Switch Management Security
Switch Management Security
Management security in any switch in the Cisco MDS 9000 Family is implemented using the
Command-line interface (CLI) or Simple Network Management Protocol (SNMP).
SNMP Security
The SNMP agent supports security features for SNMPv1, SNMPv2c, and SNMPv3. Normal SNMP
security mechanisms apply to all applications that use SNMP (for example, Cisco MDS 9000 Fabric
Manager).
Users and roles configured through the CLI are different from users and roles configured through SNMP.
These configurations do not directly correspond with each other. However, you can configure both CLI
and SNMP identically, if required.
CLI Security
You can access the CLI using the Console (serial connection), Telnet, or Secure Shell (SSH). For each
management path (console or Telnet and SSH), you can configure one or more of the following security
control options: local, remote (RADIUS or TACACS+), or none.
•
•
•
These authentication mechanisms can also be used to configure AAA for the following scenarios:
•
•
Switch AAA Functionalities
Using CLI, you can configure Authentication, Authorization, and Accounting (AAA) switch
functionalities on any switch in the Cisco MDS 9000 Family.
This section contains the following topics:
•
•
•
•
•
•
•
Cisco MDS 9000 Fabric Manager Switch Configuration Guide
18-2
Remote security control
Using Remote Authentication Dial-In User Services (RADIUS).
–
Using Terminal Access Controller Access Control System plus (TACACS+).
–
Local security control.
Trivial authentication.
iSCSI authentication
Fibre Channel Security Protocol (FC-SP) authentication
Authentication, page 18-3
Authorization, page 18-3
Accounting, page 18-3
Remote Authentication by AAA Servers, page 18-3
Remote Authentication Guidelines, page 18-3
Server Groups, page 18-4
AAA Service Configuration Options, page 18-4
Chapter 18
Configuring Switch Security
OL-7753-01