Skip to main content

Setting the authentication policy

You must set the authentication policy and associated parameters.

The commands must be executed at the switch console.

  1. Set the authentication secret:
    1. Begin the setup process: secAuthSecret --set

      This command initiates a series of prompts that you respond to in the following steps.
    2. Provide the worldwide name (WWN) of the other switch in the fabric for the Enter peer WWN, Domain, or switch name parameter.
    3. Provide the peer secret for the Enter peer secret parameter.
    4. Provide the local secret for the Enter local secret parameter.
    5. Enter Y for the Are you done parameter.

    The following is an example of setting the authentication secret:
    brcd> secAuthSecret --set

    This command is used to set up secret keys for the DH-CHAP authentication.
    The minimum length of a secret key is 8 characters and maximum 40
    characters. Setting up secret keys does not initiate DH-CHAP
    authentication. If switch is configured to do DH-CHAP, it is performed
    whenever a port or a switch is enabled.

    Warning: Please use a secure channel for setting secrets. Using
    an insecure channel is not safe and may compromise secrets.

    Following inputs should be specified for each entry.

    1. WWN for which secret is being set up.
    2. Peer secret: The secret of the peer that authenticates to peer.
    3. Local secret: The local secret that authenticates peer.

    Press enter to start setting up secrets > <cr>

    Enter peer WWN, Domain, or switch name (Leave blank when done): 10:00:00:05:33:76:2e:99
    Enter peer secret: <hidden>
    Re-enter peer secret: <hidden>
    Enter local secret: <hidden>
    Re-enter local secret: <hidden>

    Enter peer WWN, Domain, or switch name (Leave blank when done): 
    Are you done? (yes, y, no, n): [no] yes
    Saving data to key store... Done.

  2. Set the authentication group to 4 : authUtil --set -g 4
  3. Set the authentication type to dhchap : authUtil --set -a dhchap
    The system displays the following output:
    Authentication is set to dhchap.
  4. Set the authentication policy on the switch to on : authUtil --policy -sw on
    The system displays the following output:
    Warning: Activating the authentication policy requires either DH-CHAP secrets or PKI certificates depending on the protocol selected. Otherwise, ISLs will be segmented during next E-port bring-up. 
    ARE YOU SURE  (yes, y, no, n): [no] yes
    Auth Policy is set to ON