170 Controlling Management Access
For information about port-based access, 802.1X, and the Internal
Authentication Server (IAS), see "Configuring 802.1X and Port-Based
Security" on page 505.
Table 9-1. Management Security Features
Management Security
Feature
Description
Management Access
Control List (ACL)
Contains rules to apply to one or more in-band ports, LAGs,
or VLANs to limit management access by method (for
example, Telnet or HTTP) and/or source IP address.
NOTE: Management ACLs cannot be applied to the OOB port.
Authentication
Profiles
Controls the authentication method(s) to use to validate
switch management access for the users associated with the
list.
Local User Database Maintains a list of users who are allowed to access the switch
management interface. The database contains a username
with an associated password and security level. The
supported security levels are Read-Write (15), Read Only (1),
and Suspended (0).
Password management
features
Includes settings such as minimum password length,
password aging, password reuse rules, password strength
criteria, and number of login attempts allowed.
Line and Enable
passwords
Passwords to allow only authorized users to access the switch
through the CLI interface (console, Telnet, and SSH) and to
enter Privileged Exec mode from User Exec mode.
TACACS+ Configure the switch to use a remote TACACS+ server to
authenticate users.
RADIUS Configure information about one or more remote RADIUS
servers to use for authentication, authorization, and
accounting.
Telnet Allow or prevent access to the switch by using Telnet and
specify the port to use.
DoS Protect the switch from various DoS attacks that can prevent
the control plane (which includes management access) from
functioning.
To Next Page
Loading...
