29 configure security authentication devices tab – HP StorageWorks 2.32 Edge Switch User Manual

Configuring the switch

96

Figure 29

Configure Security Authentication Devices tab

To have two connected switches authenticate each other locally, each switch must have its own user

ID, Node WWN, and CHAP secret, as well as the other switch’s user ID and CHAP secret. The

switch can store more IDs and CHAP secrets if the switch has multiple connections with other

switches only. You can also store IDs and CHAP secrets of switches that have no physical

connections with this switch. This is not recommended because accessing one switch provides

access to all switches’ CHAP secrets.
If you choose to have two connected switches authenticate each other through Radius server only,

all product IDs and CHAP secrets are stored on the Radius server and the product local database is

not required to carry the same data. In this case, the HAFM appliance does not communicate with

Radius server effectively. The Radius Only authentication method can cause more errors and

performance problems.
When the Radius Only option is selected, the HAFM appliance ensures that only the CHAP secret

for the switch is defined and stored in the local database. If not, a message is displayed indicating

you must type or generate a secret for the current switch before you enable E_port authentication.
If the CHAP secret is defined for the current switch, when clicking Apply, a message is displayed

indicating you have set E/N_port Authentication Method to Radius Only. If you have not properly

defined the secrets for all participating devices on the Radius Server, E/N_port authentication fails

and your fabric connectivity is broken.

Understanding the Devices tab display and default settings

When you access the Devices tab, do the following:

1.

Ensure that the Node Name is already discovered and displayed in a uneditable text field.

2.

Define the CHAP secret for the selected switch using the following steps: