beautypg.com

Virtual fabrics considerations, Configuring e_port authentication – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 223

background image

changes to the AUTH policy take effect during the next authentication request. This includes starting
authentication on all E_Ports on the local switch if the policy is changed to ON or ACTIVE, and clearing
the authentication if the policy is changed to OFF. The authentication configurations will be effective
only on subsequent E_ and F_Port initialization.

ATTENTION

A secret key pair has to be installed prior to changing the policy. For more information on setting up
secret key pairs, refer to

Setting a secret key pair

on page 228.

If you must disable authentication on a port that has in-flight encryption or compression configured, you
must first disable in-flight encryption or compression on the port, and then disable authentication. Refer
to

In-flight Encryption and Compression

on page 407 for details.

Virtual Fabrics considerations

The switch authentication policy applies to all E_Ports in a logical switch. This includes ISLs and
extended ISLs. Authentication of extended ISLs between two base switches is considered peer-chassis
authentication. Authentication between two physical entities is required, so the extended ISL which
connects the two chassis needs to be authenticated. The corresponding extended ISL for a logical ISL
authenticates the peer-chassis, therefore the logical ISL authentication is not required. Because the
logical ISLs do not carry actual traffic, they do not need to be authenticated. Authentication on re-
individualization is also blocked on logical ISLs. The following error message is printed on the console
when you execute the authUtil --authinit command on logical-ISLs, "Failed to initiate authentication.
Authentication is not supported on logical ports ". For more information on Virtual Fabrics, refer
to

Virtual Fabrics considerations

.

Configuring E_Port authentication

1. Connect to the switch and log in using an account with admin permissions, or an account with OM

permissions for the Authentication RBAC class of commands.

2. Enter the authUtil command to set the switch policy mode.

Example of configuring E_Port authentication

The following example shows how to enable Virtual Fabrics and configure the E_Ports to perform
authentication using the AUTH policies authUtil command.

switch:admin> fosconfig -enable vf

WARNING: This is a disruptive operation that requires a reboot to take effect.

All EX ports will be disabled upon reboot.

Would you like to continue [Y/N] y

switch:admin> authutil --authinit 2,3,4

CAUTION

If data input has not been completed and a failover occurs, the command is terminated
without completion and your entire input is lost.If data input has completed, the enter key
pressed, and a failover occurs, data may or may not be replicated to the other CP depending
on the timing of the failover. Log in to the other CP after the failover is complete and verify the
data was saved. If data was not saved, run the command again.

Example of setting the policy to active mode

switch:admin> authutil --policy -sw active

Warning: Activating the authentication policy requires

Virtual Fabrics considerations

Fabric OS Administrators Guide

223

53-1003130-01

See also other documents in the category Brocade Computer Accessories: