Fabric switch authentication

When a host attempts to connect to the storage system, the connection results of the authentication of the fabric switch differs depending on the fabric switch setting related to each port.

The following figure illustrates the flow of authentication between fabric switch settings and the connection results. The setting of fabric switch authentication is independent from the setting of host authentication. The connection use cases are detailed below the diagram.

Authenticating fabric switches by ports (Cases A, B, and C)

  • If the user information of the fabric switch is registered on the port, and authentication of the fabric switch is enabled (Case A)

    Each port authenticates the fabric switch. If the authentication of the fabric switch ends successfully, either of the following actions occurs:

    • When the fabric switch is configured for mutual authentication, processing continues to authentication of the port.
    • When the fabric switch is not configured for mutual authentication, the fabric switch connects to the storage system.

    If the fabric switch of the port is not configured for authentication with CHAP, the authentication fails and the fabric switch cannot connect to the storage system.

  • If the user information of the fabric switch is registered on the port, but authentication of the fabric switch is disabled (Case B)

    Each port does not perform authentication of the fabric switch. The fabric switch connects to the storage system without authentication regardless of whether the fabric switch is configured for authentication with CHAP.

  • If the user information of the fabric switch is not registered on the port (Case C)

    Regardless of the setting on the fabric switch, the port performs authentication of the fabric switch, but results in failure. The fabric switch cannot connect to the storage system.

Not authenticating fabric switches by ports (Case D)

The fabric switch connects to the storage system without authentication of the host regardless of whether the fabric switch is configured for authentication with CHAP. In this case, though you need not register the user information of the fabric switch on the port, you can register it.

During authentication of hosts, the connection result is determined depending on the combination of the following port settings:

  • Setting of the port in the Port tree: enable () or disable ()

  • Whether the user information of the fabric switch that attempts to connect is registered on the port

Parent Topic
  • Setting Fibre Channel authentication

    When configuring a Fibre Channel environment, use the Authentication window to set user authentication on host groups, Fibre Channel ports, and fabric switches of the storage system.