Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)
316 Fabric OS Administrator’s Guide
53-1002148-02
Configuring encryption and compression
14
212 No No No No
213 No No No No
214 No No No No
215 No No No No
344 No No No No
345 No No No No
346 No No No No
347 No No No No
348 No No Yes Yes
349 No No Yes Yes
350 No No No No
351 No No No No
Configuring and enabling authentication
To configure authentication for ports that will later be configured for encryption, follow these steps:
1. Log in to the switch using an account with admin permissions, or an account with OM
permissions for the Authentication RBAC class of commands.
2. Enter the secAuthSecret --set command to establish pre-shared secrets at each end of the ISL.
It is recommended to use a 32 bit secret for an ISL carrying encrypted or compressed traffic.
secauthsecret --set
When prompted, enter the WWN for the local switch and secret strings for the local switch and
the remote switch.
NOTE
When setting a secret key pair, you are entering the shared secrets in plain text. Use a secure
channel, such as SSH or the serial console, to connect to the switch on which you are setting
the secrets.
3. Enter the authUtil command to set the switch policy mode to Active or On:
authutil --policy -sw active
or:
authutil --policy -sw on
4. Enable the DH-CHAP authentication protocol:
authutil --set -a dhchap
or:
authutil --set -a all
5. Enable authentication with DH group 4 or “*”:
authutil --set -g 4
DH Group was set to 4.
or
authutil --set -g “*”
DH Group was set to 0,1,2,3,4.