Foundry Switch and Router Installation and Configuration Guide
8 - 10 December 2000
IronView can be installed on all of the following platforms:
• HP OpenView
for Solaris
• HP OpenView for HP-UX
• HP OpenView for Windows NT
• Windows NT for PCs
The chassis display, options, and menus in IronView are similar to those in the Web management interface.
Foundry switches and routers come standard with an SNMP agent and support Management Information Base
(MIB) II with a MIB extension for ports, Spanning Tree, and forward stations.
Multiple Levels of Access Control
Foundry switches and routers provide multiple levels of access to allow system administrators complete
configuration control while protecting the system from unauthorized changes.
CLI Access
Three levels of password protection offer a range of access points for various users within the network. The three
levels are:
• Super user – This setting allows a user unlimited access to all levels of the CLI. This level is generally
reserved for system administrators within the network. The super user is also the only one who can assign a
password access level to another user.
• Configure port – This level allows a user to configure interface parameters only and to view any show
command displays.
• Read only – A user at this password level will only be able to view show command displays within the CLI.
No configuration is allowed at this password level.
Web Management Interface Access
By default, access through the Web management interface is controlled by passwords associated with the “get”
(read-only) and “set” (read-write) SNMP community strings. The default password for “get” is “public”. There is
not default password for “set”. You can configure SNMP community strings using CLI commands. See
“Establishing SNMP Community Strings” on page 3-14. You also can use locally configured user names and
passwords to control access through the Web management interface. See “Local Access Control” on page 8-10.
IronView Access
By default, IronView access is controlled by the CLI Enable password. If you have not configured an Enable
password, IronView allows you to access the device without a user name or password. You also can use locally
configured user names and passwords to control access through IronView. See “Local Access Control” on
page 8-10.
Local Access Control
You can configure up to 16 user names and passwords to control access to a Foundry Layer 2 Switch or Layer 3
Switch. The passwords and user names can be used for accessing devices using the CLI, the Web management
interface, and IronView. For each management platform, you configure an authentication-method list that
specifies sources the device can consult to authenticate an access attempt and the order in which to consult the
sources. For example, you can configure an authentication-method list to authenticate CLI management access
based on a local access list first (user names and passwords you have configured), then a RADIUS server, then
the enable passwords.
See “Setting Up Local User Accounts” on page 3-12 and “Configuring Authentication-Method Lists” on page 3-47.
TACACS and TACACS+ Security
You can secure CLI access to the switch or router by configuring the device to consult a Terminal Access
Controller Access Control System (TACACS) or TACACS+ server to authenticate user names and passwords.
See “Configuring TACACS/TACACS+ Security” on page 3-18.
To Next Page
Loading...
Need help?
General
