HP EVA P6550 HP P6300/P6500 EVA User Guide (5697-2486, September 2013) - Page 132
Linux version, ATTO Macintosh Chap restrictions, Recommended CHAP policies, iSCSI session types
![]() |
View all HP EVA P6550 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 132 highlights
Linux version • CHAP is supported with Linux open-iscsi Initiator and the iSCSI or iSCSI/FCoE modules. • CHAP setup with Linux iSCSI Initiator is not supported with the iSCSI or iSCSI/FCoE modules. ATTO Macintosh Chap restrictions The ATTO Macintosh iSCSI Initiator does not support CHAP at this time. Recommended CHAP policies • The same CHAP secret should not be configured for authentication of multiple initiators or multiple targets. • Any CHAP secret used for initiator authentication must not be configured for the authentication of any target; and any CHAP secret used for target authentication must not be configured for authentication of any initiator. • CHAP should be configured after the initial iSCSI Initiator/target login to validate initiator/target connectivity. The first initiator/target login also creates a discovered iSCSI Initiator entry on the iSCSI or iSCSI/FCoE modules that will be used in the CHAP setup. iSCSI session types iSCSI defines two types of sessions: • Discovery. SCSI discovery allows an initiator to find the targets to which it has access. • Normal operational session. A normal operational session is unrestricted. CHAP is enforced on both the discovery and normal operational session. The iSCSI or iSCSI/FCoE controller CHAP modes The iSCSI or iSCSI/FCoE modules support two CHAP modes: • Single-direction. The target authenticates the identity of the initiator with the user-provided CHAP secret. To enable single-direction CHAP, you need to enable CHAP for a specific initiator record on the iSCSI or iSCSI/FCoE modules and input a corresponding CHAP secret from the iSCSI host. • Bi-directional. The initiator and target authenticate identity of each other with the user-provided CHAP secrets. To enable bi-directional CHAP for a discovery session, you need to provide a CHAP secret for the initiator and for the iSCSI port for which you are performing discovery. To enable bi-directional CHAP for a normal session, you will need to provide a CHAP secret for the initiator and for the iSCSI-presented target that you are trying to log in to. • Once CHAP is enabled, it is enforced for both the normal and discovery sessions. You only have the choice of what type (single or bi-directional) of CHAP to perform: ◦ Single-direction CHAP during discovery and during normal session ◦ Single-direction CHAP during discovery and bi-directional CHAP during normal session ◦ Bi-directional CHAP during discovery and single-direction CHAP during normal session ◦ Bi-directional CHAP during discovery and during normal session Enabling single-direction CHAP during discovery and normal session Table 22 (page 133) lists the parameters you use to enable single-direction CHAP. 132 iSCSI or iSCSI/FCoE configuration rules and guidelines
![](/manual_guide/products/hewlettpackard-eva-p6550-hp-p6300p6500-eva-user-guide-56972486-2013-4330a37/132.png)