Configuring e_port authentication – Dell POWEREDGE M1000E User Manual
Page 209
Fabric OS Administrator’s Guide
209
53-1002745-02
Authentication policy for fabric elements
7
Virtual Fabrics considerations
The switch authentication policy applies to all E_Ports in a logical switch. This includes ISLs and
extended ISLs. Authentication of extended ISLs between two base switches is considered
peer-chassis authentication. Authentication between two physical entities is required, so the
extended ISL which connects the two chassis needs to be authenticated. The corresponding
extended ISL for a logical ISL authenticates the peer-chassis, therefore the logical ISL
authentication is not required. Because the logical ISLs do not carry actual traffic, they do not need
to be authenticated. Authentication on re-individualization is also blocked on logical ISLs. The
following error message is printed on the console when you execute the authUtil –-authinit
command on logical-ISLs, “Failed to initiate authentication. Authentication is not supported on
logical ports
Configuring E_Port authentication
1. Connect to the switch and log in using an account with admin permissions, or an account with
OM permissions for the Authentication RBAC class of commands.
2. Enter the authUtil command to set the switch policy mode.
Example of configuring E_Port authentication
The following example shows how to enable Virtual Fabrics and configure the E_Ports to perform
authentication using the AUTH policies authUtil command.
switch:admin> fosconfig -enable vf
WARNING: This is a disruptive operation that requires a reboot to take
effect.
All EX ports will be disabled upon reboot.
Would you like to continue [Y/N] y
switch:admin> authutil --authinit 2,3,4
CAUTION
If data input has not been completed and a failover occurs, the command is terminated without
completion and your entire input is lost.
If data input has completed, the enter key pressed, and a failover occurs, data may or may not be
replicated to the other CP depending on the timing of the failover. Log in to the other CP after the
failover is complete and verify the data was saved. If data was not saved, run the command
again.
Example of setting the policy to active mode
switch:admin> authutil --policy -sw active
Warning: Activating the authentication policy requires
either DH-CHAP secrets or PKI certificates depending
on the protocol selected. Otherwise, ISLs will be
segmented during next E-port bring-up.
ARE YOU SURE (yes, y, no, n): [no] y
Auth Policy is set to ACTIVE
NOTE
This authentication-policy change will not affect online EX_Ports.