Which two primary port authentication protocols are used with VSANs? (Choose two.)
A.
ESP
B.
CHAP
C.
DHCHAP
D.
SPAP
Explanation:
This question is about virtual storage-area networks (VSAN) aimed at providing true
isolation of SAN-attached devices. There are two primary port authentication protocols
when working with VSANs:
– Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP)
– Challenge Handshake Authentication Protocol (CHAP)
DHCHAP may be used to authenticate devices connecting to a Fibre Channel switch. By
using Fibre Channel authentication, you allow only trusted devices to be added to a
fabric. This prevents unauthorized devices from accessing the Fibre Channel switch.
DHCHAP supports both switch-to-switch and host-to-switch authentication. It’s a
mandatory password-based, key-exchange authentication protocol. Before any
authentication may be performed, DHCHAP negotiates hash algorithms and Diffie-
Hellman (DH) groups. In addition, it supports Message Digest 5 (MD5) and Secure Hash
Algorithm 1 (SHA-1)-based authentication.
CHAP is the mandatory protocol for iSCCI, as chosen by the Internet Engineering Task
Force (IETF). CHAP has been around for quite some time and is based on shared secrets.
To strengthen CHAP, DHCHAP adds a DH exchange that both strengthens CHAP and
provides an agreed-upon secret key. The goal of DHCHAP is to be a simple, easy-to
implement protocol.