CHAPTER 2
Overview
The Cisco NX-OS software supports security features that can protect your network against degradation or
failure and also against data loss or compromise resulting from intentional attacks and from unintended but
damaging mistakes by well-meaning network users.
•
Authentication, Authorization, and Accounting, page 3
•
RADIUS and TACACS+ Security Protocols, page 4
•
SSH and Telnet, page 4
•
SSH and Telnet, page 5
•
IP ACLs, page 5
Authentication, Authorization, and Accounting
Authentication, authorization, and accounting (AAA) is an architectural framework for configuring a set of
three independent security functions in a consistent, modular manner.
Authentication
Provides the method of identifying users, including login and password dialog, challenge and response,
messaging support, and, depending on the security protocol that you select, encryption. Authentication
is the way a user is identified prior to being allowed access to the network and network services. You
configure AAA authentication by defining a named list of authentication methods and then applying
that list to various interfaces.
Authorization
Provides the method for remote access control, including one-time authorization or authorization for
each service, per-user account list and profile, user group support, and support of IP, IPX, ARA, and
Telnet.
Remote security servers, such as RADIUS and TACACS+, authorize users for specific rights by
associating attribute-value (AV) pairs, which define those rights, with the appropriate user. AAA
authorization works by assembling a set of attributes that describe what the user is authorized to perform.
These attributes are compared with the information contained in a database for a given user, and the
result is returned to AAA to determine the user’s actual capabilities and restrictions.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
3
To Next Page
Loading...
Need help?
General
