User's Manual 82 Document #: LTRT-27055
Mediant 1000B Gateway & E-SBC
6.10 Web Login Authentication using Smart Cards
You can enable Web login authentication using certificates from a third-party, common
access card (CAC) with user identification. When a user attempts to access the device
through the Web browser (HTTPS), the device retrieves the Web user’s login username
(and other information, if required) from the CAC. The user attempting to access the device
is only required to provide the login password. Typically, a TLS connection is established
between the CAC and the device’s Web interface, and a RADIUS server is implemented to
authenticate the password with the username. Therefore, this feature implements a two-
factor authentication - what the user has (i.e., the physical card) and what the user knows
(i.e., the login password).
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter.
Note: For specific integration requirements for implementing a third-party smart card
for Web login authentication, contact your AudioCodes representative.
To log in to the Web interface using CAC:
1. Insert the Common Access Card into the card reader.
2. Access the device using the following URL: https://<host name or IP address>; the
device prompts for a username and password.
3. Enter the password only. As some browsers require that the username be provided,
it’s recommended to enter the username with an arbitrary value.
6.11 Configuring Web and Telnet Access List
The Access List table lets you restrict access to the device's management interfaces (Web,
Telnet and SSH) by specifying IP addresses (up to ten) of management clients that are
permitted to access the device. Access to the device's management interfaces from
undefined IP addresses is denied. If you don't specify any IP addresses, this security
feature is inactive and the device can be accessed from any IP address.
The following procedure describes how to configure the Access List through the Web
interface. You can also configure it through ini file (WebAccessList_x).
Note:
• Configure the IP address of the computer from which you are currently logged into
the device as the first authorized IP address in the Access List. If you configure
any other IP address, access from your computer will be immediately denied.
• If you configure network firewall rules in the Firewall table (see ''Configuring
Firewall Rules'' on page 171), you must configure a firewall rule that permits traffic
from IP addresses configured in the Access List table.
To Next Page
Loading...
