Enterasys D-Series CLI Reference 17-1
17
Security Configuration
ThischapterdescribestheSecurityConf igurationsetofcommandsandhowtousethem.
Overview of Security Methods
Thefollowingsecuritymethodsareavailableforcontrollingwhichusersareallowe d toaccess,
monitor,andmanagethe switch.
•Loginuseraccountsandpasswords–usedtologintotheCLIviaaTelnetconnectionorlocal
COMportconnection.Fordetails,referto“SettingUserAccountsandPasswords”
on
page 3‐2.
•HostAccessControlAuthentication(HACA)–a uthenti catesuseraccessofTelnet
management,consolelocalmanagementandWebViewviaacentralRADIUSClient/Server
application.WhenRADIUSisenabled,thisessentiallyoverridesloginuseraccounts.When
HACAisactiveperavalidRADIUSconfiguration,theusernamesandpasswordsused
to
accesstheswitchviaTelnet,SSH,WebView,andCOMportswillbevalidatedagainstthe
configuredRADIUSserver.OnlyinthecaseofaRADIUStimeoutwillthosecredentialsbe
comparedagainstcredentialslocallyconfiguredontheswitch.
Fordetails,referto
“ConfiguringRADIUS”onpage 17‐3.
•SNMPuserorcommunitynames–allowsaccesstotheD‐SeriesswitchviaanetworkSNMP
managementapplication.Toaccesstheswitch,youmustenteranSNMPuserorcommunity
namestring.Thelevelofmanagementaccessisdependenton
theassociatedaccesspolicy.For
details,refertoChapter 7 .
• 802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthenticationProtocol)
–providesamechanismviaaRADIUSserverforadministratorstosecurelyauthenticateand
grantappropriateaccesstoenduserdevicescommunicatingwithD‐Seriesports.Fordetails
For information about... Refer to page...
Overview of Security Methods 17-1
Configuring RADIUS 17-3
Configuring 802.1X Authentication 17-11
Configuring MAC Authentication 17-21
Configuring Multiple Authentication Methods 17-33
Configuring VLAN Authorization (RFC 3580) 17-45
Configuring MAC Locking 17-51
Configuring Port Web Authentication (PWA) 17-62
Configuring Secure Shell (SSH) 17-74
To Next Page
Loading...
Need help?
General