Access to the Cisco Nexus 1000VE is accomplished by setting up user accounts that define the specific actions permitted by each user.
You can create up to 256 user accounts. For each user account, you define a role, user name, password, and expiration date.
Series of details
Download related information
User Accounts
Access to the Cisco Nexus 1000VE is accomplished by setting
up user accounts that define the specific actions permitted by each user. You
can create up to 256 user accounts. For each user account, you define a role,
user name, password, and expiration date.
Virtual Service Domain
A virtual service domain (VSD) allows you to classify and
separate traffic for network services, such as firewalls, traffic monitoring,
and those in support of compliance goals.
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) is an
architectural framework for configuring a set of three independent, consistent,
and modular security functions
Authentication—Provides the method of identifying users,
including login and password dialog, challenge and response, messaging
support, and, depending on the security protocol that you select,
encryption. Authentication is the way a user is identified prior to being
allowed access to the network and network services. You configure AAA
authentication by defining a named list of authentication methods and then
applying that list to various interfaces.
Authorization—Provides the method for remote access
control, including one-time authorization or authorization for each service,
per-user account list and profile, user group support, and support of IP,
IPX, ARA, and Telnet. Remote security servers, such as RADIUS and TACACS+,
authorize users for specific rights by associating attribute-value (AV)
pairs, which define those rights, with the appropriate user. AAA
authorization works by assembling a set of attributes that describe what the
user is authorized to perform. These attributes are compared with the
information contained in a database for a given user, and the result is
returned to AAA to determine the user’s actual capabilities and
restrictions.
Accounting—Provides the method for collecting and sending
security server information used for billing, auditing, and reporting, such
as user identities, start and stop times, executed commands (such as PPP),
number of packets, and number of bytes. Accounting enables you to track the
services that users are accessing, as well as the amount of network
resources that they are consuming.
TACACS+ Security Protocol
AAA establishes communication between your network access
server and your TACACS+ security server.
TACACS+ is a security application implemented through AAA
that provides a centralized validation of users who are attempting to gain
access to a router or network access server. TACACS+ services are maintained in
a database on a TACACS+ daemon that usually runs on a UNIX or Windows NT
workstation. TACACS+ provides separate and modular authentication,
authorization, and accounting facilities.
SSH
You can use the Secure Shell (SSH) server to enable an SSH
client to make a secure, encrypted connection to a device. SSH uses strong
encryption for authentication. The SSH server can operate with publicly and
commercially available SSH clients.
The SSH client works with publicly and commercially available
SSH servers.
Telnet
You can use the Telnet protocol to set up TCP/IP connections
to a host. Telnet allows a person at one site to establish a TCP connection to a
login server at another site and then passes the keystrokes from one device to
the other. Telnet can accept either an IP address or a domain name as the remote
device address.
Access Control Lists
IP ACLs
IP ACLs are ordered sets of rules that you can use to filter
traffic based on IPv4 information in the Layer 3 header of packets. Each rule
specifies a set of conditions that a packet must satisfy to match the rule. When
the Cisco NX-OS software determines that an IP ACL applies to a packet, it tests
the packet against the conditions of all rules. The first match determines
whether a packet is permitted or denied, or if there is no match, the Cisco
NX-OS software applies the applicable default rule. The Cisco NX-OS software
continues processing packets that are permitted and drops packets that are
denied.
Layer 3 Security
Layer 3 Security (L3Sec) is a framework that secures the
internal control plane communications (control and packet traffic) of the Cisco
Nexus 1000VE in a robust manner. Layer 3 Security mode is enabled by default.