DHCHAP
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Figure 38-1
Unauthorized
hosts and switches
Note
Fibre Channel (FC) host bus adapters (HBAs) with appropriate firmware and drivers are required for
host-switch authentication.
DHCHAP
DHCHAP is an authentication protocol that authenticates the devices connecting to a switch. Fibre
Channel authentication allows only trusted devices to be added to a fabric, thus preventing unauthorized
devices from accessing the switch.
The terms FC-SP and DHCHAP are used interchangeably in this chapter.
Note
DHCHAP is a mandatory password-based, key-exchange authentication protocol that supports both
switch-to-switch and host-to-switch authentication. DHCHAP negotiates hash algorithms and DH
groups before performing authentication. It supports MD5 and SHA-1 algorithm-based authentication.
Configuring the DHCHAP feature requires the ENTERPRISE_PKG license (see
and Installing
To configure DHCHAP authentication using the local password database, follow these steps:
Cisco MDS 9000 Family CLI Configuration Guide
38-2
Switch and Host Authentication
RADIUS server
FC-SP
(DH-CHAP)
Licenses").
Chapter 38
Trusted hosts
FC-SP
(DH-CHAP)
Storage
Subsytems
OL-18084-01, Cisco MDS NX-OS Release 4.x
Configuring FC-SP and DHCHAP
Chapter 3, "Obtaining