跳到主要内容

设置认证策略

必须设置认证策略和相关参数。

必须在交换机控制台上执行这些命令。

  1. 设置认证密钥:
    1. 开始设置过程:secAuthSecret --set

      此命令将发出一系列提示(需要您在以下步骤中做出响应)。
    2. 对于 Enter peer WWN, Domain, or switch name 参数,提供光纤网中另一个交换机的全球名称(WWN)。
    3. 对于 Enter peer secret 参数,提供对端密钥。
    4. 对于 Enter local secret 参数,提供本地密钥。
    5. 对于 Are you done 参数,输入 Y

    以下是设置认证密钥的示例:
    brcd> secAuthSecret --set

    This command is used to set up secret keys for the DH-CHAP authentication.
    The minimum length of a secret key is 8 characters and maximum 40
    characters. Setting up secret keys does not initiate DH-CHAP
    authentication. If switch is configured to do DH-CHAP, it is performed
    whenever a port or a switch is enabled.

    Warning: Please use a secure channel for setting secrets. Using
    an insecure channel is not safe and may compromise secrets.

    Following inputs should be specified for each entry.

    1. WWN for which secret is being set up.
    2. Peer secret: The secret of the peer that authenticates to peer.
    3. Local secret: The local secret that authenticates peer.

    Press enter to start setting up secrets > <cr>

    Enter peer WWN, Domain, or switch name (Leave blank when done): 10:00:00:05:33:76:2e:99
    Enter peer secret: <hidden>
    Re-enter peer secret: <hidden>
    Enter local secret: <hidden>
    Re-enter local secret: <hidden>

    Enter peer WWN, Domain, or switch name (Leave blank when done): 
    Are you done? (yes, y, no, n): [no] yes
    Saving data to key store... Done.

  2. 将认证组设置为 4authUtil --set -g 4
  3. 将认证类型设置为 dhchapauthUtil --set -a dhchap
    系统将显示以下输出:
    Authentication is set to dhchap.
  4. 将交换机上的认证策略设置为 onauthUtil --policy -sw on
    系统将显示以下输出:
    Warning: Activating the authentication policy requires either DH-CHAP secrets or PKI certificates depending on the protocol selected. Otherwise, ISLs will be segmented during next E-port bring-up. 
    ARE YOU SURE  (yes, y, no, n): [no] yes
    Auth Policy is set to ON