Configuring DH-CHAP for Fibre Channel Fabric

B.

DH-CHAP (Diffie-Hellman Challenge Handshake Authentication Protocol) is a security protocol used to provide mutual authentication between Fibre Channel devices in a fabric. When enabling DH-CHAP for the first time, the storage administrator must consider the following conditions:

C. All switches on the fabric must be configured for the same password. This is because DH-CHAP requires that all devices in the fabric use the same authentication key or password. The password is used to create a shared secret between the two devices, which is then used to authenticate each other during the challenge handshake process.

A. NTP must be configured on all devices or the configuration fails. This answer is incorrect because NTP (Network Time Protocol) is not directly related to the configuration of DH-CHAP. However, having accurate time synchronization across all devices in the fabric is important for various other functions, such as logging and troubleshooting, so it is still a best practice to configure NTP.

B. The MD5 hash must be used if TACACS+ or RADIUS authentication for FCSP is enabled. This answer is incorrect because DH-CHAP does not require the use of MD5 hashing when TACACS+ or RADIUS authentication for FCSP (Fibre Channel Security Protocol) is enabled. DH-CHAP uses its own key derivation function to generate a secret key based on the shared password.

D. Enabling DH-CHAP protocol feature is unsupported on FCIP interfaces. This answer is incorrect because DH-CHAP is only used for authentication within a Fibre Channel fabric and is not supported on FCIP (Fibre Channel over IP) interfaces, which are used to connect Fibre Channel fabrics over IP networks.

In summary, the correct condition to consider while configuring DH-CHAP for the first time on a Fibre Channel fabric is that all switches on the fabric must be configured for the same password.