Send documentation comments to mdsfeedback-doc@cisco.com.
7-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 7 Authentication in Fabric Manager
Fabric Manager Authentication Overview
Figure 7-1 shows an example configuration for these components.
Figure 7-1 Fabric Manager Authentication Example
Administrators launch Fabric Manager client and select the seed switch that is used to discover the
fabric. The username and password used are passed to Fabric Manager server and used to authenticate
to the seed switch. If this username and password are not a recognized SNMP username and password,
either Fabric Manager client or Fabric Manager server opens a CLI session to the switch (SSH or Telnet)
and retries the username/password pair. If the username and password are recognized by the switch in
either the local switch authentication database or through a remote AAA server, then the switch creates
a temporary SNMP username that is used by Fabric Manager client and server.
Note You may encounter a delay in authentication if you use a remote AAA server to authenticate Fabric
Manager or Device Manager.
Note You must allow CLI sessions to pass through any firewall that exists between Fabric Manager client and
Fabric Manager server. See the “Running Fabric Manager Behind a Firewall” section on page 1-12.
Note We recommend that you use the same password for the SNMPv3 username authentication and privacy
passwords as well as the matching CLI username password.
Fabric
Local database
AAA server
Fabric Manager Server
and Performance
Manager
Fabric Manager
Client
130715