Configuring Mutual CHAP Authentication

The IPS module or MPS-14/2 module supports a mechanism by which the iSCSI initiator can authenticate the Cisco MDS switch’s iSCSI target during the iSCSI login phase. This authentication is available in addition to the IPS module or MPS-14/2 module authentication of the iSCSI initiator.

In addition to the IPS module or MPS-14/2 module authentication of the iSCSI initiator, the IPS module or MPS-14/2 module also supports a mechanism for the iSCSI initiator to authenticate the Cisco MDS switch’s iSCSI target during the iSCSI login phase. This authentication requires the user to configure a user name and password for the switch to present to the iSCSI initiator. The provided password is used to calculate a CHAP response to a CHAP challenge sent to the IPS port by the initiator.

Detailed Steps

To configure a global iSCSI target user name and password to be used by the switch to authenticate itself to an initiator, follow these steps:

  1. Choose FC Interfaces > Logical > iSCSI in the Physical Attributes pane.

    2. You see the iSCSI tables in the Information pane.

  2. Select the Globals tab.

    3. You see the global iSCSI configuration.

  3. Fill in the Target UserName and Target Password fields.
  4. Click the Apply Changes icon to save these changes.

To configure a per-initiator iSCSI target’s user name and password used by the switch to authenticate itself to an initiator using Device Manager, follow these steps:

  1. Choose IP > iSCSI.

    2. You see the iSCSI configuration.

  2. Complete the Target UserName and Target Password fields for the initiator that you want to configure.
  3. Click Create to add this initiator to the Initiator Access List.

Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.