If you use software and dependent hardware iSCSI adapters, or an iSER storage adapter, you can configure different CHAP credentials for each discovery address or static target.

The CHAP name cannot exceed 511 and the CHAP secret 255 alphanumeric characters.

Prerequisites

  • Before setting up CHAP parameters, determine whether to configure unidirectional or bidirectional CHAP.
  • Verify CHAP parameters configured on the storage side. Parameters that you configure must match the ones on the storage side.
  • Required privilege: Host.Configuration.Storage Partition Configuration

Procedure

  1. Navigate to the iSCSI or iSER storage adapter.
    1. In the vSphere Client, navigate to the ESXi host.
    2. Click the Configure tab.
    3. Under Storage, click Storage Adapters, and select the adapter (vmhba#) to configure.
  2. Click either Dynamic Discovery or Static Discovery.
  3. From the list of available targets, select a target to configure and click Authentication.
  4. Deselect Inherit settings from parent and specify authentication method.
    • None
    • Use unidirectional CHAP if required by target
    • Use unidirectional CHAP unless prohibited by target
    • Use unidirectional CHAP
    • Use bidirectional CHAP. To configure bidirectional CHAP, you must select this option.
  5. Specify the outgoing CHAP name.

    Make sure that the name you specify matches the name configured on the storage side.

    • To set the CHAP name to the iSCSI adapter name, select Use initiator name.
    • To set the CHAP name to anything other than the iSCSI initiator name, deselect Use initiator name and enter a name in the Name text box.
  6. Enter an outgoing CHAP secret to be used as part of authentication. Use the same secret that you enter on the storage side.
  7. If configuring bidirectional CHAP, specify incoming CHAP credentials.
    Make sure to use different secrets for the outgoing and incoming CHAP.
  8. Click OK.
  9. Rescan the storage adapter.

Results

If you change the CHAP parameters, they are used for new iSCSI sessions. For existing sessions, new settings are not used until you log out and login again.