beautypg.com

Microsoft initiator chap secret restrictions, Linux chap restrictions, Atto macintosh chap restrictions – HP MPX200 Multifunction Router User Manual

Page 98: Recommended chap policies, Iscsi session types, Mpx200 chap modes

background image

Microsoft initiator CHAP secret restrictions

The Microsoft initiator CHAP secret restrictions are:

Maximum length of 16 characters

Minimum length of 12 characters

When an initiator uses iSNS for target discovery, only normal session CHAP applies

NOTE:

There is no restriction on the type of characters that can be entered.

Linux CHAP restrictions

The Linux CHAP restrictions are:

CHAP is supported with the Linux open-iscsi initiator and MPX200.

CHAP setup with Linux iSCSI initiator is not supported with the MPX200.

ATTO Macintosh CHAP restrictions

The ATTO Macintosh iSCSI initiator does not support CHAP at this time.

Recommended CHAP policies

The following CHAP policies are recommended:

The same CHAP secret should not be configured for authentication of multiple initiators or
targets.

Any CHAP secret used for initiator authentication must not be configured for authentication
of any target. Any CHAP secret used for target authentication must not be configured for
authentication of any initiator.

CHAP should be configured after the initial iSCSI initiator/target login to validate initiator/target
connectivity. The first initiator/target login creates a discovered iSCSI initiator entry on the
MPX200 that is used in the CHAP setup.

iSCSI session types

iSCSI defines two types of sessions:

Discovery—SCSI discovery enables an initiator to find the targets to which it has access.

Normal—A normal session is unrestricted.

CHAP is enforced on both discovery and normal sessions.

MPX200 CHAP modes

The MPX200 supports two CHAP modes. Once CHAP is enabled, it is enforced for both discovery
sessions and normal sessions. You can choose only the CHAP mode:

Single-direction—The target authenticates the identity of the initiator with the user-provided
CHAP secret. To enable single-direction CHAP, you must enable CHAP for a specific initiator
record on the MPX200 and enter a corresponding CHAP secret from the iSCSI host.

Bidirectional—The initiator and target authenticate each other's identity by using the
user-provided CHAP secrets. To enable bidirectional CHAP for a discovery session, you must
provide a CHAP secret for the initiator and for the iSCSI port for which you are performing
discovery. To enable bidirectional CHAP for a normal session, you must provide a CHAP
secret for the initiator and for the iSCSI-presented target that you want to log in to.

Single-direction CHAP during discovery session and during normal session

Single-direction CHAP during discovery session and bidirectional CHAP during normal session

98

MPX200 iSCSI configuration rules and guidelines

See also other documents in the category HP Storage: