Configuring Switch Security
The authentication, authorization, and accounting (AAA) strategy is used to verify identity of, grant
access, and track the actions of remote users in all switches in the Cisco MDS 9000 Family. The Remote
Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus
(TACACS+) provide AAA solutions.
Based on the user ID and password combination provided, switches perform local authentication using
a local database or remote authentication using AAA server(s). A global, preshared, secret key
authenticates communication between the AAA servers. This secret key can be configured for all AAA
server groups or for only a specific AAA server. This kind of authentication provides a central
configuration management capability.
This chapter contains the following topics:
Switch Management Security, page 18-2
•
•
Switch AAA Functionalities, page 18-2
Configuring RADIUS, page 18-4
•
Configuring TACACS+, page 18-7
•
Configuring Server Groups, page 18-9
•
Local AAA, page 18-9
•
Authentication and Authorization Process, page 18-9
•
Configuring Role-Based CLI Authorization, page 18-11
•
Recovering Administrator Password, page 18-12
•
Configuring SSH Services, page 18-12
•
•
About SNMP Security, page 18-13
Default Security Settings, page 18-20
•
•
Restricting Switch Access, page 18-21
OL-7753-01
C H A P T E R
Cisco MDS 9000 Fabric Manager Switch Configuration Guide
18
18-1