Switch Management Security - HP Cisco MDS 9216 - Fabric Switch Configuration Manual

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Configuring RADIUS and TACACS+
The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access
to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use RADIUS
and TACACS+ protocols to provide solutions using remote AAA servers.
Based on the user ID and password combination provided, switches perform local authentication or
authorization using the local database or remote authentication or authorization using a AAA server. A
preshared secret key provides security for communication between the switch and AAA servers. This
secret key can be configured for all AAA servers or for only a specific AAA server. This security feature
provides a central management capability for AAA servers.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•

Switch Management Security

Management security in any switch in the Cisco MDS 9000 Family provides security to all management
access methods, including the command-line interface (CLI) or Simple Network Management Protocol
(SNMP).
This section includes the following topics:
•
•
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Switch Management Security, page 41-1
Switch AAA, page 41-2
Configuring RADIUS Server Monitoring Parameters, page 41-7
Configuring TACACS+ Server Monitoring Parameters, page 41-14
Server Groups, page 41-19
AAA Server Distribution, page 41-21
MSCHAP Authentication, page 41-24
Local AAA Services, page 41-26
Configuring Cisco Access Control Servers, page 41-26
Default Settings, page 41-30
Fabric Manager Security Options, page 41-2
SNMP Security Options, page 41-2
41
C H A P T E R
Cisco MDS 9000 Family CLI Configuration Guide
41-1