Chapter - Cisco Nexus 9000 Series Configuration Manual

Overview
The Cisco NX-OS software supports security features that can protect your network against degradation or
failure and also against data loss or compromise resulting from intentional attacks and from unintended but
damaging mistakes by well-meaning network users.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Authentication, Authorization, and Accounting
Authentication, authorization, and accounting (AAA) is an architectural framework for configuring a set of
three independent security functions in a consistent, modular manner.
Authentication
Authentication, Authorization, and Accounting, on page 3
RADIUS and TACACS+ Security Protocols, on page 4
LDAP, on page 5
SSH and Telnet, on page 5
User Accounts and Roles, on page 5
IP ACLs, on page 5
MAC ACLs, on page 6
VACLs, on page 6
DHCP Snooping, on page 6
Dynamic ARP Inspection, on page 6
IP Source Guard, on page 7
Password Encryption, on page 7
Keychain Management, on page 7
Traffic Storm Control, on page 7
Control Plane Policing, on page 8
Rate Limits, on page 8
Software Image, on page 8
Virtual Device Contexts, on page 8
Provides the method of identifying users, including login and password dialog, challenge and response,
messaging support, and, depending on the security protocol that you select, encryption. Authentication
is the way a user is identified prior to being allowed access to the network and network services. You
configure AAA authentication by defining a named list of authentication methods and then applying that
list to various interfaces.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
2
C H A P T E R
3