Figure 107 security center devices tab, 107 security center devices tab – HP StorageWorks 2.140 Director Switch User Manual

HA-Fabric Manager user guide 177

Figure 107

Security Center Devices tab

For two connected switches to authenticate each other locally, each switch must have its own user

ID, node WWN, and CHAP Secret, as well as the other switch’s user ID and CHAP Secret. The

switch can store more IDs and CHAP Secrets if it has multiple connections with other switches only.

You can also store IDs and CHAP Secrets of switches that have no physical connections with this

switch. This is not recommended because accessing one switch provides access to all switches’

CHAP Secrets.
For two connected switches to authenticate each other through the RADIUS server only, all product

IDs and CHAP Secrets are stored on the RADIUS server and the product local database is not

required to maintain the same data. In this case, the HAFM appliance does not communicate with

the RADIUS server effectively. The Radius Only authentication method can cause more errors and

performance problems.
When you select the Radius Only option, the HAFM appliance ensures that only the CHAP Secret

for the switch is defined and stored in the local database. If not, a message is displayed, indicating

that you must type or generate a secret for the current switch before you enable E_Port

authentication.
If the CHAP Secret is defined for the current switch, when you click Apply, a message is displayed,

indicating that you have set E/N_Port Authentication Method to Radius Only. If you have not

properly defined the secrets for all participating devices on the RADIUS Server, E/N_Port

authentication fails and your fabric connectivity is lost.