Dell POWEREDGE M1000E User Manual

64

Fabric OS Command Reference

53-1002746-01

authUtil

2

--authinit [slot/]port [, [slot/]port...| allE

Reinitiates authentication on selected ports after changing the DH-CHAP group,
hash type, and shared secret between a pair of switches. This command does not
work on Private, Loop, NPIV and FICON devices. This command may bring down
the E_Ports if the DH-CHAP shared secrets are not installed correctly. This
command is not supported on encrypted ports. This option is not supported in AG
mode. Valid options include the following:

slot

Specify the slot number, if applicable, followed by a slash (/).

port

Specify the port number. On enterprise-class platforms, use the slot/port format for
specifying the port number.

allE

Specify all E_Ports in the switch.

EXAMPLES

To display authentication configuration on the switch:

switch:admin> authutil --show
AUTH TYPE HASH TYPE GROUP TYPE
--------------------------------------
fcap,dhchap sha1,md5 0,1,2,3,4

Switch Authentication Policy: PASSIVE
Device Authentication Policy: OFF

To set DH-CHAP as the authentication protocol:

switch:admin> authutil --set -a dhchap
Authentication is set to dhchap.

To set both protocols in order of FCAP and then DH-CHAP:

switch:admin> authutil --set -a all
Authentication is set to fcap,dhchap.

To set DH group 3:

switch:admin> authutil --set -g 3
DH Group was set to 3.

To set all DH groups to be specified in the authentication negotiation in the order of 0, 1, 2, 3, and 4:

switch:admin> authutil --set -g "*"
DH Group is set to 0,1,2,3,4

To set the Switch policy to active mode:

switch:admin> authutil --policy -sw active
Warning: Activating the authentication policy requires
either DH-CHAP secrets or PKI certificates depending
on the protocol selected. Otherwise, ISLs will be
segmented during next E-port bring-up.
ARE YOU SURE (yes, y, no, n): [no] y
Auth Policy is set to ACTIVE