Enable iSCSI
Authentication with ESXCLI
You can use the
esxcli iscsi adapter
auth
commands to enable iSCSI authentication.
For information on iSCSI CHAP,
see
Setting iSCSI CHAP.
- Set the authentication information for CHAP.esxcli <conn_options> iscsi adapter auth chap set --direction=uni --chap_username=<name> --chap_password=<pwd> --level=[prohibited, discouraged, preferred, required] --secret=<string> --adapter=<adapter_name>You can set per-target CHAP for static targets, per-adapter CHAP, or apply the command to the discovery address.OptionCommandPer-adapter CHAPesxcli iscsi adapter auth chap setPer-discovery CHAPesxcli iscsi adapter discovery sendtarget auth chap setPer-target CHAPesxcli iscsi adapter target portal auth chap setThe following example sets adapter-level CHAP.esxcli <conn_options> iscsi adapter auth chap set --direction=uni --chap_username=User1 --chap_password=MySpecialPwd --level=preferred --secret=uni_secret --adapter=vmhba33
- Set the authentication information for mutual CHAP by runningesxcli iscsi adapter auth chapset again with the-doption set tomutual optionand a different authentication user name and secret.esxcli <conn_options> iscsi adapter auth chap set --direction=mutual --mchap_username=<m_name> --mchap_password=<m_pwd> --level=[prohibited, required] --secret=<string> --adapter=<adapter_name>For<level>, specifyprohibitedorrequired.OptionDescriptionprohibitedThe host does not use CHAP authentication. If authentication is enabled, specifychapProhibitedto disable it.requiredThe host requires successful CHAP authentication. The connection fails if CHAP negotiation fails. You can set this value for mutual CHAP only if CHAP is set tochapRequired.For direction, specifymutual.You are responsible for making sure that CHAP is set before you set mutual CHAP, and for using compatible levels for CHAP and mutual CHAP. Use a different secret in CHAP and mutual CHAP.