Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual page 73

Chapter 1 Product Overview
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Switch Access Security
Each switch can be accessed through the CLI or SNMP:
•
•
•
See
Port Security
The following port security features prevent unauthorized access to a switch port in the Cisco MDS 9000
Family:
•
•
See
User Authentication
Authentication, authorization, and accounting (AAA) can be used to verify the identity of, grant access
for, and track the actions of remote users. The Remote Access Dial-In User Service (RADIUS) and
Terminal Access Controller Access Control System Plus (TACACS+) provide AAA solutions.
Based on the user ID and password combination provided, switches perform local authentication using
a local database or remote authentication using AAA server(s). A global, preshared, secret key
authenticates communication between the AAA servers. This secret key can be configured for all AAA
server groups or for only a specific AAA server. This kind of authentication provides a central
configuration management capability.
See
TACACS+."
Role-Based Access
Role-based access control assigns roles or groups (locally through the switch or remotely using AAA
servers) to users and limits access to the switch. Access is assigned based on the permission level
associated with each user ID. Your administrator can provide complete access to each user or restrict
access to specific read and write levels for each command.
Cisco MDS SAN-OS software synchronizes the CLI and SNMP roles. You can use SNMP to modify a
role that was created using CLI and vice versa. Each role in SNMP is the same as a role created or
modified through the CLI.
Each role is restricted to one or more VSAN as required.
See
OL-6973-03, Cisco MDS SAN-OS Release 2.x
Secure switch access—Available when you explicitly enable Secure Shell Protocol (SSH) access to
the switch. SSH access provides additional controlled security by encrypting data, user IDs, and
passwords. By default, Telnet access is enabled on each switch.
SNMP access—SNMPv3 provides built-in security for secure user authentication and data
encryption.
IP access control lists (IP-ACLs)—IP-ACLs provide basic network security to all switches in the
Cisco MDS 9000 Family. IP-ACLs restrict IP-related inband and out-of-band management traffic
based on IP addresses (Layer 3 and Layer 4 information). You can use IP-ACLs to control
transmissions on an interface.
Chapter 29, "Configuring IP Access Control Lists."
Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are
rejected.
All intrusion attempts are reported to the SAN administrator through system messages.
Chapter 32, "Configuring Port Security."
Chapter 26, "Configuring Users and Common Roles"
Chapter 27, "Configuring SNMP."
and Chapter 28, "Configuring RADIUS and
Cisco MDS 9000 Family Configuration Guide
Software Features
1-13