fcsp dhchap

To configure DHCHAP options in a switch, use the fcsp dhchap command. To revert to the factory defaults, use the no form of this command.

fcsp dhchap { devicename switch-wwn password [ 0 | 7 ] password |
dhgroup [ 0 ] [ 1 ][ 2 ][ 3 ][ 4 ] | hash [ md5 | sha1 ] | password [ 0 | 7 ] password [ wwn-id ]}

no fcsp dhchap { devicename switch-wwn password [ 0 | 7 ] password |
dhgroup [ 0 ] [ 1 ][ 2 ][ 3 ][ 4 ] | hash [ md5 | sha1 ] | password [ 0 | 7 ] password [ wwn-id ]}

Syntax Description

devicename
Configures a password of another device in the fabric.
switch-wwn
WWN of the device being configured.
password
Configures a DHCHAP password for the local switch.
0
(Optional) Specifies a clear text password.
7
(Optional) Specifies a password in encrypted text.
dhgroup
Configures a DHCHAP Diffie-Hellman group priority list.
0
(Optional) Specifies Null DH—no exchange is performed (default).
1 | 2 | 3 | 4
(Optional) Specifies one or more of the groups specified by the standards.
hash
Configures a DHCHAP hash algorithm priority list in order of preference.
md5
(Optional) Specifies the MD5 hash algorithm.
sha1
(Optional) Specifies the SHA-1 hash algorithm.
wwn-id
(Optional) Specifies the WWN ID with the format hh:hh:hh:hh:hh:hh:hh:hh.

Command Default

Disabled

Command Modes

Global configuration mode

Command History

Release
Modification
4.0(0)N1(1a)
This command was introduced.

Usage Guidelines

You can only see the fcsp dhchap command if you enter the feature fcsp command.

Using SHA-1 as the hash algorithm may prevent RADIUS or TACACS+ usage.

If you change the DH group configuration, make sure that you change it globally for all switches in the fabric.

Examples

This example shows how to enable FC-SP:

switch(config)# # feature fcsp
 

This example shows how to configure the use of only the SHA-1 hash algorithm:

switch(config)# fcsp dhchap hash sha1
 

This example shows how to configure the use of only the MD-5 hash algorithm:

switch(config)# fcsp dhchap hash md5
 

This example shows how to define the use of the default hash algorithm priority list of MD-5 followed by SHA-1 for DHCHAP authentication:

switch(config)# fcsp dhchap hash md5 sha1
 

This example shows how to revert to the factory default priority list of the MD-5 hash algorithm followed by the SHA-1 hash algorithm:

switch(config)# no fcsp dhchap hash sha1
 

This example shows how to prioritize the use of DH group 2, 3, and 4 in the configured order:

switch(config)# fcsp dhchap dhgroup 2 3 4
 

This example shows how to configure a clear text password for the local switch:

switch(config)# fcsp dhchap password 0 mypassword
 

This example shows how to configure a clear text password for the local switch to be used for the device with the specified WWN:

switch(config)# fcsp dhchap password 0 mypassword 30:11:bb:cc:dd:33:11:22
 

This example shows how to configure a password entered in an encrypted format for the local switch:

switch(config)# fcsp dhchap password 7 sfsfdf
 

Related Commands

Command
Description
feature fcsp
Enables FC-SP.
show fcsp
Displays configured FC-SP information.