HP StorageWorks 2/32 Brocade Secure Fabric OS Administrator's Guide (53-100024 - Page 44

2 Configuring Switch-to-Switch Authentication By default, Secure Fabric OS on Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 use SLAP or FCAP protocols for authentication. These protocols use digital certificates, based on switch WWN and PKI technology to authenticate switches. Support for FCAP is provided in Secure Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, and v5.2.0 and is used when both switches support it. Authentication automatically defaults to SLAP when a switch does not support FCAP. Alternatively, you can configure Secure Fabric OS to use DH-CHAP authentication. Use the authUtil command to configure the authentication parameters used by the switch. When you configure DHCHAP authentication, you also must define a pair of shared secrets known to both switches. Figure 2-1 illustrates how the secrets are configured. In the pair, one is the local switch secret and the other is the peer switch secret. (Terms local and peer are relative to an initiator-one who initiates authentication is local and the one who responds is peer.) Use secAuthSecret to set shared secrets on the switch. Configured, shared secrets are used at the next authentication. Authentication occurs whenever secure mode is enabled or whenever there is a state change for the switch or port. The state change can be due to a switch reboot, or a switch or port disable and enable. Key database on switch Local secret A Peer secret B Key database on switch Local secret B Peer secret A Switch A Figure 2-1 DH-CHAP Authentication Switch B 2-22 Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01