Overview
The Cisco NX-OS software supports security features that can protect your network against degradation or
failure and also against data loss or compromise resulting from intentional attacks and from unintended but
damaging mistakes by well-meaning network users.
•
•
•
•
Authentication, Authorization, and Accounting
Authentication, authorization, and accounting (AAA) is an architectural framework for configuring a set of
three independent security functions in a consistent, modular manner.
Authentication
Authorization
Accounting
OL-20919-01
Authentication, Authorization, and Accounting, page 3
RADIUS and TACACS+ Security Protocols, page 4
SSH and Telnet, page 4
IP ACLs, page 5
Provides the method of identifying users, including login and password dialog, challenge
and response, messaging support, and, depending on the security protocol that you select,
encryption. Authentication is the way a user is identified prior to being allowed access to
the network and network services. You configure AAA authentication by defining a named
list of authentication methods and then applying that list to various interfaces.
Provides the method for remote access control, including one-time authorization or
authorization for each service, per-user account list and profile, user group support, and
support of IP, IPX, ARA, and Telnet.
Remote security servers, such as RADIUS and TACACS+, authorize users for specific rights
by associating attribute-value (AV) pairs, which define those rights, with the appropriate
user. AAA authorization works by assembling a set of attributes that describe what the user
is authorized to perform. These attributes are compared with the information contained in
a database for a given user, and the result is returned to AAA to determine the user's actual
capabilities and restrictions.
Provides the method for collecting and sending security server information used for billing,
auditing, and reporting, such as user identities, start and stop times, executed commands
(such as PPP), number of packets, and number of bytes. Accounting enables you to track
C H A P T E R
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
2
3