Configuration Examples for Fabric Security
This section provides the steps to configure the example illustrated in the following figure.
Figure 42: Sample DHCHAP Authentication
This example shows how to set up authentication:
Procedure
Step 1
Obtain the device name of the Cisco SAN switch in the fabric. The Cisco SAN switch in the fabric is identified
by the switch WWN.
Example:
switch#
show wwn switch
Switch WWN is 20:00:00:05:30:00:54:de
Step 2
Explicitly enable DHCHAP in this switch.
When you disable DHCHAP, all related configurations are automatically discarded.
Note
Example:
switch(config)#
fcsp enable
Step 3
Configure a clear text password for this switch. This password is used by the connecting device.
Example:
switch(config)#
fcsp dhchap password rtp9216
Step 4
Configure a password for another switch in the fabric that is identified by the switch WWN device name.
Example:
switch(config)#
fcsp dhchap devicename 20:00:00:05:30:00:38:5e password rtp9509
Step 5
Enable the DHCHAP mode for the required interface.
Whenever DHCHAP port mode is changed to a mode other than the Off mode, reauthentication is
performed.
Note
Example:
switch(config)#
interface fc2/4
switch(config-if)#
fcsp on
Step 6
Verify the protocol security information configured in this switch by displaying the DHCHAP local password
database.
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x
OL-30895-01
241
Configuring FC-SP and DHCHAP
Configuration Examples for Fabric Security