beautypg.com

Fcsp auth – Brocade Network OS Command Reference v4.1.0 User Manual

Page 319

background image

Network OS Command Reference

281

53-1003115-01

fcsp auth

2

fcsp auth

Configures the protocol specific parameters.

Synopsis

fcsp auth auth-type dh-chap group {0 | 1 | 2 | 3 | 4 | *} hash {sha1 | md5 | all} policy switch {on
| off | active | passive}

Operands

auth-type dh-chap

Authentication type is DH-CHAP.

group

Specifies the DH group value. This parameter sets the strength of the
secret. Values are 0, 1, 2, 3, 4 or *. The asterisk (*) indicates all values (0
through 4). The default value is *.

hash

Specifies the hash type used for authentication. Possible values are sha1,
md5, or all (sha1 and md5). The default option is all.

policy switch

Configures the switch authentication policy attribute. Values are on, off,
passive, or active. The default switch policy is passive.

Defaults

None

Command Modes

Global configuration mode

RBridge ID configuration mode

Description

Use this command to configure the authentication policy attributes and controls its behavior. The
policy configuration includes protocol specific parameters such as authentication type, DH-group
value, and hash type. It also defines whether the policy is enabled or disabled and how strictly it is
enforced.

Usage Guidelines

The authentication policy can be set to any of these values:

ON — Strict authentication is enforced on all E-ports. The ISL goes down (port disable) if the
connecting switch does not support the authentication or the policy is OFF. During switch
initialization, authentication is initiated on all E-ports automatically. The authentication is
initiated automatically during the E-port bring-up by fabric module. The authentication
handshaking is completed before the switches exchange the fabric parameters (EFP) for
E-port bring-up.

ACTIVE — In this policy, the switch is more tolerant and can be connected to a switch with any
type of policy. During switch initialization, authentication is initiated on all E-ports, but the port
is not disabled if the connecting switch does not support authentication or the authentication
policy is OFF. The authentication is initiated automatically during the E_Port bring-up.

PASSIVE (default) — The switch does not initiate authentication, but participates in
authentication if the connecting switch initiates authentication. The switch does not start
authentication on E_Ports, but accepts the incoming authentication requests, and will not
disable if the connecting switch does not support authentication or the policy is OFF.

OFF — The switch does not support authentication and rejects any authentication negotiation
request from neighbor switch. A switch with the policy OFF should not be connected to a
switch with policy ON, since the ON policy is strict and disables the port if any switch rejects
the authentication. DH-CHAP shared secrets should be configured before switching on the
policy from OFF state.

After the authentication negotiation succeeds, the DH-CHAP authentication is initiated. If DH-CHAP
authentication fails, the port is disabled. This behavior applies to all modes of the policy.

See also other documents in the category Brocade Computer Accessories: