Refer to – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

88 No No No No 4G

89 No No No No 4G

90 No No No No 4G

(output truncated)

348 No No Yes Yes 4G

349 No No Yes Yes 4G

350 No No No No 4G

351 No No No No 4G

The output displays the user port number. For bladed switches, use the switchShow command to
determine the slot number of a specific user port.

Configuring and enabling authentication for in-flight encryption

Authentication and a secret key must be configured and established before configuring in-flight
encryption.

To enable authentication between an FC router and an edge fabric switch, you must first bring all
EX_Ports online without using authentication. After this, the front WWN of any online EX_Port
connected to the same switch can be used to configure the secret keys in the edge fabric switch.

You must obtain the WWN of the peer switch to configure the secret key. If you are configuring an
EX_Port on an FC router, you can use the fcrEdgeShow command to obtain the WWN of the switch at
the other end of the IFL.

1. Log in to the switch using an account with admin permissions, or an account with OM permissions for

the Authentication RBAC class of commands.

ATTENTION

When setting a secret key pair , you are entering the shared secrets in plain text. Use a secure
channel, such as SSH or the serial console, to connect to the switch on which you are setting the
secrets.

2. Configure DH-CHAP or FCAP for authentication using the authUtil --set command with the -a option.

switch:admin> authutil --set -a dhchap

Authentication is set to dhchap.

You can specify any one of the following options:

• dhchap
• fcap
• all

The dhchap option sets authentication protocol to DH-CHAP. The fcap option sets authentication
protocol to FCAP. Although all enables both FCAP and DH-CHAP, the active protocol defaults to
FCAP for all ports configured for in-flight encryption.

If dhchap is specified, then all switches in the fabric must enable DH-CHAP and establish pre-shared
secrets. If fcap is specified, then all switches in the fabric must enable FCAP and use certificates (CA
and switch) installed on them. If the protocol is set to all, you must establish pre-shared secrets or
certificates based on the encryption method selected (DH-CHAP or FCAP).

3. Set the DH group to group 4 using the authUtil --set command with the -g option.

switch:admin> authutil --set -g "4"

DH Group was set to 4.

Configuring and enabling authentication for in-flight encryption

Fabric OS Administrators Guide

415

53-1003130-01