

Setting up secret keys can quickly become an administrative challenge as your fabric size increases. As
a minimum, key pairs need to be installed on all connected fabric entities. However, when connections
change, you must install new key pairs to accommodate these changes. If you anticipate this situation,
you may install key pairs for all possible connections up front, thus enabling links to change arbitrarily
while still maintaining a valid key pair for any new connection.

Setting the authentication policy parameters

The following procedure configures an authentication policy auth-type DH-CHAP (only option), a DH
group of 2, and a hash type of md5. The switch policy is set to OFF until you are ready to explicitly
activate the policy.

1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter the fcsp auth command with the specified parameters.

switch(config)# fcsp auth auth-type dh-chap hash md5 group 2 switch policy off

3. Enter the do show running-config fcsp auth command to verify the configuration.

switch(config)# do show running-config fcsp auth

fcsp auth group 2

fcsp auth hash md5

fcsp auth policy switch off

Activating the authentication policy

1. In privileged EXEC mode, issue the configure terminal command to enter global configuration

mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter the fcsp auth policy active command to change the policy state from OFF to ON.

switch(config)# fcsp auth auth-type switch policy on

3. Enter the do show running-config fcsp auth command to verify the configuration.

switch(config)# do show running-config fcsp auth

fcsp auth group 2

Setting up secret keys

Network OS Administrator’s Guide

309

53-1003225-04