Table 9-1. Management Security Features
Control List (ACL)
Local User Database
Line and Enable
For information about port-based access, 802.1X, and the Internal
Authentication Server (IAS), see "Configuring 802.1X and Port-Based
Security" on page 509.
Controlling Management Access
Contains rules to apply to one or more in-band ports, LAGs,
or VLANs to limit management access by method (for
example, Telnet or HTTP) and/or source IP address.
Management ACLs cannot be applied to the OOB port.
Controls the authentication method(s) to use to validate
switch management access for the users associated with the
Maintains a list of users who are allowed to access the switch
management interface. The database contains a username
with an associated password and security level. The
supported security levels are Read-Write (15), Read Only (1),
and Suspended (0).
Includes settings such as minimum password length,
password aging, password reuse rules, password strength
criteria, and number of login attempts allowed.
Passwords to allow only authorized users to access the switch
through the CLI interface (console, Telnet, and SSH) and to
enter Privileged Exec mode from User Exec mode.
Configure the switch to use a remote TACACS+ server to
Configure information about one or more remote RADIUS
servers to use for authentication, authorization, and
Allow or prevent access to the switch by using Telnet and
specify the port to use.
Protect the switch from various DoS attacks that can prevent
the control plane (which includes management access) from