Send documentation comments to mdsfeedback-doc@cisco.com.
C-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Appendix C Managing Cisco FabricWare
Security
You can use the Fabric Manager zone configuration tool to manage zone sets, zones, and zone
membership for switches running Cisco FabricWare. Cisco FabricWare supports zone membership by
pWWN. See the “Configuring a Zone” section on page 15-5.
Security
Cisco FabricWare supports the following security features:
•RADIUS
•SSH
•User-based roles
•IP access control lists
Cisco FabricWare can use the RADIUS protocol to communicate with remote AAA servers. RADIUS is
a distributed client/server protocol that secures networks against unauthorized access. In the Cisco
implementation, RADIUS clients run on Cisco MDS 9000 Family switches and send authentication
requests to a central RADIUS server that contains all user authentication and network service access
information.
You can access the CLI using the console (serial connection), Telnet, or Secure Shell (SSH). For each
management path (console or Telnet and SSH), you can configure one or more of the following security
control options: local, remote (RADIUS), or none.
If you are using SSH, you need to remove “-h $host -u $user” from the SSH path.
To modify the SSH preferences, follow these steps:
Step 1 In Fabric Manager, choose File > Preferences. In Device Manager, choose Device > Preferences. You
see the preferences dialog box.
Step 2 Check the Use Secure Shell instead of Telnet check box.
Step 3 Remove the following text from the SSH path:
-h $host -u $user
Step 4 Click Apply to save this change.
Using local or RADIUS authentication, you can configure the roles that each authenticated user receives
when they access the switch. Cisco FabricWare supports two fixed roles: network administrator and
network operator.
IP access lists (IP-ACLs) control management traffic over IP by regulating the traffic types that are
allowed or denied to the switch. IP-ACLs can only be configured for the mgmt0 port.
Fabric Manager server uses SNMPv1 and SNMPv2 to communicate with Cisco FabricWare.
Events
You can monitor fabric and switch status for Cisco FabricWare switches through either a syslog server
or an SNMP trap receiver.