Administrators Guide (Supporting Fabric OS v7.3.0) Manual
Configuring Standard Security Features
● User-defined accounts.................................................................................................. 197
● User-defined roles.........................................................................................................206
● Access control list policy configuration..........................................................................209
● Fabric-Wide Consistency Policy configuration.............................................................. 212
● Authentication policy configuration................................................................................213
● SNMP configuration...................................................................................................... 215
● RADIUS management...................................................................................................217
● Active Directory service management...........................................................................220
● TACACS+ management................................................................................................221
● IPsec concepts..............................................................................................................223
● IPsec over management ports...................................................................................... 228
● Establishing authentication policies for HBAs............................................................... 233
User-defined accounts
In addition to the default accounts--root, factory, admin, and user--Fabric OS v7.0.0 and later support up
to 256 user-defined accounts in each logical switch (domain). These accounts expand your ability to
track account access and audit administrative activities.
When the Virtual Fabrics capability is enabled, each user-defined account is associated with the
following:
• Virtual Fabric ID--Specifies the accessible Virtual Fabrics for a user account.
• Home Virtual Fabric--Specifies the default Virtual Fabric for a user account.
• Role--Determines functional access levels within the Virtual Fabric.
When the Admin Domain capability is enabled, each user-defined account is associated with the
following:
• Admin Domain list--Specifies the accessible Admin Domains for a user account.
• Home Admin Domain--Specifies the default Admin Domain for a user account. The home Admin
Domain must be a member of the user’s Admin Domain list.
• Role--Determines functional access levels within the bounds of the user’s current Admin Domain.
NOTE
Virtual Fabrics and Admin Domains are mutually exclusive.
Access rights for any user session are determined by the user’s role-based access rights. Refer to
Introducing Web Tools on page 19 for additional information about Role-Based Access Control (RBAC).
The User tab of the Switch Administration window (Figure 38 on page 199) displays account
information. You can create and manage accounts depending on your role. The roles and permissions
are listed in the following table.
Web Tools Administrator's Guide
197
53-1003169-01