VMware vSphere SDKs and Tools 7.0

8.0 7.0 6.7 6.5

Enable Mutual iSCSI Authentication with ESXCLI

Mutual authentication is supported for software iSCSI and dependent hardware iSCSI, but not for independent hardware iSCSI.
  • Verify that CHAP authentication is already set up when you start setting up mutual CHAP.
  • Verify that CHAP and mutual CHAP use different user names and passwords. The second user name and password are supported for mutual authentication on the storage side.
  • Verify that CHAP and mutual CHAP use compatible CHAP levels.
For information on iSCSI CHAP, see Setting iSCSI CHAP.
  1. Enable authentication. 
    esxcli <conn_options> iscsi adapter auth chap set --direction=uni --chap_username=<name> --chap_password=<pw> --level=[prohibited, discouraged, preferred, required] --secret=<string> --adapter=<adapter_name>
    The specified
    chap_username
     and
    secret
     must be supported on the storage side.
  2. List possible VMkernel NICs to bind. 
    esxcli <conn_options> iscsi logicalnetworkportal list
  3. Enable mutual authentication. 
    esxcli <conn_options> iscsi adapter auth chap set --direction=mutual --mchap_username=<m_name> --mchap_password=<m_pwd> --level=[prohibited, required] --secret=<string> --adapter=<adapter_name>
    The specified
    mchap_username
     and
    secret
     must be supported on the storage side.
  4. After setup is complete, perform rediscovery and rescan all storage devices.
    The following example performs the rediscovery and rescan operations. 
    esxcli <conn_options> iscsi adapter discovery rediscover
esxcli <conn_options> storage core adapter rescan --adapter=vmhba36

Content feedback and comments