Filter
Top Products
Send documentation comments to mdsfeedback-doc@cisco.com.
30-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 30 FC-SP and DHCHAP
Fibre Channel Security Protocol
Figure 30-1 Switch and Host Authentication
Note Fibre Channel host bus adapters (HBAs) with appropriate firmware and drivers are required for
host-switch authentication.
About DHCHAP
DHCHAP is an authentication protocol that authenticates the devices connecting to a switch. Fibre
Channel authentication allows only trusted devices to be added to a fabric, thus preventing unauthorized
devices from accessing the switch.
Note The terms FC-SP and DHCHAP are used interchangeably in this chapter.
DHCHAP is a mandatory password-based, key-exchange authentication protocol that supports both
switch-to-switch and host-to-switch authentication. DHCHAP negotiates hash algorithms and
Diffie-Hellman groups before performing authentication. It supports MD5 and SHA-1 algorithm-based
authentication.
Configuring the DHCHAP feature requires the ENTERPRISE_PKG license (see Chapter 9, “Obtaining
and Installing Licenses”).
Storage
Subsytems
Unauthorized
hosts and switches
FC-SP
(DH-CHAP)
FC-SP
(DH-CHAP)
Trusted hosts
RADIUS server
105209