Filter
Top Products
1-24
Cisco SN 5428-2 Storage Router Software Configuration Guide
OL-4691-01
Chapter 1 Before Configuring SN 5428-2 Storage Router Software
Authentication Overview
• Assignment of a secondary interface per FCIP instance—allows the same IP address to be assigned
to each Gigabit Ethernet interface configured for an FCIP instance; one interface is assigned as
primary and one interface is assigned as secondary. If the primary interface loses connection to the
network and remains down for two seconds, the IP address moves to the secondary Gigabit Ethernet
interface, which then becomes active.
• Assignment as a management IP address—allows each Gigabit Ethernet interface to have one IP
address assigned per logical interface, as a management interface. This IP address is in addition to
any multiple IP address(es) per SCSI routing instance or FCIP instance assigned.
• Assignment of a secondary management IP address—allows the same IP address to be assigned to
each Gigabit Ethernet interface configured as a management interface; one interface is assigned as
primary and one interface is assigned as secondary. If connection to the primary Gigabit Ethernet
maintenance interface is lost and if the secondary maintenance interface connection is assigned and
connected, the IP address moves to the secondary Gigabit Ethernet interface, which then allows
management access.
Authentication Overview
Authentication is a software service that is available in each SN 5428-2. It provides a method of
identifying users (including login and password dialog, challenge and response, and messaging support)
prior to receiving access to the requested object, function, or network service. The SN 5428-2 supports
three types of authentication:
• iSCSI authentication—provides an authentication mechanism to authenticate IP hosts that request
access to storage. An IP host, acting as an iSCSI initiator, can also verify the identity of an iSCSI
target assigned to a SCSI routing instance, which responds to the request, resulting in a two-way
authentication.
• Enable authentication—provides a mechanism to authenticate users requesting Administrator mode
access to an SN 5428-2 management session via the CLI enable command or an FTP session.
• Login authentication—provides a mechanism to authenticate users requesting access to the
SN 5428-2 in Monitor mode via the login process from a Telnet session, SSH session or the
SN 5428-2 console.
Authentication is provided by an AAA (authentication, authorization, and accounting) subsystem
configured in each SN 5428-2. AAA is Cisco’s architectural framework for configuring a set of three
independent security functions in a consistent and modular manner: authentication, authorization, and
accounting. The SN 5428-2 Storage Router software implements the authentication function.
AAA authentication is configured by defining a list of authentication services. iSCSI authentication,
which uses a AAA authentication services list, can be enabled for specific SCSI routing instances in an
SN 5428-2.
When iSCSI authentication is enabled, IP hosts (with iSCSI drivers) must provide user name and
password information each time an iSCSI TCP connection is established. With two-way authentication,
the SCSI routing instance to which an iSCSI target has been assigned responds to the authentication
request with an assigned username and password. iSCSI authentication uses the iSCSI CHAP (Challenge
Handshake Authentication Protocol) authentication method.
See Chapter 9, “Configuring Authentication,” for more information about configuring authentication
services.