Switch AAA Functionalities
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
CLI Security Options
You can access the CLI using the console (serial connection), Telnet, or Secure Shell (SSH). For each
management path (console, Telnet, and SSH), you can configure one or more of the following security
control options: local, remote (RADIUS or TACACS+), or none.
•
•
These security features can also be configured for the following scenarios:
•
•
SNMP Security Options
The SNMP agent supports security features for SNMPv1, SNMPv2c, and SNMPv3. Normal SNMP
security features apply to all applications that use SNMP (for example, Cisco MDS 9000 Fabric
Manager).
SNMP security options also apply to Fabric Manager and Device Manager.
See
Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide for information on Fabric
Manager and Device Manager.
Switch AAA Functionalities
Using the CLI or an SNMP application, you can configure AAA switch functionalities on any switch in
the Cisco MDS 9000 Family.
This section includes the following topics:
•
•
•
•
•
•
•
•
Cisco MDS 9000 Family CLI Configuration Guide
34-2
Remote security control
Using RADIUS.See
the"Configuring RADIUS" section on page
–
Using TACACS+. See
–
Local security control. See the
iSCSI authentication (see the ).
Fibre Channel Security Protocol (FC-SP) authentication (see
DHCHAP")
Chapter 33, "Configuring
Authentication, page 34-3
Authorization, page 34-3
Accounting, page 34-3
Remote AAA Services, page 34-4
Remote Authentication Guidelines, page 34-4
Server Groups, page 34-4
AAA Service Configuration Options, page 34-4
Authentication and Authorization Process, page 34-6
the"Configuring TACACS+" section on page
"Local AAA Services" section on page
SNMP".
Chapter 34
Configuring RADIUS and TACACS+
34-8.
34-17.
34-35.
Chapter 38, "Configuring FC-SP and
OL-18084-01, Cisco MDS NX-OS Release 4.x