Managing Switch Security Switch Security Overview
OmniSwitch AOS Release 6 Switch Management Guide July 2010 page 11-3
Switch Security Overview
Switch security features increase the security of the basic switch login process by allowing management
only through particular interfaces for users with particular privileges. Login information and privileges
may be stored on the switch and/or an external server, depending on the type of external server you are
using and how you configure switch access.
The illustration here shows the components of switch security:
An external RADIUS or LDAP server can supply both user login and authorization information. ACE/
Server can provide login information; user authorization information is available through the switch’s
local user database. External servers may also be used for accounting, which includes logging statistics
about user sessions. For information about configuring the switch to communicate with external servers,
see the “Managing Authentication Servers” chapter in the OmniSwitch AOS Release 6 Network Configura-
tion Guide.
If an external server is not available or is not configured, user login information and user authorization
may be provided through the local user database on the switch. The user database is described in
Chapter 10, “Managing Switch User Accounts.”
Logging may also be accomplished directly on the switch. For information about configuring local
logging for switch access, see “Configuring Accounting for ASA” on page 11-12. For complete details
about local logging, see the “Using Switch Logging” chapter in the OmniSwitch AOS Release 6 Network
Configuration Guide.
RADIUS, LDAP, or ACE
Server
OmniSwitch
End User
login request
Servers supply login infor-
mation about the user. User
privilege information is also
available on RADIUS and
LDAP servers.
Authenticated Switch Access Setup
management interface
local user
database
To Next Page
Loading...
