Configuring e_port authentication – Dell POWEREDGE M1000E User Manual

Page 209

Advertising
background image

Fabric OS Administrator’s Guide

209

53-1002745-02

Authentication policy for fabric elements

7

Virtual Fabrics considerations

The switch authentication policy applies to all E_Ports in a logical switch. This includes ISLs and
extended ISLs. Authentication of extended ISLs between two base switches is considered
peer-chassis authentication. Authentication between two physical entities is required, so the
extended ISL which connects the two chassis needs to be authenticated. The corresponding
extended ISL for a logical ISL authenticates the peer-chassis, therefore the logical ISL
authentication is not required. Because the logical ISLs do not carry actual traffic, they do not need
to be authenticated. Authentication on re-individualization is also blocked on logical ISLs. The
following error message is printed on the console when you execute the authUtil –-authinit

command on logical-ISLs, “Failed to initiate authentication. Authentication is not supported on
logical ports <port#>”. For more information on Virtual Fabrics, refer to

Chapter 10, “Managing

Virtual Fabrics”

.

Configuring E_Port authentication

1. Connect to the switch and log in using an account with admin permissions, or an account with

OM permissions for the Authentication RBAC class of commands.

2. Enter the authUtil command to set the switch policy mode.

Example of configuring E_Port authentication

The following example shows how to enable Virtual Fabrics and configure the E_Ports to perform
authentication using the AUTH policies authUtil command.

switch:admin> fosconfig -enable vf
WARNING: This is a disruptive operation that requires a reboot to take
effect.
All EX ports will be disabled upon reboot.
Would you like to continue [Y/N] y

switch:admin> authutil --authinit 2,3,4

CAUTION

If data input has not been completed and a failover occurs, the command is terminated without
completion and your entire input is lost.

If data input has completed, the enter key pressed, and a failover occurs, data may or may not be
replicated to the other CP depending on the timing of the failover. Log in to the other CP after the
failover is complete and verify the data was saved. If data was not saved, run the command
again.

Example of setting the policy to active mode

switch:admin> authutil --policy -sw active
Warning: Activating the authentication policy requires
either DH-CHAP secrets or PKI certificates depending
on the protocol selected. Otherwise, ISLs will be
segmented during next E-port bring-up.
ARE YOU SURE (yes, y, no, n): [no] y
Auth Policy is set to ACTIVE

NOTE

This authentication-policy change will not affect online EX_Ports.

Advertising
Popular Brands
Popular manuals