- Preface
- New and Changed Information
- Security Overview
- Configuring FIPS
- Configuring User Accounts and RBAC
- Configuring Security Features on an External AAA Server
- Configuring IPv4 and IPv6 Access Control Lists
- Configuring Certificate Authorities and Digital Certificates
- Configuring SSH Services and Telnet
- Configuring IP Security
- Configuring FC-SP and DHCHAP
- Configuring Port Security
- Configuring Fibre Channel Common Transport Management Security
- Configuring Fabric Binding
- Configuring Cisco TrustSec Fibre Channel Link Encryption
- Configuring Secure Boot
- Index
Contents
* - 3 - A - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W
Index
*
* (asterisk)port security wildcard* (asterisk)port security wildcards 1*** 13
3DES encryptionIKE 1IPsec 1A
AAAauthentication process 1authorization process 1default settings 1DHCHAP authentication 1displaying error-enabled status 1local servicesAAAsetting authentication 1remote services 1starting a distribution sessionTACACS+starting a distribution session 1AAA authenticationenabling default user roles 1AAA serversgroups 1monitoring 1remote authentication 1Access Control Lists. See IPv4-ACLs\ 1accountingadministrator passwordsrecovering (procedure 1Advanced Encrypted Standard encryption. See AES encryption 1AES encryptionIKE 1IPsec 1AES-XCBC-MACIPsec 1authenticationfabric security 1guidelines 1local 1user IDs 1C
CAsauthenticating 1certificate download example 1creating a trust point 1default settings 1deleting digital certificates 1displaying configuration 1enrollment using cut-and-paste 1example configuration 1identity 1maintaining 1maximum limits 1monitoring 1multiple trust points 1peer certificates 1purpose 1certificate authorities. See CAs 1certificate revocation lists. See CRLs 1Cisco Access Control Server. See Cisco ACS 1Cisco ACSconfiguring for RADIUS 1configuring for TACACS+ 1Cisco vendor IDdescription 1cisco-av-pairspecifying for SNMPv3 1common rolesconfiguring 1common usersmapping CLI to SNMP 1CRLsconfiguring 1configuring revocation checking methods 1description 1downloading example 1generation example 1crypto IPv4-ACLsany keyword 1configuration guidelines 1creating 1creating crypto map entries 1mirror images 1crypto map entriesconfiguring global lifetime values 1global lifetime values 1setting SA lifetimes 1crypto map setsapplying to interfaces 1crypto mapsauto-peer option 1configuration guidelines 1configuring autopeer option 1configuring perfect forward secrecy 1creating entries 1entries for IPv4-ACLs 1perfect forward secrecy 1SA lifetime negotiations 1SAs between peers 1D
Data Encryption Standard encryption. See DES encryption 1DES encryptionIKE 1IPsec 1DHIKE 1DHCHAPAAA authenticationDHCHAPconfiguring AAA authentication 1authentication modes 1compatibility with other SAN-OS features 1default settings 1description 1displaying security information 1group settings 1hash algorithms 1licensing 1passwords for local switches 1passwords for remote devices 1sample configuration 1See also FC-SP[DHCHAPzzz] 1timeout values 1Diffie-Hellman Challenge Handshake Authentication Protocol. See DHCHAP 1Diffie-Hellman protocol. See DH 1digital certificatesconfiguration example 1deleting from CAs 1generating requests for identity certificates 1installing identity certificates 1maintaining 1maximum limits 1monitoring 1peers 1purpose 1requesting identity certificate example 1revocation example 1SSH support 1digital signature algorithm. See DSA key pairs 1dsa key pairsgeneratingDSA key-pairsgenerating 1E
E portsfabric binding checking 1EFMDfabric binding 1encrypted passwordsuser accounts 1Exchange Fabric Membership Data. See EFMD 1F
fabric bindingactivation 1checking for Ex ports 1clearing statistics 1compatibility with DHCHAP 1default settings 1deleting database 1EFMD 1enforcement 1forceful activation 1licensing requirements 1port security comparison 1saving configurations 1verifying configuration 1fabric securityauthentication 1default settings 1FC-SPauthentication 1enabling 1See also DHCHAP[FC-SPzzz] 1FCIPcompatibility with DHCHAP 1sample IPsec configuration 1Federal Information Processing Standards. See FIPS 1Fibre ChannelsWWNs for fabric binding 1Fibre Channel Security Protocol. See FC-SP 1FICONfabric binding requirements 1sWWNs for fabric binding 1FIPS 1configuration guidelines 1self-tests 1G
global keysassigning for RADIUS 1H
high availabilitycompatibility with DHCHAP 1host keysassigning 1host namesconfiguring for digital certificates 1I
ICMP packetstype value 1IDsCisco vendor ID 1IKEalgorithms for authentication 1default settings 1default settingsdigital certificatesdefault settings 1description 1displaying configurations 1enabling 1refreshing SAs 1terminology 1transforms for encryption 1IKE domainsclearing 1configuring 1IKE initiatorsconfiguring version 1displaying configuration 1IKE peersconfiguring keepalive times 1displaying keepalive configuration 1IKE policiesconfiguring lifetime associations 1configuring negotiation parameters 1displaying current policies 1negotiation 1IKE tunnelsclearing 1description 1Internet Key Exchange. See IKE 1IP domain namesconfiguring for digital certificates 1IP filterscontents 1restricting IP traffic 1IP security. See IPsec 1IPsecalgorithms for authentication 1default settings 1description 1displaying configurations 1fabric setup requirements 1global lifetime values 1hardware compatibility 1licensing requirements 1maintenance 1prerequisites 1RFC implementations 1sample FCIP configuration 1sample iSCSI configuration 1terminology 1transform sets 1transforms for encryption 1unsupported features 1IPv4-ACLsadding entries 1clearing counters 1configuration guidelines 1crypto map entries 1displaying configuration 1reading dump logs 1verifying interface configuration 1IPv6-ACLs 1iSCSIsample IPsec configuration 1L
loginsSSH 1Telnet 1M
MD5 authenticationIKE 1IPsec 1Message Authentication Code using AES. See AES-XCBC-MAC 1Message Digest 5. See MD5 authentication 1Microsoft Challenge Handshake Authentication Protocol. See MSCHAP 1MSCHAPdescription 1N
network administratorsadditional roles 1permissions 1network operatorspermissions 1O
Open UDP and TCP Ports on Cisco MDS 9000 Series Platforms 1P
passwordsencrypted 1recovering (procedure) 1strong characteristics 1persistent domain IDFICON VSANs 1PKIenrollment support 1port securityactivating 1activation 1activation rejection 1adding authorized pairs 1auto-learning 1cleaning up databasesport security databasescleaning up 1compatibility with DHCHAP 1configuration guidelines 1copying databasesport security databasescopying 1data scenariosport security databasesscenarios 1database interactionsport security databasesinteractions 1database merge guidelinesport security databasesmerge guidelines 1deactivating 1deleting databasesport security databasesdeleting 1disabling 1displaying configurationport securityenabling 1enforcement mechanisms 1fabric binding comparison 1forcing activation 1license requirement 1manual configuration guidelinesport security databasesmanual configuration guidelines 1unauthorized accesses preventedport securitypreventing unauthorized accesses 1WWN identification 1port security auto-learningdescription 1device authorization 1disabling 1distributing configuration 1enabling 1guidelines for configuring with CFS 1port security databasesdisplaying violations 1reactivating 1PortChannelscompatibility with DHCHAP 1preshared keysRADIUS 1TACACS+ 1profilesconfiguring 1modifying 1Public Key Infrastructure. See PKI 1R
RADIUSassigning host keys 1CFS merge guidelines 1clearing configuration distribution sessions 1configuring Cisco ACS 1configuring server groups 1configuring server monitoring parameters 1configuring test idle timer 1configuring test user name 1default settings 1description 1displaying configured parameters 1sending test messages for monitoring 1setting preshared keys 1specifying server timeout 1specifying time-out 1starting a distribution session 1role databasesclearing distribution sessions 1committing changes to fabric 1disabling distribution 1discarding database changes 1enabling distribution 1viewing with Fabric Manager 1rolesconfiguring 1configuring rules 1default permissions 1default setting 1displaying information 1modifying profiles 1See also command roles[roleszzz] 1user profiles 1roles databasedisplaying information 1roles databasesdescription 1locking in the fabric 1merge guidelines 1rsa key pairsgenerating 1RSA key-pairsdeleting 1description 1displaying configuration 1generating 1rulesconfiguring 1S
SAsdisplaying for IKE 1displaying global lifetime values 1establishing between IPsec peers 1global lifetime values 1lifetime negotiations 1refreshing 1setting lifetime 1securityaccounting 1managing on the switch 1security associations. See SAs 1security controllocal 1remote 1remote AAA servers 1server groupsSHA-1SNMPcreating roles 1mapping CLI operations 1security features 1SNMPv3specifying cisco-av-pair 1SSHclearing hosts 1default service 1digital certificate authentication 1displaying status 1enabling 1logins 1overwriting server key-pairs 1protocol status 1SSH clientssupport on NX-OS devices 1SSH key pairsoverwriting 1SSH login attemptsconfiguring 1SSH serverskey-pair support 1support on NX-OS devices 1switch securitysWWNsT
TACACS+CFS merge guidelines 1clearing configuration distribution sessions 1configuring Cisco ACS 1configuring server groups 1default settings 1description 1displaying information 1enabling 1global keys 1sending test messages for monitoring 1setting default server timeout 1setting global secret keys 1setting preshared key 1setting server monitoring parameters 1setting timeout value 1specifying server at login 1validating 1TCP portsIPv4-ACLs 1TE portsfabric binding checking 1Telnetenabling 1logins 1Telnet serverssupport on NX-OS devices 1transform setsconfiguring for IPsec 1creating crypto map entries 1description 1Triple DES. See 3DEC encryption 1trust pointscreating 1description 1multiple 1saving configuration across reboots 1TrustSec FC Link Encryption 1Best Practices 1enabling 1ESP Modes 1ESP Settings 1Information 1Security Association Parameters 1Security Associations 1Supported Modules 1Terminology 1U
UDP portsIPv4-ACLs 1user accountsconfiguring 1configuring profiles 1configuring roles 1displaying information 1password characteristics 1user IDsauthentication 1user profilesrole information 1usersconfiguring 1deleting 1description 1displaying account information 1logging out other users 1V
vendor-specific attributes. See VSAs 1VSAN policiesdefault roles 1licensingVSANsconfiguring policies 1modifying 1VSANscompatibility with DHCHAP 1IP routing 1policies 1VSAscommunicating attributes 1protocol options 1W
WWNsport security 1