HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.2 administrator guide (5697-0 - Page 322

iSCSI initiator-to-VT authentication configuration

Get HP StorageWorks 8/80 - SAN Switch PDF manuals and user guides View all HP StorageWorks 8/80 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 322 highlights

Name: dd-host001 Status: Defined Num. Members: 2 iqn.1991-05.com.microsoft:host001.brocade.com iqn.2006-10.com.example:disk001 Creating and enabling a discovery domain sets 1. Connect and log in to the switch. 2. Enter the iscsiCfg --create ddset command with the -n and -d options to create a new DDSet: switch:admin> iscsicfg --create ddset -n ddset-engineering -d dd-host001 The operation completed successfully. 3. Enter the iscsiCfg --show ddset command with the -v option to verify that the DDSet. switch:admin> iscsicfg --show ddset -v Number of records found: 1 Name: ddset-engineering State/Status: disabled/Defined Num. members: 1 dd-host001 iqn.1991-05.com.microsoft:host001.brocade.com iqn.2006-10.com.example:disk001 4. Enter the iscsiCfg --enable ddset command with the -n option to enable the DDSet: switch:admin> iscsicfg --enable ddset -n ddset-engineering This will enable the DDSet specified. Continue (yes, y, no, n) [n]: y The operation completed successfully. iSCSI initiator-to-VT authentication configuration Fabric OS 5.2.0 or later supports both one-way and mutual CHAP authentication for iSCSI initiator-to-iSCSI VT target sessions. The authentication method (CHAP or none) is set on a per-iSCSI VT basis. Setting the user name and shared secret Authentication depends on a user name and a shared secret. When an iSCSI VT authenticates an iSCSI initiator, it checks the user name and shared secret against all configured CHAP values. To enforce authentication of iSCSI initiators, set each iSCSI VT authentication to CHAP. The iSCSI initiator can use any user name and shared secret for any iSCSI VT configured on the fabric. 1. Connect and log in to the switch. 2. Enter the iscsiCfg --create auth command with the -u and -s options to configure a user name and shared secret: switch:admin> iscsicfg --create auth -u username0001 -s usersecret0001 The operation completed successfully. 3. Enter the iscsiCfg --modify tgt command with the -t and -a options to set CHAP as the authentication method: switch:admin> iscsicfg --modify tgt -t iqn.2006-10.com.brocade:example-disk001 -a CHAP The operation completed successfully. 320 iSCSI gateway service

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502
  • 503
  • 504
  • 505
  • 506
  • 507
  • 508
  • 509
  • 510
  • 511
  • 512
  • 513
  • 514
  • 515
  • 516
  • 517
  • 518
  • 519
  • 520
  • 521
  • 522
  • 523
  • 524
  • 525
  • 526
  • 527
  • 528
  • 529
  • 530
  • 531
  • 532
  • 533
  • 534
  • 535
  • 536
  • 537
  • 538
  • 539
  • 540
  • 541
  • 542
  • 543
  • 544
  • 545
  • 546
  • 547
  • 548
  • 549
  • 550
  • 551
  • 552
  • 553
  • 554
  • 555
  • 556
  • 557
  • 558
  • 559
  • 560
  • 561
  • 562
  • 563
  • 564
  • 565
  • 566
  • 567
  • 568
  • 569
  • 570
  • 571
  • 572
  • 573
  • 574
  • 575
  • 576
320
iSCSI gateway service
Name: dd-host001
Status: Defined
Num. Members: 2
iqn.1991-05.com.microsoft:host001.brocade.com
iqn.2006-10.com.example:disk001
Creating and enabling a discovery domain sets
1.
Connect and log in to the switch.
2.
Enter the
iscsiCfg
--
create ddset
command with the
-n
and
-d
options to create a new
DDSet:
switch:admin>
iscsicfg --create ddset -n ddset-engineering -d dd-host001
The operation completed successfully.
3.
Enter the
iscsiCfg
--
show ddset
command with the
-v
option to verify that the DDSet.
switch:admin>
iscsicfg --show
ddset -v
Number of records found: 1
Name: ddset-engineering
State/Status: disabled/Defined
Num. members: 1
dd-host001
iqn.1991-05.com.microsoft:host001.brocade.com
iqn.2006-10.com.example:disk001
4.
Enter the
iscsiCfg
--
enable ddset
command with the
-n
option to enable the DDSet:
switch:admin>
iscsicfg --enable ddset -n ddset-engineering
This will enable the DDSet specified.
Continue (yes, y, no, n) [n]: y
The operation completed successfully.
iSCSI initiator-to-VT authentication configuration
Fabric OS 5.2.0 or later supports both one-way and mutual CHAP authentication for iSCSI initiator-to-iSCSI
VT target sessions. The authentication method (CHAP or none) is set on a per-iSCSI VT basis.
Setting the user name and shared secret
Authentication depends on a user name and a shared secret. When an iSCSI VT authenticates an iSCSI
initiator, it checks the user name and shared secret against all configured CHAP values. To enforce
authentication of iSCSI initiators, set each iSCSI VT authentication to CHAP. The iSCSI initiator can use any
user name and shared secret for any iSCSI VT configured on the fabric.
1.
Connect and log in to the switch.
2.
Enter the
iscsiCfg
--
create auth
command with the
-u
and
-s
options to configure a user
name and shared secret:
switch:admin>
iscsicfg --create auth -u username0001 -s usersecret0001
The operation completed successfully.
3.
Enter the
iscsiCfg
--
modify tgt
command with the
-t
and
-a
options to set CHAP as the
authentication method:
switch:admin>
iscsicfg --modify tgt -t
iqn.2006-10.com.brocade:example-disk001 -a CHAP
The operation completed successfully.