Switch Management Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Switch Management Security
Management security in any switch in the Cisco MDS 9000 Family provides security to all management
access methods including the command-line interface (CLI) or Simple Network Management Protocol
(SNMP).
CLI Security Options
You can access the CLI using the console (serial connection), Telnet, or Secure Shell (SSH). For each
management path (console or Telnet and SSH), you can configure one or more of the following security
control options: local, remote (RADIUS or TACACS+), or none.
•
•
These security mechanisms can also be configured for the following scenarios:
•
•
SNMP Security Options
The SNMP agent supports security features for SNMPv1,SNMPv 2c, and SNMPv3. Normal SNMP
security mechanisms apply to all applications that use SNMP (for example, Cisco MDS 9000 Fabric
Manager).
CLI security options also apply to the Cisco MDS Fabric Manager and Device Manager.
See
Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide for information on the Cisco
MDS Fabric or Device Managers.
Switch AAA Functionalities
Using the CLI or an SNMP application, you can configure authentication, authorization, and accounting
(AAA) switch functionalities on any switch in the Cisco MDS 9000 Family.
Authentication
Authentication is the process of verifying the identity of the person managing the switch. This identity
verification is based on the user ID and password combination provided by the person trying to manage
the switch. Cisco MDS 9000 Family switches allow you to perform local authentication (using the local
lookup database) or remote authentication (using one or more RADIUS or TACACS+ servers).
Cisco MDS 9000 Family CLI Configuration Guide
28-2
Remote security control
Using Remote Authentication Dial-In User Services (RADIUS). See the
–
RADIUS" section on page
Using Terminal Access Controller Access Control System plus (TACACS+). See the
–
"Configuring TACACS+" section on page
Local security control. See the
iSCSI authentication (see the
Fibre Channel Security Protocol (FC-SP) authentication (see the
and
DHCHAP")
Chapter 27, "Configuring
28-5.
28-10.
"Local AAA Services" section on page
"Authentication Mechanism" section on page
SNMP".
Chapter 28
Configuring RADIUS and TACACS+
"Configuring
28-19.
35-23).
Chapter 31, "Configuring FC-SP
OL-8222-01, Cisco MDS SAN-OS Release 3.x