Cisco MDS 9000 Series Configuration Manual page 237

Configuring FC-SP and DHCHAP
Note The switch WWN identifies the physical switch. This WWN is used to authenticate the switch and is different
from the VSAN node WWN.
Configuring DHCHAP Passwords for Remote Devices
To locally configure the remote DHCHAP password for another switch in the fabric, follow these steps:
Procedure
Step 1 switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# fcsp dhchap devicename 00:11:22:33:44:aa:bb:cc password NewPassword
Configures a password for another switch in the fabric that is identified by the switch WWN device name.
Step 3
switch(config)# no fcsp dhchap devicename 00:11:22:33:44:aa:bb:cc password NewPassword
(Optional) Removes the password entry for this switch from the local authentication database.
Step 4 switch(config)# fcsp dhchap devicename 00:11:55:66:00:aa:bb:cc password 0 NewPassword
Configures a clear text password for another switch in the fabric that is identified by the switch WWN device
name.
Step 5 switch(config)# fcsp dhchap devicename 00:11:22:33:55:aa:bb:cc password 7 asdflkjh
Configures a password entered in an encrypted format for another switch in the fabric that is identified by the
switch WWN device name.
About DHCHAP Timeout Value
During the DHCHAP protocol exchange, if the MDS switch does not receive the expected DHCHAP message
within a specified time interval, authentication failure is assumed. The time ranges from 20 (no authentication
is performed) to 1000 seconds. The default is 30 seconds.
When changing the timeout value, consider the following factors:
• The existing RADIUS and TACACS+ timeout values.
• The same value must also be configured on all switches in the fabric.
Configuring the DHCHAP Timeout Value
To configure the DHCHAP timeout value, follow these steps:
Configuring DHCHAP Passwords for Remote Devices
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
219