Cisco MDS 9000 Series Security Configuration Guide, Release 9.x

Contents

* - 3 - A - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W

Index

*

* (asterisk)

port security wildcard* (asterisk)

port security wildcards 1

*** 1

3

3DES encryption

IKE 1

IPsec 1

A

AAA

authentication process 1

authorization process 1

configuring accounting services 1 2

default settings 1

DHCHAP authentication 1

displaying error-enabled status 1

distributing with CFS (procedure) 1 2

enabling server distribution 1 2

local servicesAAA

setting authentication 1

remote services 1

starting a distribution sessionTACACS+

starting a distribution session 1

AAA authentication

enabling default user roles 1

AAA servers

groups 1

monitoring 1

remote authentication 1

Access Control Lists. See IPv4-ACLs\ 1

accounting

configuring services 1 2

administrator passwords

recovering (procedure 1

Advanced Encrypted Standard encryption. See AES encryption 1

AES encryption

IKE 1

IPsec 1

AES-XCBC-MAC

IPsec 1

authentication

fabric security 1

guidelines 1

local 1

remote 1 2

user IDs 1

C

CAs

authenticating 1

certificate download example 1

configuring 1 2

creating a trust point 1

default settings 1

deleting digital certificates 1

description 1 2

displaying configuration 1

enrollment using cut-and-paste 1

example configuration 1

identity 1

maintaining 1

maximum limits 1

monitoring 1

multiple trust points 1

peer certificates 1

purpose 1

certificate authorities. See CAs 1

certificate revocation lists. See CRLs 1

Cisco Access Control Server. See Cisco ACS 1

Cisco ACS

configuring for RADIUS 1

configuring for TACACS+ 1

Cisco vendor ID

description 1

cisco-av-pair

specifying for SNMPv3 1

common roles

configuring 1

common users

mapping CLI to SNMP 1

CRLs

configuring 1

configuring revocation checking methods 1

description 1

downloading example 1

generation example 1

crypto IPv4-ACLs

any keyword 1

configuration guidelines 1

creating 1

creating crypto map entries 1

mirror images 1

crypto map entries

configuring global lifetime values 1

global lifetime values 1

setting SA lifetimes 1

crypto map sets

applying to interfaces 1

crypto maps

auto-peer option 1

configuration guidelines 1

configuring autopeer option 1

configuring perfect forward secrecy 1

creating entries 1

entries for IPv4-ACLs 1

perfect forward secrecy 1

SA lifetime negotiations 1

SAs between peers 1

D

Data Encryption Standard encryption. See DES encryption 1

DES encryption

IKE 1

IPsec 1

DH

IKE 1

DHCHAP

AAA authenticationDHCHAP

configuring AAA authentication 1

authentication modes 1

compatibility with other SAN-OS features 1

configuring 1 2

default settings 1

description 1

displaying security information 1

enabling 1 2

group settings 1

hash algorithms 1

licensing 1

passwords for local switches 1

passwords for remote devices 1

sample configuration 1

See also FC-SP[DHCHAP

zzz] 1

timeout values 1

Diffie-Hellman Challenge Handshake Authentication Protocol. See DHCHAP 1

Diffie-Hellman protocol. See DH 1

digital certificates

configuration example 1

configuring 1 2

deleting from CAs 1

description 1 2

exporting 1 2 3

generating requests for identity certificates 1

importing 1 2 3

installing identity certificates 1

IPsec 1 2

maintaining 1

maximum limits 1

monitoring 1

peers 1

purpose 1

requesting identity certificate example 1

revocation example 1

SSH support 1

digital signature algorithm. See DSA key pairs 1

dsa key pairs

generatingDSA key-pairs

generating 1

E

E ports

fabric binding checking 1

EFMD

fabric binding 1

encrypted passwords

user accounts 1

Exchange Fabric Membership Data. See EFMD 1

F

fabric binding

activation 1

checking for Ex ports 1

clearing statistics 1

compatibility with DHCHAP 1

configuration 1 2

default settings 1

deleting database 1

description 1 2

EFMD 1

enforcement 1

forceful activation 1

licensing requirements 1

port security comparison 1

saving configurations 1

verifying configuration 1

fabric security

authentication 1

default settings 1

FC-SP

authentication 1

enabling 1

See also DHCHAP[FC-SP

zzz] 1

FCIP

compatibility with DHCHAP 1

sample IPsec configuration 1

Federal Information Processing Standards. See FIPS 1

Fibre Channel

sWWNs for fabric binding 1

Fibre Channel Security Protocol. See FC-SP 1

FICON

fabric binding requirements 1

sWWNs for fabric binding 1

FIPS 1

configuration guidelines 1

self-tests 1

G

global keys

assigning for RADIUS 1

H

high availability

compatibility with DHCHAP 1

host keys

assigning 1

host names

configuring for digital certificates 1

I

ICMP packets

type value 1

IDs

Cisco vendor ID 1

IKE

algorithms for authentication 1

default settings 1

default settingsdigital certificates

default settings 1

description 1

displaying configurations 1

enabling 1

refreshing SAs 1

terminology 1

transforms for encryption 1

IKE domains

clearing 1

configuring 1

IKE initiators

configuring version 1

displaying configuration 1

IKE peers

configuring keepalive times 1

displaying keepalive configuration 1

IKE policies

configuring lifetime associations 1

configuring negotiation parameters 1

displaying current policies 1

negotiation 1

IKE tunnels

clearing 1

description 1

Internet Key Exchange. See IKE 1

IP domain names

configuring for digital certificates 1

IP filters

contents 1

restricting IP traffic 1

IP security. See IPsec 1

IPsec

algorithms for authentication 1

crypto IPv4-ACLs 1 2

default settings 1

description 1

digital certificate support 1 2

displaying configurations 1

fabric setup requirements 1

global lifetime values 1

hardware compatibility 1

licensing requirements 1

maintenance 1

prerequisites 1

RFC implementations 1

sample FCIP configuration 1

sample iSCSI configuration 1

terminology 1

transform sets 1

transforms for encryption 1

unsupported features 1

IPv4-ACLs

adding entries 1

applying to interfaces 1 2 3

clearing counters 1

configuration guidelines 1

crypto 1 2

crypto map entries 1

displaying configuration 1

reading dump logs 1

removing entries 1 2

verifying interface configuration 1

IPv6-ACLs 1

iSCSI

sample IPsec configuration 1

L

logins

SSH 1

Telnet 1

M

MD5 authentication

IKE 1

IPsec 1

Message Authentication Code using AES. See AES-XCBC-MAC 1

Message Digest 5. See MD5 authentication 1

Microsoft Challenge Handshake Authentication Protocol. See MSCHAP 1

MSCHAP

description 1

N

network administrators

additional roles 1

permissions 1

network operators

permissions 1

O

Open UDP and TCP Ports on Cisco MDS 9000 Series Platforms 1

P

passwords

DHCHAP 1 2

encrypted 1

recovering (procedure) 1

strong characteristics 1

persistent domain ID

FICON VSANs 1

PKI

enrollment support 1

port security

activating 1

activation 1

activation rejection 1

adding authorized pairs 1

auto-learning 1

cleaning up databasesport security databases

cleaning up 1

compatibility with DHCHAP 1

configuration guidelines 1

configuring CFS distribution 1 2

copying databasesport security databases

copying 1

data scenariosport security databases

scenarios 1

database interactionsport security databases

interactions 1

database merge guidelinesport security databases

merge guidelines 1

deactivating 1

default settings 1 2

deleting databasesport security databases

deleting 1

disabling 1

displaying configuration 1 2

displaying configurationport security

displaying configuration 1 2

enabling 1

enforcement mechanisms 1

fabric binding comparison 1

forcing activation 1

license requirement 1

manual configuration guidelinesport security databases

manual configuration guidelines 1

unauthorized accesses preventedport security

preventing unauthorized accesses 1

WWN identification 1

port security auto-learning

description 1

device authorization 1

disabling 1

distributing configuration 1

enabling 1

guidelines for configuring with CFS 1

port security databases

displaying configuration 1 2

displaying violations 1

reactivating 1

PortChannels

compatibility with DHCHAP 1

preshared keys

RADIUS 1

TACACS+ 1

profiles

configuring 1

modifying 1

Public Key Infrastructure. See PKI 1

R

RADIUS

assigning host keys 1

CFS merge guidelines 1

clearing configuration distribution sessions 1

configuring Cisco ACS 1

configuring server groups 1

configuring server monitoring parameters 1

configuring test idle timer 1

configuring test user name 1

default settings 1

description 1

discarding configuration distribution changes 1 2

displaying configured parameters 1

enabling configuration distribution 1 2

sending test messages for monitoring 1

setting preshared keys 1

specifying server timeout 1

specifying servers 1 2

specifying time-out 1

starting a distribution session 1

role databases

clearing distribution sessions 1

committing changes to fabric 1

disabling distribution 1

discarding database changes 1

enabling distribution 1

viewing with Fabric Manager 1

roles

configuring 1

configuring rules 1

default permissions 1

default setting 1

displaying information 1

distributing configurations 1 2

modifying profiles 1

See also command roles[roles

zzz] 1

user profiles 1

roles database

displaying information 1

roles databases

description 1

locking in the fabric 1

merge guidelines 1

rsa key pairs

generating 1

RSA key-pairs

deleting 1

description 1

displaying configuration 1

exporting 1 2

generating 1

importing 1 2

rules

configuring 1

S

SAs

displaying for IKE 1

displaying global lifetime values 1

establishing between IPsec peers 1

global lifetime values 1

lifetime negotiations 1

refreshing 1

setting lifetime 1

security

accounting 1

managing on the switch 1

security associations. See SAs 1

security control

local 1

remote 1

remote AAA servers 1

server groups

configuring 1 2

SHA-1

IKE 1 2

SNMP

creating roles 1

mapping CLI operations 1

security features 1

SNMPv3

specifying cisco-av-pair 1

SSH

clearing hosts 1

default service 1

description 1 2

digital certificate authentication 1

displaying status 1

enabling 1

generating server key-pairs 1 2

logins 1

overwriting server key-pairs 1

protocol status 1

specifying keys 1 2

SSH clients

support on NX-OS devices 1

SSH key pairs

overwriting 1

SSH login attempts

configuring 1

SSH servers

key-pair support 1

support on NX-OS devices 1

switch security

default settings 1 2

sWWNs

configuring for fabric binding 1 2

T

TACACS+

CFS merge guidelines 1

clearing configuration distribution sessions 1

configuring Cisco ACS 1

configuring server groups 1

default settings 1

description 1

discarding configuration distribution changes 1 2

displaying information 1

enabling 1

enabling configuration distribution 1 2

global keys 1

sending test messages for monitoring 1

setting default server timeout 1

setting global secret keys 1

setting preshared key 1

setting server addresses 1 2

setting server monitoring parameters 1

setting timeout value 1

specifying server at login 1

validating 1

TCP ports

IPv4-ACLs 1

TE ports

fabric binding checking 1

Telnet

enabling 1

logins 1

Telnet servers

support on NX-OS devices 1

transform sets

configuring for IPsec 1

creating crypto map entries 1

description 1

Triple DES. See 3DEC encryption 1

trust points

creating 1

description 1

multiple 1

saving configuration across reboots 1

TrustSec FC Link Encryption 1

Best Practices 1

enabling 1

ESP Modes 1

ESP Settings 1

Information 1

Security Association Parameters 1

Security Associations 1

Supported Modules 1

Terminology 1

U

UDP ports

IPv4-ACLs 1

user accounts

configuring 1

configuring profiles 1

configuring roles 1

displaying information 1

password characteristics 1

user IDs

authentication 1

user profiles

role information 1

users

configuring 1

deleting 1

description 1

displaying account information 1

logging out other users 1

V

vendor-specific attributes. See VSAs 1

VSAN policies

default roles 1

licensingVSANs

configuring policies 1

modifying 1

VSANs

compatibility with DHCHAP 1

IP routing 1

policies 1

VSAs

communicating attributes 1

protocol options 1

W

WWNs

port security 1