Preface

Preface

This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family NX-OS Security Configuration GuideSecurity Configuration Guide, Cisoc DCNM for SAN. It also provides information on how to obtain related documentation.

Audience

This guide is for experienced network administrators who are responsible for configuring and maintaining the Cisco MDS 9000 Family of multilayer directors and fabric switches.

Document Organization

This document is organized as follows:

Chapter
Title
Description

Chapter 1

Security Overview

Provides an overview of the security features supported by the Cisco MDS 9000 Family NX-OS software.

Chapter 2

Configuring FIPS

Describes the configuration guidelines for FIPS and also how to enable FIPS mode and how to conduct FIPS self-tests.

Chapter 3

Configuring Users and Common Role

Describes how to configure users and common roles.

Chapter 4

Configuring Security Features on an External AAA Server

Describes the AAA parameters, user profiles, and RADIUS authentication security options provided in all switches in the Cisco MDS 9000 Family and provides configuration information for these options.

Chapter 5

Configuring IPv4 and IPv6 Access Control Lists

Describes the IPv4 static routing feature and its use to route traffic between VSANs.

Chapter 6

Configuring Certificate Authorities and Digital Certificates

Describes how to interoperate with Certificate Authorities (CAs) and use digital certificates for secure, scalable communication.

Chapter 7

Configuring IPsec Network Security

Provides details on the digital certificates, IP Security Protocol (IPsec) open standards, and the Internet Key Exchange (IKE) protocol that it uses to handle protocol and algorithm negotiation.

Chapter 8

Configuring FC-SP and DHCHAP

Describes the DHCHAP protocol, an FC-SP protocol, that provides authentication between Cisco MDS 9000 Family switches and other devices.

Chapter 9

Configuring Port Security

Provides details on port security features that can prevent unauthorized access to a switch port in the Cisco MDS 9000 Family.

Chapter 10

Configuring Fabric Binding

Describes the fabric binding security feature for VSANs, which ensures that ISLs are only enabled between specific switches.

Chapter 11

Configuring Cisco TrustSec Fibre Channel Link Encryption

Describes how the switch allows IP hosts to access Fibre Channel storage using the iSCSI protocol.

This document is organized as folows:

Chapter
Title
Description

Chapter 1

Security Overview

Provides an overview of the security features supported by the Cisco MDS 9000 Family NX-OS software.

Chapter 2

Configuring FIPS

Describes the configuration guidelines for FIPS and also how to enable FIPS mode and how to conduct FIPS self-tests.

Chapter 3

Configuring Users and Common Role

Describes how to configure users and common roles.

Chapter 4

Configuring Security Features on an External AAA Server

Describes the AAA parameters, user profiles, and RADIUS authentication security options provided in all switches in the Cisco MDS 9000 Family and provides configuration information for these options.

Chapter 5

Configuring IPv4 and IPv6 Access Control Lists

Describes the IPv4 static routing feature and its use to route traffic between VSANs.

Chapter 6

Configuring Certificate Authorities and Digital Certificates

Describes how to interoperate with Certificate Authorities (CAs) and use digital certificates for secure, scalable communication.

Chapter 7

Configuring IPsec Network Security

Provides details on the digital certificates, IP Security Protocol (IPsec) open standards, and the Internet Key Exchange (IKE) protocol that it uses to handle protocol and algorithm negotiation.

Chapter 8

Configuring FC-SP and DHCHAP

Describes the DHCHAP protocol, an FC-SP protocol, that provides authentication between Cisco MDS 9000 Family switches and other devices.

Chapter 9

Configuring Port Security

Provides details on port security features that can prevent unauthorized access to a switch port in the Cisco MDS 9000 Family.

Chapter 10

Configuring Fabric Binding

Describes the fabric binding security feature for VSANs, which ensures that ISLs are only enabled between specific switches.

Chapter 11

Configuring Cisco TrustSec Fibre Channel Link Encryption

Describes how the switch allows IP hosts to access Fibre Channel storage using the iSCSI protocol.

Document Conventions

Command descriptions use these conventions:

boldface font

Commands and keywords are in boldface.

italic font

Arguments for which you supply values are in italics.

[ ]

Elements in square brackets are optional.

[ x | y | z ]

Optional alternative keywords are grouped in brackets and separated by vertical bars.

Screen examples use these conventions:

screen font

Terminal sessions and information the switch displays are in screen font.

boldface screen font

Information you must enter is in boldface screen font.

italic screen font

Arguments for which you supply values are in italic screen font.

< >

Nonprinting characters, such as passwords, are in angle brackets.

[ ]

Default responses to system prompts are in square brackets.

!, #

An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

This document uses the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Related Documentation

The documentation set for the Cisco MDS 9000 Family includes the following documents. To find a document online, use the Cisco MDS NX-OS Documentation Locator at:

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/roadmaps/doclocater.htm

Release Notes

  • Cisco MDS 9000 Family Release Notes for Cisco MDS NX-OS Releases
  • Cisco MDS 9000 Family Release Notes for MDS SAN-OS Releases
  • Cisco MDS 9000 Family Release Notes for Cisco MDS 9000 EPLD Images
  • Cisco DCNM Release Notes

Regulatory Compliance and Safety Information

  • Regulatory Compliance and Safety Information for the Cisco MDS 9000 Family

Compatibility Information

  • Cisco Data Center Interoperability Support Matrix
  • Cisco MDS 9000 NX-OS Hardware and Software Compatibility Information and Feature Lists
  • Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide

Hardware Installation

  • Cisco MDS 9500 Series Hardware Installation Guide
  • Cisco MDS 9200 Series Hardware Installation Guide
  • Cisco MDS 9100 Series Hardware Installation Guide
  • Cisco MDS 9124 and Cisco MDS 9134 Multilayer Fabric Switch Quick Start Guide

Software Installation and Upgrade

  • Cisco MDS 9000 NX-OS Software Upgrade and Downgrade Guide

Cisco NX-OS

  • Cisco MDS 9000 Family NX-OS Licensing Guide
  • Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide
  • Cisco MDS 9000 Family NX-OS System Management Configuration Guide
  • Cisco MDS 9000 Family NX-OS Interfaces Configuration Guide
  • Cisco MDS 9000 Family NX-OS Fabric Configuration Guide
  • Cisco MDS 9000 Family NX-OS Quality of Service Configuration Guide
  • Cisco MDS 9000 Family NX-OS Security Configuration Guide
  • Cisco MDS 9000 Family NX-OS IP Services Configuration Guide
  • Cisco MDS 9000 Family NX-OS Intelligent Storage Services Configuration Guide
  • Cisco MDS 9000 Family NX-OS High Availability and Redundancy Configuration Guide
  • Cisco MDS 9000 Family NX-OS Inter-VSAN Routing Configuration Guide
  • Cisco MDS 9000 Family Cookbook for Cisco MDS SAN-OS

Cisco DCNM

  • Cisco DCNM Fundamentals Guide, Release 6.x
  • Cisco DCNM Installation and Licensing Guide, Release 6.x

Cisco DCNM-SAN

  • System Management Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • Interfaces Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • Fabric Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • Quality of Service Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • Security Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • IP Services Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • Intelligent Storage Services Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • High Availability and Redundancy Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • Inter-VSAN Routing Configuration Guide, Cisco DCNM for SAN, Release 6.x
  • SMI-S and Web Services Programming Guide, Cisco DCNM for SAN, Release 6.x

Command-Line Interface

  • Cisco MDS 9000 Family Command Reference

Intelligent Storage Networking Services Configuration Guides

  • Cisco MDS 9000 Family I/O Acceleration Configuration Guide
  • Cisco MDS 9000 Family SANTap Deployment Guide
  • Cisco MDS 9000 Family Data Mobility Manager Configuration Guide
  • Cisco MDS 9000 Family Storage Media Encryption Configuration Guide

Troubleshooting and Reference

  • Cisco MDS 9000 Family and Nexus 7000 Series System Messages Reference
  • Cisco MDS 9000 Family SAN-OS Troubleshooting Guide
  • Cisco MDS 9000 Family NX-OS MIB Quick Reference
  • Cisco DCNM for SAN Database Schema Reference

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

  • Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.