To help ensure the security and integrity of data, it is important to control access to switches that are on the network. Several tools are available to assist network administrators in this area. RADIUS, TACACS+, local authentication, and VTY ACLs are used to authenticate users and control various levels of access to devices.
When accessing the CLI over the in-band or OOB management interfaces, it is a security best practice to use SSH and to leave Telnet disabled. Information (including passwords) is encrypted when sent over SSH, and in plain text when sent over telnet. SSH therefore provides greater data security and integrity over unsecured networks.