A
3 – Planning Fabric Security
3.7.4
Device Security
NOTE: You must install the Fabric Security license key to configure and activate device security and RADIUS servers. If you are upgrading your switch firmware to version 6.7 from version 5.x, you are granted a
Device security provides for the authorization and authentication of devices that you attach to a switch. You can configure a switch with a group of devices against which the switch authorizes new attachments by devices, other switches, or devices issuing management server commands. Device security is configured through the use of security sets and groups.
A group is a list of device worldwide names that are authorized to attach to a switch. There are three types of groups: one for other switches (ISL), another for devices (port), and a third for devices issuing management server commands (MS).
A security set is a set of up to three groups with no more than one of each group type. The security configuration is made up of all security sets on the switch. The security database has the following limits:
Maximum number of security sets is 4.
Maximum number of groups is 16.
Maximum number of members in a group is 1000.
Maximum total number of group members is 1000.
In addition to authorization, the switch can be configured to require authentication to validate the identity of the connecting switch, device, or host. Authentication can be performed locally using the switch’s security database, or remotely using a Remote
You can configure the RADIUS server to authenticate just the switch or both the switch and the initiator device if the device supports authentication. When using a RADIUS server, every switch in the fabric must have a network connection. A RADIUS server can also be configured to authenticate user accounts as described in “User Account Security” on page
