Chapter 4
Configuring iSCSI
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Configuring No Authentication
Set the iSCSI authentication method to none to configure a network with no authentication.
switch(config)# iscsi authentication none
Configuring CHAP with Local Password Database
To configure authentication using the CHAP option with the local password database, follow these steps:
Set the AAA authentication to use the local password database for the iSCSI protocol.
Step 1
switch(config)# aaa authentication iscsi default local
Set the iSCSI authentication method to require CHAP for all iSCSI clients.
Step 2
switch(config)# iscsi authentication chap
Configure the user names and passwords for iSCSI users.
Step 3
switch(config)# username iscsi-user password abcd iscsi
Note
Verify the global iSCSI authentication setup.
Step 4
switch# show iscsi global
iSCSI Global information Authentication: CHAP <----Verify
Import FC Target: Disabled
...
Configuring CHAP with External RADIUS Server
To configure authentication using the CHAP option with an external RADIUS server, follow these steps:
Configure the password for the Cisco MDS switch as RADIUS client to the RADIUS server:
Step 1
switch(config)# radius-server key mds-1
Step 2
Configure the RADIUS server IP address by performing one of the following:
•
switch(config)# radius-server host 10.1.1.10
•
switch(config)# radius-server host 2001:0DB8:800:200C::417A
Configure the RADIUS server group IP address by performing one of the following:
Step 3
•
switch(config)# aaa group server radius iscsi-radius-group
OL-19525-01,Cisco MDS NX-OS Release 4.2(1)
If you do not specify the iscsi option, the user name is assumed to be a Cisco MDS switch user
instead of an iSCSI user.
Configure an IPv4 address.
Configure an IPv6 address.
Configure an IPv4 address.
iSCSI Authentication Setup Guidelines and Scenarios
Cisco MDS 9000 Family NX-OS IP Services Configuration Guide
4-67