Version 7.2 87 Mediant 800B Gateway & E-SBC
User's Manual 6. Web-Based Management
3. From the 'Secured Web Connection (HTTPS)' drop-down list, select HTTPS Only.
4. To enable two-way authentication whereby both management client and server are
authenticated using X.509 certificates, from the 'Require Client Certificates for HTTPS
connection' drop-down list, select Enable.
5. In the 'HTTPS Cipher String' field, enter the cipher string for HTTPS (in OpenSSL
cipher list format).
6. Click Apply, and then reset the device with a save-to-flash for your settings to take
effect.
For more information on secure Web-based management including TLS certificates, see
'TLS for Remote Device Management' on page 126.
6.10 Web Login Authentication using Smart Cards
You can enable Web login authentication using certificates from a third-party, common
access card (CAC) with user identification. When a user attempts to access the device
through the Web browser (HTTPS), the device retrieves the Web user’s login username
(and other information, if required) from the CAC. The user attempting to access the device
is only required to provide the login password. Typically, a TLS connection is established
between the CAC and the device’s Web interface, and a RADIUS server is implemented to
authenticate the password with the username. Therefore, this feature implements a two-
factor authentication - what the user has (i.e., the physical card) and what the user knows
(i.e., the login password).
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter.
Note: For specific integration requirements for implementing a third-party smart card
for Web login authentication, contact your AudioCodes representative.
To log in to the Web interface using CAC:
1. Insert the Common Access Card into the card reader.
2. Access the device using the following URL: https://<host name or IP address>; the
device prompts for a username and password.
3. Enter the password only. As some browsers require that the username be provided,
it’s recommended to enter the username with an arbitrary value.
6.11 Configuring Web and Telnet Access List
The Access List table lets you restrict access to the device's management interfaces (Web,
Telnet and SSH) by specifying IP addresses (up to ten) of management clients that are
permitted to access the device. Access to the device's management interfaces from
undefined IP addresses is denied. If you don't specify any IP addresses, this security
feature is inactive and the device can be accessed from any IP address.
The following procedure describes how to configure the Access List through the Web
interface. You can also configure it through ini file (WebAccessList_x).
To Next Page
Loading...
