You can set up all targets to receive the same CHAP name and secret from the iSCSI initiator at the initiator level. By default, all discovery addresses or static targets inherit the CHAP parameters that you set up at the initiator level.
The CHAP name must be fewer than 511 alphanumeric characters and the CHAP secret must be fewer than 255 alphanumeric characters. Some adapters, for example the QLogic adapter, might have lower limits, 255 for the CHAP name and 100 for the CHAP secret.
- Before you set up CHAP parameters for software or dependent hardware iSCSI, determine whether to configure one-way, also known as normal, or mutual CHAP. Independent hardware iSCSI adapters do not support mutual CHAP.
- In one-way CHAP, the target authenticates the initiator.
- In mutual CHAP, both the target and the initiator authenticate each other. Use different secrets for CHAP and mutual CHAP.
When you configure CHAP parameters, verify that they match the parameters on the storage side.
- Required privileges:
- Click Storage in the VMware Host Client inventory, click Adapters, and click Configure iSCSI.
- To configure one-way CHAP, expand CHAP authentication to display all parameters.
- Select the CHAP security level.
- Enter the CHAP name.
Make sure that the name you enter matches the name configured on the storage side.
- Enter a one-way CHAP secret to use for authentication. Use the same secret that you enter on the storage side.
- To configure mutual CHAP, select Use CHAP as an option for one-way CHAP. Expand Mutual CHAP authentication to display all parameters.
- Select Use CHAP.
- Enter the mutual CHAP name.
- Enter the mutual CHAP secret.
Use different secrets for the one-way CHAP and the mutual CHAP.
- Click Save configuration.