You can use the vicfg-iscsi -A -c options to enable iSCSI authentication. Mutual authentication is supported for software iSCSI and dependent hardware iSCSI, but not for independent hardware iSCSI.

For information on iSCSI CHAP, see Setting iSCSI CHAP.

Prerequisites

  • Verify that CHAP authentication is already set up when you start setting up mutual CHAP.
  • Verify that CHAP and mutual CHAP use different user names and passwords. The second user name and password are supported for mutual authentication on the storage side.
  • Verify that CHAP and mutual CHAP use compatible CHAP levels.

Procedure

  1. Enable authentication on the ESXi host.
    vicfg-iscsi <conn_options> -A -c <level> -m <auth_method> -u <auth_u_name> -w <chap_password>
       [-i <stor_ip_addr|stor_hostname> [:<portnum>] [-n <iscsi_name]] <adapter_name>
    The specified user name and password must be supported on the storage side.
  2. Enable mutual authentication on the ESXi host.
    vicfg-iscsi <conn_options> -A -c <level> -m <auth_method> -b -u <ma_username>
       -w <ma_password> [-i <stor_ip_addr|stor_hostname> [:<portnum>]
       [-n <iscsi_name]] <adapter_name>
  3. After setup is complete, perform rediscovery and rescan all storage devices.