This chapter covers the security aspects of the Catalyst 9800 controller. The biggest aspect revolves around AAA, which is either locally handled by the controller or delegated to an external RADIUS or TACACS server. Security also consists of ACLs to restrict the traffic that clients can pass or to protect the controller management plane from undesired access. Encrypted Traffic Analytics, rogue detection and WIPS, and Cisco Umbrella are other security components that can help secure your overall solution. Security happens at every layer of the OSI model and is an all-encompassing topic.