Table of Contents
Advertisement
Software Features
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Fabric Management
Cisco MDS 9000 Family switches offer fabric management and control through the command-line
interface (CLI) by using Telnet, SSH, or a serial console and through the Cisco MDS 9000 Fabric
Manager tool by using the Simple Network Management Protocol (SNMP) services:
•
•
•
Security Management
The Cisco MDS 9000 Family of switches offer strict and secure switch management options through
switch access security, port security, user authentication, and role-based access control.
Network Security
IP Security Protocol (IPsec) is a framework of open standards that provides data confidentiality, data
integrity, and data authentication between participating peers. It is developed by the Internet Engineering
Task Force (IETF). IPsec provides these security services at the IP layer. IPsec can be used to protect
one or more data flows between a pair of hosts, between a pair of security gateways, or between a
security gateway and a host.
IPsec uses the Internet Key Exchange (IKE) protocol to handle protocol and algorithm negotiation and
to generate the encryption and authentication keys to be used by IPsec. While IKE can be used with other
protocols, its initial implementation is with the IPsec protocol. IKE provides authentication of the IPsec
peers, negotiates IPsec security associations, and establishes IPsec keys.
See
Fabric Security
Fibre Channel Security Protocol (FC-SP) capabilities provide switch-switch and host-switch
authentication to overcome security challenges for enterprise-wide fabrics. Diffie-Hellman Challenge
Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication
between Cisco MDS 9000 Family switches and other devices. It consists of the CHAP protocol
combined with the Diffie-Hellman exchange.
See
Cisco MDS 9000 Family Configuration Guide
1-12
SNMP versions 1, 2c, and 3 are supported. See
Remote Monitoring (RMON) allows you to specify thresholds and monitor alarms on SNMP
variables. Extended RMON alarms are available for supported Management Information Base
(MIB) objects (refer to the Cisco MDS 9000 Family MIB Reference). See
RMON."
System log (syslog) messages are viewed through a console or Telnet session for asynchronous
events such as an interface transition. System messages are directed to an internal log and optionally
to an external server (refer to the Cisco MDS 9000 Family System Messages Reference). See
Chapter 44, "Configuring System Message Logging."
Chapter 30, "Configuring IPsec Network Security."
Chapter 31, "Configuring FC-SP and DHCHAP."
Chapter 1
Chapter 27, "Configuring SNMP."
Chapter 42, "Configuring
OL-6973-03, Cisco MDS SAN-OS Release 2.x
Product Overview
Advertisement
Table of Contents
