3 – Planning
Device Access
3-14 59021-07 A
D
3.4.5.2
Security Example: Host Authentication
Consider the fabric shown in Figure 3-5. In this fabric, only Switch_2 and
HBA_2/APP_2 support security, where APP_2 is a host application. The objective
is to secure the management server on Switch_2 from unauthorized access by an
HBA or an associated host application.
Figure 3-5. Security Example: Management Server
1. Create a security set (Security_Set_2) on Switch_2.
2. Create a Management Server group (Group_1) in Security_Set_2 with
Switch_2 and HBA_2 or APP_2 as its member.
You must specify HBAs by node worldwide name. Switches can be
specified by port or node worldwide name. The type of switch
worldwide name you use in the switch security database must be the
same as that in the HBA security database. For example, if you specify
a switch with a port worldwide name in the switch security database,
you must also specify that switch in the HBA security database with the
same port worldwide name.
For MD5 authentication, create 32-character hex secrets.
Device: HBA_1/APP_1
Security: No
E_Port
F_Port
F_Port
FL_Port
Device: HBA_2/APP_2
WWN: 10:00:00:c0:dd:07:c3:4d
Security: Yes
Device: Switch_2
WWN: 10:00:00:c0:dd:07:e3:4e
Security: Yes
Device: Switch_1
Security: No
Device: Switch_3
Security: No