3 – Planning
Fabric Security
59043-03 A 3-13
D
Figure 3-3. Security Example: Switches and HBAs
1. Create a security set (Security_Set_1) on Switch_1.
2. Create a port group (Group_Port) in Security_Set_1 with Switch_1, and
HBA_1 as members. Because the JBOD is a loop device, it is excluded from
the port group.
You must specify HBAs by node worldwide name. Switches can be
specified by port or node worldwide name. The type of switch
worldwide name you use in the switch security database must be the
same as that in the HBA security database. For example, if you specify
a switch with a port worldwide name in the switch security database,
you must also specify that switch in the HBA security database with the
same port worldwide name.
For CHAP authentication, create 32-character secrets. The switch
secret must be shared with the HBA security database.
Port Group: Group_Port
Switch_1 Node WWN: 10:00:00:c0:dd:07:e3:4c
Authentication: CHAP
Secret: 0123456789abcdef0123456789abcdef
HBA_1 Node WWN: 10:00:00:c0:dd:07:c3:4d
Authentication: CHAP
Secret: fedcba9876543210fedcba9876543210fedcba
Device: Switch_1
WWN: 10:00:00:c0:dd:07:e3:4c
Security: Yes
Device: Switch_2
WWN: 10:00:00:c0:dd:07:e3:4e
Security: No
Device: HBA_1
WWN: 10:00:00:c0:dd:07:c3:4d
Security: Yes
Device: HBA_2
Security: No
E_Port
F_Port
F_Port
FL_Port
Device: JBOD
Security: No
