172 Controlling Management Access
• Console—Authenticates access through the console port (CLI only).
• Telnet—Authenticates users accessing the CLI by using a Telnet or SSH
client.
• Secure HTTP—Authenticates users accessing OpenManage Switch
Administrator by using an HTTPS connection.
• HTTP—Authenticates users accessing OpenManage Switch
Administrator by using an HTTP connection.
• DOT1X—Authenticates hosts connecting through the in-band switch
ports. This access type is for network authentication and not management
interface authentication.
The switch has three preconfigured authentication profiles. For information
about these profiles, see "Default Management Security Values" on page 178.
How Does TACACS+ Control Management Access?
TACACS+ (Terminal Access Controller Access Control System) provides
access control for networked devices via one or more centralized servers.
TACACS+ simplifies authentication by making use of a single database that
can be shared by many clients on a large network. TACACS+ uses TCP to
ensure reliable delivery and a shared key configured on the client and daemon
server to encrypt all messages.
If you configure TACACS+ as the authentication method for user login and a
user attempts to access the user interface on the switch, the switch prompts
for the user login credentials and requests services from the TACACS+
client. The client then uses the configured list of servers for authentication,
and provides results back to the switch.
Figure 9-1 shows an example of access management using TACACS+.
NOTE: For information about port-based authentication, see "Configuring 802.1X
and Port-Based Security" on page 505.
To Next Page
Loading...
