3 – Planning
Security
59265-02 A 3-23
A
1. Configure the Radius_1 host as a RADIUS server on Switch_1 and
Switch_2 to authenticate device logins. Specify the server IP address and
the secret with which the switches will authenticate with the server.
Configure the switches so that devices authenticate through the switches
only if the RADIUS server is unavailable.
2. Create a security set (Security_Set_1) on Switch_1.
a. Create a port group (Group_Port_1) in Security_Set_1 with Switch_1
and HBA_1 as members.
Switch_1 and all devices and switches connected to Switch_1
must be included in the group even if the switch or device does
not support authentication. Others wise, the Switch_1 port will
isolate.
You must specify HBAs by node worldwide name. Switches can
be specified by port or node worldwide name. The type of switch
worldwide name you use in the switch security database must be
the same as that in the HBA security database. For example, if
you specify a switch with a port worldwide name in the switch
security database, you must also specify that switch in the HBA
security database with the same port worldwide name.
Device Authentication
Order
RadiusLocal – Authenticate devices using the
RADIUS server security database first. If the RADIUS
server is unavailable, then use the local switch secu-
rity database.
Total Servers 1 – Enables support for one RADIUS server
Device Authentication
Server
True – Enables Radius_1 to authenticate device log-
ins.
Server IP Address 10.20.30.40
Secret 1234567890123456 – 16-character ASCI string (MD5
hash). This is the secret that allows direct communica-
tion with the RADIUS server.
Switch_1 Node WWN: 10:00:00:c0:dd:07:e3:4c
Authentication: CHAP
Primary Hash: MD5
Primary Secret: 0123456789abcdef
HBA_1 Node WWN: 10:00:00:c0:dd:07:c3:4d
Authentication: CHAP
Primary Hash: MD5
Primary Secret: fedcba9876543210