The components of security are:
* User authentication
* Inter-Switch Link security
* Inband management
User Authentication
User authentication means that the switch validates your account name and password when you attempt to add a fabric in SANbox Manager or to log in to a switch through Telnet. Your system administrator defines account names, passwords, and authority levels.
When logging in to a switch through Telnet, you must enter an account name and password to access the switch. SANbox Manager, however, does not require an account name and password to add a fabric unless fabric security is enabled. The switch comes from the factory with fabric security disabled. Fabric security is controlled by the SecurityEnabled parameter which is set by the Set Setup System command. Fabric security must be configured the same for all switches in the fabric.
When you add a fabric and fabric security is disabled, SANbox Manager ignores the account name and password entries and logs you in using the default account name and password (admin, password). This account name possesses Admin authority which grants full access to all tasks of the SANbox Manager menu system. If fabric security is enabled, you must enter an account name and password. The switch validates your account name and SANbox Manager grants access to its menus according to your authority level. If you do not have Admin authority, you are limited to monitoring tasks.
Switch |
System Privilege Levels |
SANbox with E_Ports |
user, superuser, admin |
SANbox2 |
user, admin |
SANbox2-64 |
user, admin |
Inter-Switch Link Security
Inter-Switch Link security pertains to whether the switches in the fabric are configured to permit access to each switch in that fabric. Inter-Switch Link security enables inter-switch links with FC-SW-2 compliant switches, SANbox2 switches only, or none regardless of switch type. ISL security should be thought of as the parameter with Any, Ours and None being the values. The three ISLSecurity parameters are:
* Any - we will link with any FC-SW-2 compliant switch
* Ours - we will only link to another SANbox2 switch
* None - the port will not establish an ISL link
Note: ISL security can only be configured using the Set Config Port Command in the command line interface.
Inband Management
Inband management is the ability to manage switches across inter-switch links using SANbox Manager, SNMP, IPFC, management server, or the application programming interface. The switch comes from the factory with inband management enabled. If you disable inband management on a particular switch, you can no longer communicate with that switch by means other than a direct Ethernet or serial connection.
To enable Inband Management using SANbox Manager, check the Enable radio button on the Switch Properties dialog. To enable Inband Management using the command line interface, set the InbandEnabled parameter to True in the Set Config Switch command.