Index

Contents

* - 3 - A - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W

Index

*

* (asterisk)
port security wildcard* (asterisk)
port security wildcards 1
*** 1

3

3DES encryption
IKE 1
IPsec 1

A

AAA
authentication process 1
authorization process 1
configuring accounting services 1 2
default settings 1
DHCHAP authentication 1
displaying error-enabled status 1
distributing with CFS (procedure) 1 2
enabling server distribution 1 2
local servicesAAA
setting authentication 1
remote services 1
starting a distribution sessionTACACS+
starting a distribution session 1
AAA authentication
enabling default user roles 1
AAA servers
groups 1
monitoring 1
remote authentication 1
Access Control Lists. See IPv4-ACLs\ 1
accounting
configuring services 1 2
administrator passwords
recovering (procedure 1
Advanced Encrypted Standard encryption. See AES encryption 1
AES encryption
IKE 1
IPsec 1
AES-XCBC-MAC
IPsec 1
authentication
fabric security 1
guidelines 1
local 1
remote 1 2
user IDs 1

C

CAs
authenticating 1
certificate download example 1
configuring 1 2
creating a trust point 1
default settings 1
deleting digital certificates 1
description 1 2
displaying configuration 1
enrollment using cut-and-paste 1
example configuration 1
identity 1
maintaining 1
maximum limits 1
monitoring 1
multiple trust points 1
peer certificates 1
purpose 1
certificate authorities. See CAs 1
certificate revocation lists. See CRLs 1
Cisco Access Control Server. See Cisco ACS 1
Cisco ACS
configuring for RADIUS 1
configuring for TACACS+ 1
Cisco vendor ID
description 1
cisco-av-pair
specifying for SNMPv3 1
common roles
configuring 1
common users
mapping CLI to SNMP 1
CRLs
configuring 1
configuring revocation checking methods 1
description 1
downloading example 1
generation example 1
crypto IPv4-ACLs
any keyword 1
configuration guidelines 1
creating 1
creating crypto map entries 1
mirror images 1
crypto map entries
configuring global lifetime values 1
global lifetime values 1
setting SA lifetimes 1
crypto map sets
applying to interfaces 1
crypto maps
auto-peer option 1
configuration guidelines 1
configuring autopeer option 1
configuring perfect forward secrecy 1
creating entries 1
entries for IPv4-ACLs 1
perfect forward secrecy 1
SA lifetime negotiations 1
SAs between peers 1

D

Data Encryption Standard encryption. See DES encryption 1
DES encryption
IKE 1
IPsec 1
DH
IKE 1
DHCHAP
AAA authenticationDHCHAP
configuring AAA authentication 1
authentication modes 1
compatibility with other SAN-OS features 1
configuring 1 2
default settings 1
description 1
displaying security information 1
enabling 1 2
group settings 1
hash algorithms 1
licensing 1
passwords for local switches 1
passwords for remote devices 1
sample configuration 1
See also FC-SP[DHCHAP
zzz] 1
timeout values 1
Diffie-Hellman Challenge Handshake Authentication Protocol. See DHCHAP 1
Diffie-Hellman protocol. See DH 1
digital certificates
configuration example 1
configuring 1 2
deleting from CAs 1
description 1 2
exporting 1 2 3
generating requests for identity certificates 1
importing 1 2 3
installing identity certificates 1
IPsec 1 2
maintaining 1
maximum limits 1
monitoring 1
peers 1
purpose 1
requesting identity certificate example 1
revocation example 1
SSH support 1
digital signature algorithm. See DSA key pairs 1
dsa key pairs
generatingDSA key-pairs
generating 1

E

E ports
fabric binding checking 1
EFMD
fabric binding 1
encrypted passwords
user accounts 1
Exchange Fabric Membership Data. See EFMD 1

F

fabric binding
activation 1
checking for Ex ports 1
clearing statistics 1
compatibility with DHCHAP 1
configuration 1 2
default settings 1
deleting database 1
description 1 2
EFMD 1
enforcement 1
forceful activation 1
licensing requirements 1
port security comparison 1
saving configurations 1
verifying configuration 1
fabric security
authentication 1
default settings 1
FC-SP
authentication 1
enabling 1
See also DHCHAP[FC-SP
zzz] 1
FCIP
compatibility with DHCHAP 1
sample IPsec configuration 1
Federal Information Processing Standards. See FIPS 1
Fibre Channel
sWWNs for fabric binding 1
Fibre Channel Security Protocol. See FC-SP 1
FICON
fabric binding requirements 1
sWWNs for fabric binding 1
FIPS 1
configuration guidelines 1
self-tests 1

G

global keys
assigning for RADIUS 1

H

high availability
compatibility with DHCHAP 1
host keys
assigning 1
host names
configuring for digital certificates 1

I

ICMP packets
type value 1
IDs
Cisco vendor ID 1
IKE
algorithms for authentication 1
default settings 1
default settingsdigital certificates
default settings 1
description 1
displaying configurations 1
enabling 1
refreshing SAs 1
terminology 1
transforms for encryption 1
IKE domains
clearing 1
configuring 1
IKE initiators
configuring version 1
displaying configuration 1
IKE peers
configuring keepalive times 1
displaying keepalive configuration 1
IKE policies
configuring lifetime associations 1
configuring negotiation parameters 1
displaying current policies 1
negotiation 1
IKE tunnels
clearing 1
description 1
Internet Key Exchange. See IKE 1
IP domain names
configuring for digital certificates 1
IP filters
contents 1
restricting IP traffic 1
IP security. See IPsec 1
IPsec
algorithms for authentication 1
crypto IPv4-ACLs 1 2
default settings 1
description 1
digital certificate support 1 2
displaying configurations 1
fabric setup requirements 1
global lifetime values 1
hardware compatibility 1
licensing requirements 1
maintenance 1
prerequisites 1
RFC implementations 1
sample FCIP configuration 1
sample iSCSI configuration 1
terminology 1
transform sets 1
transforms for encryption 1
unsupported features 1
IPv4-ACLs
adding entries 1
applying to interfaces 1 2 3
clearing counters 1
configuration guidelines 1
crypto 1 2
crypto map entries 1
displaying configuration 1
reading dump logs 1
removing entries 1 2
verifying interface configuration 1
IPv6-ACLs 1
iSCSI
sample IPsec configuration 1

L

logins
SSH 1
Telnet 1

M

MD5 authentication
IKE 1
IPsec 1
Message Authentication Code using AES. See AES-XCBC-MAC 1
Message Digest 5. See MD5 authentication 1
Microsoft Challenge Handshake Authentication Protocol. See MSCHAP 1
MSCHAP
description 1

N

network administrators
additional roles 1
permissions 1
network operators
permissions 1

O

Open UDP and TCP Ports on Cisco MDS 9000 Series Platforms 1

P

passwords
DHCHAP 1 2
encrypted 1
recovering (procedure) 1
strong characteristics 1
persistent domain ID
FICON VSANs 1
PKI
enrollment support 1
port security
activating 1
activation 1
activation rejection 1
adding authorized pairs 1
auto-learning 1
cleaning up databasesport security databases
cleaning up 1
compatibility with DHCHAP 1
configuration guidelines 1
configuring CFS distribution 1 2
copying databasesport security databases
copying 1
data scenariosport security databases
scenarios 1
database interactionsport security databases
interactions 1
database merge guidelinesport security databases
merge guidelines 1
deactivating 1
default settings 1 2
deleting databasesport security databases
deleting 1
disabling 1
displaying configuration 1 2
displaying configurationport security
displaying configuration 1 2
enabling 1
enforcement mechanisms 1
fabric binding comparison 1
forcing activation 1
license requirement 1
manual configuration guidelinesport security databases
manual configuration guidelines 1
unauthorized accesses preventedport security
preventing unauthorized accesses 1
WWN identification 1
port security auto-learning
description 1
device authorization 1
disabling 1
distributing configuration 1
enabling 1
guidelines for configuring with CFS 1
port security databases
displaying configuration 1 2
displaying violations 1
reactivating 1
PortChannels
compatibility with DHCHAP 1
preshared keys
RADIUS 1
TACACS+ 1
profiles
configuring 1
modifying 1
Public Key Infrastructure. See PKI 1

R

RADIUS
assigning host keys 1
CFS merge guidelines 1
clearing configuration distribution sessions 1
configuring Cisco ACS 1
configuring server groups 1
configuring server monitoring parameters 1
configuring test idle timer 1
configuring test user name 1
default settings 1
description 1
discarding configuration distribution changes 1 2
displaying configured parameters 1
enabling configuration distribution 1 2
sending test messages for monitoring 1
setting preshared keys 1
specifying server timeout 1
specifying servers 1 2
specifying time-out 1
starting a distribution session 1
role databases
clearing distribution sessions 1
committing changes to fabric 1
disabling distribution 1
discarding database changes 1
enabling distribution 1
viewing with Fabric Manager 1
roles
configuring 1
configuring rules 1
default permissions 1
default setting 1
displaying information 1
distributing configurations 1 2
modifying profiles 1
See also command roles[roles
zzz] 1
user profiles 1
roles database
displaying information 1
roles databases
description 1
locking in the fabric 1
merge guidelines 1
rsa key pairs
generating 1
RSA key-pairs
deleting 1
description 1
displaying configuration 1
exporting 1 2
generating 1
importing 1 2
rules
configuring 1

S

SAs
displaying for IKE 1
displaying global lifetime values 1
establishing between IPsec peers 1
global lifetime values 1
lifetime negotiations 1
refreshing 1
setting lifetime 1
security
accounting 1
managing on the switch 1
security associations. See SAs 1
security control
local 1
remote 1
remote AAA servers 1
server groups
configuring 1 2
SHA-1
IKE 1 2
SNMP
creating roles 1
mapping CLI operations 1
security features 1
SNMPv3
specifying cisco-av-pair 1
SSH
clearing hosts 1
default service 1
description 1 2
digital certificate authentication 1
displaying status 1
enabling 1
generating server key-pairs 1 2
logins 1
overwriting server key-pairs 1
protocol status 1
specifying keys 1 2
SSH clients
support on NX-OS devices 1
SSH key pairs
overwriting 1
SSH login attempts
configuring 1
SSH servers
key-pair support 1
support on NX-OS devices 1
switch security
default settings 1 2
sWWNs
configuring for fabric binding 1 2

T

TACACS+
CFS merge guidelines 1
clearing configuration distribution sessions 1
configuring Cisco ACS 1
configuring server groups 1
default settings 1
description 1
discarding configuration distribution changes 1 2
displaying information 1
enabling 1
enabling configuration distribution 1 2
global keys 1
sending test messages for monitoring 1
setting default server timeout 1
setting global secret keys 1
setting preshared key 1
setting server addresses 1 2
setting server monitoring parameters 1
setting timeout value 1
specifying server at login 1
validating 1
TCP ports
IPv4-ACLs 1
TE ports
fabric binding checking 1
Telnet
enabling 1
logins 1
Telnet servers
support on NX-OS devices 1
transform sets
configuring for IPsec 1
creating crypto map entries 1
description 1
Triple DES. See 3DEC encryption 1
trust points
creating 1
description 1
multiple 1
saving configuration across reboots 1
TrustSec FC Link Encryption 1
Best Practices 1
enabling 1
ESP Modes 1
ESP Settings 1
Information 1
Security Association Parameters 1
Security Associations 1
Supported Modules 1
Terminology 1

U

UDP ports
IPv4-ACLs 1
user accounts
configuring 1
configuring profiles 1
configuring roles 1
displaying information 1
password characteristics 1
user IDs
authentication 1
user profiles
role information 1
users
configuring 1
deleting 1
description 1
displaying account information 1
logging out other users 1

V

vendor-specific attributes. See VSAs 1
VSAN policies
default roles 1
licensingVSANs
configuring policies 1
modifying 1
VSANs
compatibility with DHCHAP 1
IP routing 1
policies 1
VSAs
communicating attributes 1
protocol options 1

W

WWNs
port security 1