Filter
Top Products
FI0154601-00 C B-1
B Configuring CHAP
CHAP Definition
In challenge handshake authentication protocol (CHAP), the authentication agent
sends the client program a random value that is used only once and an ID value.
Both the sender and peer share a predefined secret. The peer concatenates the
random value, the ID, and the secret; it calculates a one-way hash using MD5
(Message-Digest algorithm 5). It sends the hash value to the authenticator, which
in turn builds that same string on its side, calculates the MD5 checksum, and
compares the result with the value received from the peer. If the values match, the
peer is authenticated.
By transmitting only the hash, the secret cannot be reverse-engineered. The
algorithm increases the ID value with each CHAP dialogue to protect against
replay attacks.
Configuring CHAP Using CLI
The following sections describe the procedure for configuring CHAP from the
command line interface (CLI).
CLI—Discovery Session—Bi-directional CHAP
To configure a bi-directional CHAP used during a discovery session:
1. On the router:
a. Enable CHAP on the port.
b. Create a secret (for example, secret_port).
c. Using the set chap command, choose the iSCSI node that
represented the GE port.
d. Use the show iscsi command to find the iSCSI node name of the
GE port.