Hp MPX200 Multifunction Router User Manual download pdf (Page 86)

3 Configuring CHAP

IIn CHAP, the authentication agent sends the client program an ID value and a random value that

is used only once. Both the sender and peer share a predefined secret. The peer concatenates the

random value, the ID, and the secret. Then it calculates a one-way hash using MD5. The peer

sends the hash value to the authenticator, which in turn builds that same string on its side, calculates

the MD5 checksum, and compares the result with the value received from the peer. If the values

match, the peer is authenticated.

By transmitting only the hash, the secret cannot be reverse-engineered. The algorithm increases

the ID value with each CHAP dialog to protect against replay attacks.

This chapter provides the procedures for configuring CHAP from the CLI.

Discovery session for bi-directional CHAP

Follow this procedure to configure a bi-directional CHAP used during a discovery session:

1. On the router, perform the following:

a. Enable CHAP on the port.

b. Create a secret (for example, secret_port).

c. Using the set chap command, choose the iSCSI node that represents the GE port.

MPX200 <1> (admin) #> set chap

A list of attributes with formatting and current values will follow.

Enter a new value or simply press the ENTER key to accept the current value.

If you wish to terminate this process before reaching the end of the list

press 'q' or 'Q' and the ENTER key to do so.

Index iSCSI Name

----- ----------

0 iqn.1986-03.com.hp:fcgw.mpx200.3u7940k007.b1 (GE1)

1 iqn.1986-03.com.hp:fcgw.mpx200.3u7940k007.b1 (GE2)

2 iqn.1986-03.com.hp:fcgw.mpx200.3u7940k007.b1 (10GE1)

3 iqn.1986-03.com.hp:fcgw.mpx200.3u7940k007.b1 (10GE2)

4 iqn.1986-03.com.hp:fcgw.mpx200.dm.initiator

5 iqn.1991-05.com.microsoft:rack81-s01

Please select a iSCSI node from the list above ('q' to quit):

d. To find the iSCSI node name of the GE port, issue the show iscsi command:

MPX200 <1> (admin) #> show iscsi

2. To add the initiator that is about to do discovery, issue the initiator add command as

follows:

MPX200 <1> (admin) #> initiator add

A list of attributes with formatting and current values will follow.

Enter a new value or simply press the ENTER key to accept the current value.

If you wish to terminate this process before reaching the end of the list

press 'q' or 'Q' and the ENTER key to do so.

Initiator Protocol (0=ISCSI, 1=FC, 2=FCOE) [ISCSI ]

Only valid iSCSI name characters will be accepted. Valid characters include

lower-case alphabetical (a-z), numerical (0-9), colon, hyphen, and period.

iSCSI Initiator Name (Max = 223 characters) [ ]

a. Enable the CHAP for this initiator.

b. Create a secret (for example, secret_initiator).

c. To update the CHAP settings of the initiator, issue the set chap command.

3. Go to the Microsoft iSCSI Initiator and follow these steps:

a. Click General.

b. Click Secret in the middle of the window. If this is the first time you are setting secrets,

reset all secrets.

c. Type the secret (secret_port) that you created in Step 1.

86 Configuring CHAP

1 2 ... 81 82 83 84 85 86 87 88 89 90 91 ... 146 147

Comments to this Manuals

No comments

Hp MPX200 Multifunction Router User Manual Page 86

Comments to this Manuals

Related products and manuals for Storage Hp MPX200 Multifunction Router