Setting the authentication policy parameters – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 258

Advertising

226

Network OS NETCONF Operations Guide

53-1003231-02

Device authentication configuration

<nca:action xmlns:nca="http://tail-f.com/ns/netconf/actions/1.0">

<nca:data>

<auth-sercret>

</dhchap>

</auth-secret>

</fcsp>

</show>

</nca:data>

</nca:action>

</rpc>

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"

xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1402">

<auth-secret>

<result>Shared secret successfully removed.</result>

</dhchap>

</auth-secret>

</fcsp>

</show>

</rpc-reply>

Setting the authentication policy parameters

To set the authentication policy parameters, perform the following steps.

1. Issue the <edit-config> RPC to configure the <fcsp> node in the

urn:brocade.com:mgmt:brocade-fc-auth namespace.

2. Under the <fcsp> node, include the <auth> node element.

3. Under the <auth> node, include the <proto> node element.

4. Under the <proto> node, include the following leaf node elements to configure the

protocol-specific configuration parameters.

a. In the <auth-type> element, specify “dh-chap” (the only option).

b. In the <group> element, specify a DH-group value in the range 0 through 4 or “*”.

c. In the <hash> element, specify “md5”, “sha1”, or “all” to identify the hash type.

5. Under the <auth> node, include the <policy> node element.

6. Under the <policy> node, include the <switch> leaf element and specify the switch policy state

as on, off, active, or passive.

7. Issue the <get-config> RPC with a subtree filter to return the contents of the <fcsp>/<auth>

node in the urn:brocade.com:mgmt:brocade-fc-auth namespace.

The following example configures an authentication policy auth-type DH-CHAP, a DH group of 2, and
a hash type of md5. The switch policy is set to “off” until you are ready to explicitly activate the
policy.

<?xml version="1.0" encoding="UTF-8"?>

Advertising