3 – Planning
Fabric Security
3-18 59096-04 A
S
Authentication of the user account and password can be performed locally using
the switch’s user account database or it can be done remotely using a RADIUS
server such as Microsoft® RADIUS. Authenticating user logins on a RADIUS
server requires a secure management connection to the switch. Refer to
“Connection Security” on page 3-17 for information about securing the
management connection. A RADIUS server can also be used to authenticate
devices and other switches as described in “Device Security” on page 3-19.
Consider your management needs and determine the number of user accounts,
their authority needs, and expiration dates. Also consider the advantages of
centralizing user administration and authentication on a RADIUS server.
3.7.3
Port Binding
Port binding provides authorization for a list of up to 32 switch and device WWNs
that are permitted to log in to a particular switch port. Switches or devices that are
not among the 32 are refused access to the port. Consider what ports to secure
and the set of switches and devices that are permitted to log in to those ports.
NOTE: If the same user account exists on a switch and its RADIUS server,
that user can login with either password, but the authority and account
expiration will always come from the switch database.