Configuring and enabling authentication – Dell POWEREDGE M1000E User Manual

Page 403

Advertising
background image

Fabric OS Administrator’s Guide

403

53-1002745-02

Configuring encryption and compression

14

Because encryption adds more payload to the port in addition to compression, the
compression ratio calculation is significantly affected on ports configured for both encryption
and compression. This is because the compressed length then also includes the encryption
header. This overhead affects the ratio calculation. To obtain accurate compression ratio data,
we recommend that you enable ports for compression only.

Configuring and enabling authentication

To configure authentication for ports that will later be configured for encryption, follow these steps:

1. Log in to the switch using an account with admin permissions, or an account with OM

permissions for the Authentication RBAC class of commands.

2. Enter the secAuthSecret

--

set command to establish pre-shared secrets at each end of the ISL.

It is recommended to use a 32-bit secret for an ISL carrying encrypted or compressed traffic.

switch:admin> secauthsecret --set

When prompted, enter the WWN for the local switch and secret strings for the local switch and
the remote switch.

NOTE

When setting a secret key pair, you are entering the shared secrets in plain text. Use a secure
channel, such as SSH or the serial console, to connect to the switch on which you are setting
the secrets.

3. Enter the authUtil command to set the switch policy mode to Active or On:

switch:admin> authutil --policy -sw active

or alternatively:

switch:admin> authutil --policy -sw on

4. Enable the DH-CHAP authentication protocol:

switch:admin> authutil --set -a dhchap

or alternatively:

switch:admin> authutil --set -a all

NOTE

If the DH-CHAP protocol is specified, then all switches in the fabric must enable the DH-CHAP
protocol and establish pre-shared secrets. If the protocol is set to “all”, you will need to establish
pre-shared secrets or certificates based on the encryption method selected (FCAP or DH-CHAP).

5. Enable authentication with DH group 4 or “*”:

switch:admin> authutil --set -g 4
DH Group was set to 4.

or alternatively:

switch:admin> authutil --set -g "*"
DH Group was set to 0,1,2,3,4.

For additional information about establishing DH-CHAP secrets, see

“Secret key pairs for DH-CHAP”

on page 213.

Advertising
Popular Brands
Popular manuals