HP StorageWorks 2.32 Edge Switch User Manual

HA-Fabric Manager user guide 155

Figure 94

Main window with Security tab, Authentication, Device tab

To have two connected switches authenticate each other locally, each switch must have its own user

ID, Node WWN, and CHAP secret, as well as the other switch’s user ID and CHAP secret. The

switch can store more IDs and CHAP secrets if the switch has multiple connections with other

switches only. You can also store IDs and CHAP secrets of switches that have no physical

connections with this switch. This is not recommended because accessing one switch provides

access to all switches’ CHAP secrets.
If you choose to have two connected switches authenticate each other through Radius server only,

all product IDs and CHAP secrets are stored on the Radius server and the product local database is

not required to carry the same data. In this case, the HAFM appliance does not communicate with

Radius server effectively. The Radius Only authentication method can cause more errors and

performance problems.
When the Radius Only option is selected, the HAFM appliance ensures that only the CHAP secret

for the switch is defined and stored in the local database. If not, a message displays indicating you

must type or generate a secret for the current switch before you enable E_port authentication.
If the CHAP secret is defined for the current switch, when clicking Apply, a message displays

indicating you have set E/N_port Authentication Method to Radius Only. If you have not properly

defined the secrets for all participating devices on the Radius Server, E/N_port authentication fails

and your fabric connectivity is broken.