beautypg.com

Re-authenticating e_ports, Device authentication policy – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 224

background image

either DH-CHAP secrets or PKI certificates depending

on the protocol selected. Otherwise, ISLs will be

segmented during next E-port bring-up.

ARE YOU SURE (yes, y, no, n): [no] y

Auth Policy is set to ACTIVE

NOTE
This authentication-policy change will not affect online EX_Ports.

Re-authenticating E_Ports

Use the authUtil --authinit command to re-initiate the authentication on selected ports. It provides
flexibility to initiate authentication for specified E_Ports, a set of E_Ports, or all E_Ports on the switch.
This command does not work on loop, NPIV and FICON devices, or on ports configured for in-flight
encryption. The command authUtil can re-initiate authentication only if the device was previously
authenticated. If the authentication fails because shared secrets do not match, the port is disabled.

This command works independently of the authentication policy; this means you can initiate the
authentication even if the switch is in PASSIVE mode. This command is used to restart authentication
after changing the DH-CHAP group, hash type, or shared secret between a pair of switches.

ATTENTION

This command may bring down E_Ports if the DH-CHAP shared secrets are not installed correctly.

1. Log in to the switch using an account with admin permissions, or an account with OM permissions

for the Authentication RBAC class of commands.

2. Enter the authUtil --authinit command.

Example for specific ports on the switch

switch:admin> authutil --authinit 2,3,4

Example for all E_Ports on the switch

switch:admin> authutil --authinit allE

Example for Backbones using the slot/port format

switch:admin> authutil --authinit 1/1, 1/2

Device authentication policy

Device authentication policy can also be categorized as an F_Port, node port, or an HBA
authentication policy. Fabric-wide distribution of the device authentication policy is not supported
because the device authentication requires manual interaction in setting the HBA shared secrets and
switch shared secrets, and most of the HBAs do not support the defined DH groups for use in the DH-
CHAP protocol.

NOTE
Authentication is supported from Brocade fabric switches in native mode to Access Gateway switches
and from Access Gateway switches to HBAs. For more information, refer to the Access Gateway
Administrator's Guide.

Re-authenticating E_Ports

224

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: