Enterasys SecureStack B3

To Next Page

To Previous Page

SecureStack B3 Configuration Guide 20-1

Security Configuration

ThischapterdescribestheSecurityConf igurationsetofcommandsandhowtousethem.

Overview of Security Methods

Thefollowingsecuritymethodsareavailableforcontrollingwhichusersareallowedtoaccess,

monitor,andmanagetheswitch.

•Loginuseraccountsandpasswords–usedtologintotheCLIviaaTelnetconnectionorlocal

COMportconnection.Fordetails,referto“SettingUserAccountsandPasswords”

on

page 3‐1.

•HostAccessControlAuthentication(HACA)–authenticatesuseraccessofTelnet

management,consolelocalmanagementandWebViewviaacentralRADIUSClient/Server

application.WhenRADIUSisenabled,thisessentiallyoverridesloginuseraccounts.When

HACAisactiveperavalidRADIUSconfiguration,theusernamesandpasswordsused

to

accesstheswitchviaTelnet,SSH,WebView,andCOMportswillbevalidatedagainst the

configuredRADIUSserver.OnlyinthecaseofaRADIUStimeoutwillthosecredentialsbe

comparedagainstcredentialslocallyconfiguredontheswitch.

Fordetails,referto

“ConfiguringRADIUS”onpage 20‐3.

•SNMPuserorcommunitynames–allowsaccesstotheSecureStackB3switchviaanetwork

SNMPmanagementapplication.Toaccesstheswitch,youmustenteranSNMPuseror

communitynamestring.Thelevelofmanagementaccessisdependenton

theassociated

accesspolicy.Fordetails,refertoChapter 6.

• 802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthentication

Protocol)–providesamechanismviaaRADIUSserverforadministratorstosecurely

authenticateandgrantappropriateaccesstoenduserdevicescommunicatingwith

For information about... Refer to page...

Overview of Security Methods 20-1

Configuring RADIUS 20-3

Configuring 802.1X Authentication 20-9

Configuring MAC Authentication 20-19

Configuring Multiple Authentication Methods 20-30

Configuring VLAN Authorization (RFC 3580) 20-41

Configuring MAC Locking 20-46

Configuring Port Web Authentication (PWA) 20-57

Configuring Secure Shell (SSH) 20-69

Related product manuals