Fabric Management; Security Management - Cisco DS-C9216I-K9 Configuration Manual

Chapter 1 Product Overview
When a switch powers up and two supervisor modules are present, the module in slot 5 enters the active
mode, while the second module in slot 6 enters the standby mode. All storage management functions
occur on the active supervisor module. The standby module constantly monitors the active module. If
the active module fails, the standby module takes over without any impact to user traffic.
See the Cisco MDS 9500 Series Hardware Installation Guide for additional information.

Fabric Management

Switches in the Cisco MDS 9000 Family offer fabric management and control through the command-line
interface (CLI) by using Telnet, SSH, or a serial console and through the Cisco MDS 9000 Fabric
Manager tool by using the Simple Network Management Protocol (SNMP) services:
•
•
•

Security Management

The Cisco MDS 9000 Family of switches offer strict and secure switch management options through
switch access security, port security, user authentication, and role-based access.
Switch Access Security
Each switch can be accessed through the CLI or SNMP.
•
•
•
Port Security
Port security features prevent unauthorized access to a switch port in the Cisco MDS 9000 Family.
•
•
OL-7753-01
SNMP versions 1, 2, and 3 are supported.
Remote Monitoring (RMON) allows you to specify thresholds and monitor alarms on SNMP
variables. Extended RMON alarms are available for supported Management Information Base
(MIB) objects. See the Cisco MDS 9000 Family MIB Reference Guide for additional information.
System error message logs (syslogs) are viewed through a console or Telnet session for
asynchronous events such as an interface transition. Syslogs are directed to an internal log and
optionally to an external server. See the Cisco MDS 9000 Family System Messages Guide for
additional information.
Secure switch access—Available when you explicitly enable Secure Shell (SSH) access to the
switch. SSH access provides additional controlled security by encrypting data, user IDs, and
passwords. By default, Telnet access is enabled on each switch.
SNMP access—SNMPv3 provides built-in security for secure user authentication and data
encryption.
IP Access control lists (IP-ACLs)—Provide basic network security to all switches in the Cisco MDS
9000 Family. IP-ACLs restricts IP-related inband and out-of-band management traffic based on IP
addresses (layer 3 and layer 4 information). You can use IP-ACLs to control transmissions on an
interface.
Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are
rejected.
All intrusion attempts are reported to the SAN administrator through syslog messages.
Cisco MDS 9000 Fabric Manager Switch Configuration Guide
Software Features
1-9