- Title
- New and Changed Information
- Preface
- Overview
- Configuring FIPS
- Configuring Users and Common Roles
- Configuring Security Features on an External AAA Server
- Configuring IPv4 and IPv6 Access Control Lists
- Configuring Certificate Authorities and Digital Certificates
- Configuring IPSec Network Security
- Configuring FC-SP and DHCHAP
- Configuring Port Security
- Configuring Fibre Channel Common Transport Management Security
- Configuring Fabric Binding
- Configuring Cisco TrustSec Fibre Channel Link Encryption
Preface
This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family NX-OS Security Configuration Guide. It also provides information on how to obtain related documentation.
Audience
This guide is for experienced network administrators who are responsible for configuring and maintaining the Cisco MDS 9000 Family of multilayer directors and fabric switches.
Document Organization
This document is organized as follows:
|
|
|
|
|---|---|---|
Provides an overview of the security features supported by the Cisco MDS 9000 Family NX-OS software. |
||
Describes the configuration guidelines for FIPS and also how to enable FIPS mode and how to conduct FIPS self-tests. |
||
Describes the AAA parameters, user profiles, and RADIUS authentication security options provided in all switches in the Cisco MDS 9000 Family and provides configuration information for these options. |
||
Describes the IPv4 static routing feature and its use to route traffic between VSANs. |
||
Configuring Certificate Authorities and Digital Certificates |
|
|
Provides details on the digital certificates, IP Security Protocol (IPsec) open standards, and the Internet Key Exchange (IKE) protocol that it uses to handle protocol and algorithm negotiation. |
||
Describes the DHCHAP protocol, an FC-SP protocol, that provides authentication between Cisco MDS 9000 Family switches and other devices. |
||
Provides details on port security features that can prevent unauthorized access to a switch port in the Cisco MDS 9000 Family. |
||
Configuring Fibre Channel Common Transport Management Security |
Provides details on how to configure the Fire Channel Transport Management server query so that only a network administrator can send queries to a switch and access information. |
|
Describes the fabric binding security feature for VSANs, which ensures that ISLs are only enabled between specific switches. |
||
Describes how the switch allows IP hosts to access Fibre Channel storage using the iSCSI protocol. |
|
|
|
|
|---|
Document Conventions
Command descriptions use these conventions:
Optional alternative keywords are grouped in brackets and separated by vertical bars. |
Screen examples use these conventions:
This document uses the following conventions:
Note
Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.
Means
reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Related Documentation
The documentation set for the Cisco MDS 9000 Family includes the following documents. To find a document online, use the Cisco MDS NX-OS Documentation Locator at:
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/roadmaps/doclocater.html
Release Notes
- Cisco MDS 9000 Family Release Notes for Cisco MDS NX-OS Releases
- Cisco MDS 9000 Family Release Notes for MDS SAN-OS Releases
- Cisco MDS 9000 Family Release Notes for Storage Services Interface Images
- Cisco MDS 9000 Family Release Notes for Cisco MDS 9000 EPLD Images
- Release Notes for Cisco MDS 9000 Family Fabric Manager
Regulatory Compliance and Safety Information
Compatibility Information
- Cisco Data Center Interoperability Support Matrix
- Cisco MDS 9000 NX-OS Hardware and Software Compatibility Information and Feature Lists
- Cisco MDS NX-OS Release Compatibility Matrix for Storage Service Interface Images
- Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide
- Cisco MDS NX-OS Release Compatibility Matrix for IBM SAN Volume Controller Software for Cisco MDS 9000
- Cisco MDS SAN-OS Release Compatibility Matrix for VERITAS Storage Foundation for Networks Software
Hardware Installation
- Cisco MDS 9710 Series Hardware Installation Guide
- Cisco MDS 9500 Series Hardware Installation Guide
- Cisco MDS 9250i Series Hardware Installation Guide
- Cisco MDS 9200 Series Hardware Installation Guide
- Cisco MDS 9100 Series Hardware Installation Guide
- Cisco MDS 9148S Series Hardware Installation Guide
- Cisco MDS 9148S Multilayer Fabric Switch Quick Start Guide
- Cisco MDS 9124 and Cisco MDS 9134 Multilayer Fabric Switch Quick Start Guide
Software Installation and Upgrade
Cisco NX-OS
- Cisco MDS 9000 Family NX-OS Licensing Guide
- Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide
- Cisco MDS 9000 Family NX-OS System Management Configuration Guide
- Cisco MDS 9000 Family NX-OS Interfaces Configuration Guide
- Cisco MDS 9000 Family NX-OS Fabric Configuration Guide
- Cisco MDS 9000 Family NX-OS Quality of Service Configuration Guide
- Cisco MDS 9000 Family NX-OS Security Configuration Guide
- Cisco MDS 9000 Family NX-OS IP Services Configuration Guide
- Cisco MDS 9000 Family NX-OS Intelligent Storage Services Configuration Guide
- Cisco MDS 9000 Family NX-OS High Availability and Redundancy Configuration Guide
- Cisco MDS 9000 Family NX-OS Inter-VSAN Routing Configuration Guide
Cisco Fabric Manager
- Cisco Fabric Manager Fundamentals Configuration Guide
- Cisco Fabric Manager System Management Configuration Guide
- Cisco Fabric Manager Interfaces Configuration Guide
- Cisco Fabric Manager Fabric Configuration Guide
- Cisco Fabric Manager Quality of Service Configuration Guide
- Cisco Fabric Manager Security Configuration Guide
- Cisco Fabric Manager IP Services Configuration Guide
- Cisco Fabric Manager Intelligent Storage Services Configuration Guide
- Cisco Fabric Manager High Availability and Redundancy Configuration Guide
- Cisco Fabric Manager Inter-VSAN Routing Configuration Guide
- Cisco Fabric Manager Online Help
- Cisco Fabric Manager Web Services Online Help
Command-Line Interface
Intelligent Storage Networking Services Configuration Guides
- Cisco MDS 9000 I/O Acceleration Configuration Guide
- Cisco MDS 9000 Family SANTap Deployment Guide
- Cisco MDS 9000 Family Data Mobility Manager Configuration Guide
- Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
- Cisco MDS 9000 Family Secure Erase Configuration Guide
- Cisco MDS 9000 Family Cookbook for Cisco MDS SAN-OS
Troubleshooting and Reference
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
Feedback