beautypg.com

Secret key pairs for dh-chap, Characteristics of a secret key pair, Note about access gateway switches – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 227

background image

all groups. See

In-flight Encryption and Compression

on page 407 for details about in-flight

encryption.

Secret key pairs for DH-CHAP

When you configure the switches at both ends of a link to use DH-CHAP for authentication, you must
also define a secret key pair --one for each end of the link. Use the secAuthSecret command to
perform the following tasks:

• View the WWN of switches with a secret key pair
• Set the secret key pair for switches.
• Remove the secret key pair for one or more switches.

Characteristics of a secret key pair

• The secret key pair must be set up locally on every switch. The secret key pair is not distributed

fabric-wide.

• If a secret key pair is not set up for a link, authentication fails. The "Authentication Failed" (reason

code 05h) error will be reported and logged.

• The minimum length of a shared secret is 8 characters and the maximum length is 40 characters. If

the E_Port is to carry in-flight encrypted traffic, a shared secret or at least 32 characters is
recommended. See

In-flight Encryption and Compression

on page 407 for details about in-flight

encryption.

NOTE
When setting a secret key pair , note that you are entering the shared secrets in plain text. Use a secure
channel (for example, SSH or the serial console) to connect to the switch on which you are setting the
secrets.

Viewing the list of secret key pairs in the current switch database

1. Log in to the switch using an account with admin permissions, or an account with the O permission

for the Authentication RBAC class of commands.

2. Enter the secAuthSecret --show command.

The output displays the WWN, domain ID, and name (if known) of the switches with defined shared
secrets:

WWN DId Name

-----------------------------------------------

10:00:00:60:69:80:07:52 Unknown

10:00:00:60:69:80:07:5c 1 switchA

Note about Access Gateway switches

Because Domain ID and name are not supported for Access Gateway, secAuthSecret --show output
for Access Gateway appears as follows:

WWN DId Name

-----------------------------------------------

10:00:8C:7C:FF:03:9E:00 -1 Unknown

10:00:8C:7C:FF:03:9E:01 -1 Unknown

10:00:8C:7C:FF:0D:AF:01 -1 Unknown

Secret key pairs for DH-CHAP

Fabric OS Administrators Guide

227

53-1003130-01

See also other documents in the category Brocade Computer Accessories: